reid-a
commented
3 years ago Concur that this is a good fix, well-focused and appropriate.
Closed tkphd closed 3 years ago
reid-a
commented
3 years ago Concur that this is a good fix, well-focused and appropriate.
tkphd
commented
3 years ago I'll take that as a review.
ocaisa
commented
3 years ago The Gemfile was required by what we use to deploy the site, but that should be fixed by bumping the Action version
Least-invasive fix of the Krandown vulnerability is to un-track Gemfile.lock, which is built from scratch when Ruby parses the Gemfile. Let the GitHub gems define their dependency versions.