chore: update gemfile #413
Conversation
seaerchin
requested review from
harishv7,
alexanderleegs,
dcshzj and
kishore03109
| @@ -222,7 +222,7 @@ GEM | |||
| jekyll-seo-tag (~> 2.1) | |||
| minitest (5.22.3) | |||
| mutex_m (0.2.0) | |||
| nokogiri (1.15.6) | |||
| nokogiri (1.16.5) | |||
There was a problem hiding this comment.
is this a dep of a dep? from PR description it seems this is. a dep of github pages. have we tested if the current github pages version works with this?
There was a problem hiding this comment.
i have absolutely no clue. it shouldn't be as it's specified at the top level but the vulnerability was from this.
also, no. this is because i have no idea where github pages are used + the gem is removed in next_gen ._. i'll test this out remotely
There was a problem hiding this comment.
fyi @harishv7 - checked with @alexanderleegs and we're not quite sure what github pages is actually being used for.
this gemfile is only being used for a few sites (self-hosted) and on further thinking i don't believe we use this gem at all.
i'm open to just marking the deps as not vuln on snyk - wdyt
There was a problem hiding this comment.
I don't think we need to github pages gem tbh, but I am okay to mark this to be ignored on snyk
There was a problem hiding this comment.
same, i'm just keeping it because i'm scared that uninstalling has unintended consequences, however improbable
i'll mark it on snyuk then
Problem
nokogirigot vulnerability viagithub-pages. to fix, the gem has been updatedSolution
bump
nokogirito 1.16.5