From f8ada22fe8f6c7c54a3cc2d3bbd3a14bbac25014 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 17 Jul 2024 08:56:22 +0000 Subject: [PATCH 1/2] fix: Gemfile & Gemfile.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-RUBY-REXML-7462086 --- Gemfile | 2 +- Gemfile.lock | 52 ++++++++++++++++++++++++++++------------------------ 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/Gemfile b/Gemfile index 0986bf5..9d146cd 100644 --- a/Gemfile +++ b/Gemfile @@ -8,7 +8,7 @@ ruby RUBY_VERSION # bundle exec jekyll serve # -gem "jekyll", "4.2.2" +gem "jekyll", "4.3.0" # Fix development command "jekyll serve" # Can be removed when upgrading to Jekyll 4.3 diff --git a/Gemfile.lock b/Gemfile.lock index 8e1634a..549d7b2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,41 +1,43 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.6) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) colorator (1.1.0) - concurrent-ruby (1.2.3) + concurrent-ruby (1.3.3) em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) eventmachine (1.2.7) - ffi (1.16.3) + ffi (1.17.0) forwardable-extended (2.6.0) + google-protobuf (3.25.3) http_parser.rb (0.8.0) i18n (1.14.5) concurrent-ruby (~> 1.0) - jekyll (4.2.2) + jekyll (4.3.0) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) i18n (~> 1.0) - jekyll-sass-converter (~> 2.0) + jekyll-sass-converter (>= 2.0, < 4.0) jekyll-watch (~> 2.0) - kramdown (~> 2.3) + kramdown (~> 2.3, >= 2.3.1) kramdown-parser-gfm (~> 1.0) liquid (~> 4.0) - mercenary (~> 0.4.0) + mercenary (>= 0.3.6, < 0.5) pathutil (~> 0.9) - rouge (~> 3.0) + rouge (>= 3.0, < 5.0) safe_yaml (~> 1.0) - terminal-table (~> 2.0) + terminal-table (>= 1.8, < 4.0) + webrick (~> 1.7) jekyll-feed (0.17.0) jekyll (>= 3.7, < 5.0) jekyll-paginate (1.1.0) jekyll-redirect-from (0.16.0) jekyll (>= 3.3, < 5.0) - jekyll-sass-converter (2.2.0) - sassc (> 2.0.1, < 3.0) + jekyll-sass-converter (3.0.0) + sass-embedded (~> 1.54) jekyll-seo-tag (2.8.0) jekyll (>= 3.8, < 5.0) jekyll-watch (2.2.1) @@ -55,27 +57,29 @@ GEM jekyll-seo-tag (~> 2.1) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (5.0.5) + public_suffix (5.1.1) + rake (13.2.1) rb-fsevent (0.11.2) - rb-inotify (0.10.1) + rb-inotify (0.11.1) ffi (~> 1.0) - rexml (3.2.8) - strscan (>= 3.0.9) - rouge (3.30.0) + rexml (3.3.2) + strscan + rouge (4.3.0) safe_yaml (1.0.5) - sassc (2.4.0) - ffi (~> 1.9) + sass-embedded (1.63.6) + google-protobuf (~> 3.23) + rake (>= 13.0.0) strscan (3.1.0) - terminal-table (2.0.0) - unicode-display_width (~> 1.1, >= 1.1.1) - unicode-display_width (1.8.0) + terminal-table (3.0.2) + unicode-display_width (>= 1.1.1, < 3) + unicode-display_width (2.5.0) webrick (1.8.1) PLATFORMS ruby DEPENDENCIES - jekyll (= 4.2.2) + jekyll (= 4.3.0) jekyll-feed (~> 0.16, >= 0.16.0) jekyll-paginate jekyll-redirect-from @@ -83,7 +87,7 @@ DEPENDENCIES webrick (~> 1.8) RUBY VERSION - ruby 3.0.2p107 + ruby 2.7.8p225 BUNDLED WITH 2.1.4 From b5d693d8b38e551419b388d5e7877c88a52ed45c Mon Sep 17 00:00:00 2001 From: TobiGr Date: Sat, 20 Jul 2024 12:18:22 +0200 Subject: [PATCH 2/2] Fix build Use dev version of minima --- Gemfile | 6 ++++-- Gemfile.lock | 25 +++++++++++++++---------- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/Gemfile b/Gemfile index 9d146cd..7fdab4e 100644 --- a/Gemfile +++ b/Gemfile @@ -8,14 +8,16 @@ ruby RUBY_VERSION # bundle exec jekyll serve # -gem "jekyll", "4.3.0" +gem "jekyll", "4.3.3" # Fix development command "jekyll serve" # Can be removed when upgrading to Jekyll 4.3 gem "webrick", "~> 1.8" # This is the default theme for new Jekyll sites. You may change this to anything you like. -gem "minima", "~> 2.5", ">= 2.5.1" +# 2.5 is the latest official release which was made in 2019. +# However, it is incompatible with the modern SASS specifications which was solved on the master branch in 2022. +gem "minima", "~> 3.0.0.dev", github: "jekyll/minima" # If you want to use GitHub Pages, remove the "gem "jekyll"" above and # uncomment the line below. To upgrade, run `bundle update github-pages`. diff --git a/Gemfile.lock b/Gemfile.lock index 549d7b2..f6a06fd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,12 @@ +GIT + remote: https://github.com/jekyll/minima.git + revision: 1d5286cf9a1aae34078420d183d560dd673d98b5 + specs: + minima (3.0.0.dev) + jekyll (>= 3.5, < 5.0) + jekyll-feed (~> 0.9) + jekyll-seo-tag (~> 2.1) + GEM remote: https://rubygems.org/ specs: @@ -15,7 +24,7 @@ GEM http_parser.rb (0.8.0) i18n (1.14.5) concurrent-ruby (~> 1.0) - jekyll (4.3.0) + jekyll (4.3.3) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) @@ -51,13 +60,9 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) - minima (2.5.1) - jekyll (>= 3.5, < 5.0) - jekyll-feed (~> 0.9) - jekyll-seo-tag (~> 2.1) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (5.1.1) + public_suffix (6.0.0) rake (13.2.1) rb-fsevent (0.11.2) rb-inotify (0.11.1) @@ -66,7 +71,7 @@ GEM strscan rouge (4.3.0) safe_yaml (1.0.5) - sass-embedded (1.63.6) + sass-embedded (1.69.5) google-protobuf (~> 3.23) rake (>= 13.0.0) strscan (3.1.0) @@ -79,15 +84,15 @@ PLATFORMS ruby DEPENDENCIES - jekyll (= 4.3.0) + jekyll (= 4.3.3) jekyll-feed (~> 0.16, >= 0.16.0) jekyll-paginate jekyll-redirect-from - minima (~> 2.5, >= 2.5.1) + minima (~> 3.0.0.dev)! webrick (~> 1.8) RUBY VERSION - ruby 2.7.8p225 + ruby 3.0.2p107 BUNDLED WITH 2.1.4