Closed DilumAluthge closed 6 years ago
The Jekyll environment used to build documentation has nothing to do with the Julia package itself
I agree, the Jekyll environment is not part of the Julia package. But it is still part of this GitHub repo.
There is no vulnerability in the Julia package. But if anyone clones this GitHub repo and builds the docs locally, they are still susceptible.
On Sat, Oct 6, 2018 at 08:06 Randy Zwitch notifications@github.com wrote:
The Jekyll environment used to build documentation has nothing to do with the Julia package itself
— You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/randyzwitch/ECharts.jl/issues/67#issuecomment-427568722, or mute the thread https://github.com/notifications/unsubscribe-auth/AFXAreDIcgAIvzEVyvNBTAp4aHvsm8BZks5uiJzTgaJpZM4XLIAH .
There are three known security vulnerabilities in JavaScript dependencies specified in this repository:
docs/Gemfile.lock specifies ffi version 1.9.21. There is a known vulnerability in this version: CVE-2018-1000201. The recommendation is to upgrade to ffi version 1.9.24.
docs/Gemfile.lock specifies rubyzip version 1.2.1. There is a known vulnerability in this version: CVE-2018-1000544. The recommendation is to upgrade to rubyzip version 1.2.2.
docs/Gemfile.lock specifies jekyll version 3.6.2. There is a known vulnerability in this version: CVE-2018-17567. The recommendation is to upgrade to jekyll version 3.6.3.
Can we update
Gemfile.lock
to specify appropriately recent versions of these dependencies?cc: @randyzwitch