Closed mariuszhermansdorfer closed 2 years ago
Should be fixed now, although it's difficult to verify without seeing the alerts. Let me know if you are still getting them!
Thanks. Everything is up to date now.
It turns out, that my previous reaction was a bit premature. Here are the security issues I can still see:
I think these issues might be best left as a wontfix. The dependencies here are all 2nd or 3rd order, stemming from the github-pages
gem and the version of Jekyll required to use Github pages. So, updates are going to be constrained at which those evolve.
The 'vulnerability' here isn't really worth worrying about either as the actual dynamic parts of Jekyll are just used during builds - what Github serves up is just the static html files. If it's too annoying I could shift things over to Cloudflare Pages which would enable us to control dependency versions more precisely.
Thanks for looking into this. Let's leave it as is, if it's too much effort to solve.
I'm getting some depandabot alerts about security vulnerabilities which can't be automatically resolved because of old dependencies. @philipbelesky could you please check whether we can update Jekyll to get this fixed?