From f17ecf9508c459c65524ff467c2015848d4dd3d3 Mon Sep 17 00:00:00 2001 From: Andromeda Yelton Date: Mon, 22 Nov 2021 13:11:46 -0500 Subject: [PATCH] Update dependencies This addresses security vulnerabilities in addressable and kramdown. Updates were performed as conservatively as possible, but fixing kramdown required upgrading one minor version of jekyll, and explicitly specifying kramdown-parser-gfm. It also updates the version of ffi, which is necessary for developing on M1 Macs. --- Gemfile | 5 +++-- Gemfile.lock | 53 +++++++++++++++++++++++++++------------------------- 2 files changed, 31 insertions(+), 27 deletions(-) diff --git a/Gemfile b/Gemfile index 9d2f64d..f014748 100644 --- a/Gemfile +++ b/Gemfile @@ -8,11 +8,13 @@ source "https://rubygems.org" # # This will help ensure the proper Jekyll version is running. # Happy Jekylling! -gem "jekyll", "~> 3.8.4" +gem "jekyll", "~> 3.9.1" # This is the default theme for new Jekyll sites. You may change this to anything you like. gem "minima", "~> 2.0" +gem "kramdown-parser-gfm" + # If you want to use GitHub Pages, remove the "gem "jekyll"" above and # uncomment the line below. To upgrade, run `bundle update github-pages`. # gem "github-pages", group: :jekyll_plugins @@ -27,4 +29,3 @@ gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby] # Performance-booster for watching directories on Windows gem "wdm", "~> 0.1.0" if Gem.win_platform? - diff --git a/Gemfile.lock b/Gemfile.lock index 2aaf2ca..15bc7c5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,27 +1,27 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.8.0) + public_suffix (>= 2.0.2, < 5.0) colorator (1.1.0) - concurrent-ruby (1.1.3) - em-websocket (0.5.1) + concurrent-ruby (1.1.9) + em-websocket (0.5.3) eventmachine (>= 0.12.9) - http_parser.rb (~> 0.6.0) + http_parser.rb (~> 0) eventmachine (1.2.7) - ffi (1.9.25) + ffi (1.15.4) forwardable-extended (2.6.0) - http_parser.rb (0.6.0) + http_parser.rb (0.8.0) i18n (0.9.5) concurrent-ruby (~> 1.0) - jekyll (3.8.5) + jekyll (3.9.1) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) i18n (~> 0.7) jekyll-sass-converter (~> 1.0) jekyll-watch (~> 2.0) - kramdown (~> 1.14) + kramdown (>= 1.17, < 3) liquid (~> 4.0) mercenary (~> 0.3.3) pathutil (~> 0.9) @@ -33,14 +33,16 @@ GEM sass (~> 3.4) jekyll-seo-tag (2.5.0) jekyll (~> 3.3) - jekyll-watch (2.1.2) + jekyll-watch (2.2.1) listen (~> 3.0) - kramdown (1.17.0) - liquid (4.0.1) - listen (3.1.5) - rb-fsevent (~> 0.9, >= 0.9.4) - rb-inotify (~> 0.9, >= 0.9.7) - ruby_dep (~> 1.2) + kramdown (2.3.1) + rexml + kramdown-parser-gfm (1.1.0) + kramdown (~> 2.0) + liquid (4.0.3) + listen (3.7.0) + rb-fsevent (~> 0.10, >= 0.10.3) + rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.3.6) minima (2.5.0) jekyll (~> 3.5) @@ -48,14 +50,14 @@ GEM jekyll-seo-tag (~> 2.1) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (3.0.3) - rb-fsevent (0.10.3) - rb-inotify (0.9.10) - ffi (>= 0.5.0, < 2) - rouge (3.3.0) - ruby_dep (1.5.0) - safe_yaml (1.0.4) - sass (3.7.2) + public_suffix (4.0.6) + rb-fsevent (0.11.0) + rb-inotify (0.10.1) + ffi (~> 1.0) + rexml (3.2.5) + rouge (3.26.1) + safe_yaml (1.0.5) + sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) @@ -65,8 +67,9 @@ PLATFORMS ruby DEPENDENCIES - jekyll (~> 3.8.4) + jekyll (~> 3.9.1) jekyll-feed (~> 0.6) + kramdown-parser-gfm minima (~> 2.0) tzinfo-data