scottnuma
commented
3 years ago - Currently we pin the jekyll version to 3.8
- Change to allow any version of Jekyll after 3.8.6
- This allows GitHub's security bot to create commits for us that update dependencies that have security vulnerabilities
- Developers will have to update their jekyll if they want to match the website, but this was the case in any scenario where we patched security vulnerabilities