Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update due to security vulnerability #3

Merged
merged 2 commits into from
Aug 22, 2019
Merged

Update due to security vulnerability #3

merged 2 commits into from
Aug 22, 2019

Conversation

Meschreiber
Copy link
Contributor

@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 0610207 on Meschreiber:patch-1 into ce2d340 on algolia:develop.

2 similar comments
@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 0610207 on Meschreiber:patch-1 into ce2d340 on algolia:develop.

@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 0610207 on Meschreiber:patch-1 into ce2d340 on algolia:develop.

@redox redox self-requested a review August 22, 2019 07:31
redox
redox approved these changes Aug 22, 2019
View reviewed changes
Copy link
Contributor

@redox redox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Haroenv
Copy link

Haroenv commented Aug 22, 2019

the other PR #2 updates to a newer version, is there a reason we went with the lowest fixed version here?

@redox
Copy link
Contributor

redox commented Aug 22, 2019

the other PR #2 updates to a newer version, is there a reason we went with the lowest fixed version here?

No it's the opposite (or the same), isn't it?. Here it's >= 1.10.4 in #2 it's >= 1.10

@redox redox mentioned this pull request Aug 22, 2019
Closed
@Meschreiber Meschreiber merged commit 630a237 into algolia:develop Aug 22, 2019
@Meschreiber Meschreiber deleted the patch-1 branch August 22, 2019 15:37
@Krinkle
Copy link

Krinkle commented Dec 31, 2020
edited
Loading

the other PR #2 updates to a newer version, is there a reason we went with the lowest fixed version here?

No it's the opposite (or the same), isn't it?. Here it's >= 1.10.4 in #2 it's >= 1.10

@redox The PR that was merged (this one) indeed suggested >= 1.10.4, however it looks like @Meschreiber overwrote this in a forced pushed commit (a67821a) on the main branch and set it to ~> 1.10.4 instead, which is strictly lower. This means security updates from 1.11 and other minor-compatible releases are not applied and thus jekyll-algolia is now raising security warnings again.

@Meschreiber
Copy link
Contributor Author

Right you are @Krinkle , I don't know what I was thinking when I pushed that. I'm sorry about that.
Here's a PR that changes it to >= 1.10.4 instead of ~> 1.10.4. #6
@redox, could you please approve when you get a chance?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redox redox redox approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Meschreiber @coveralls @Haroenv @redox @Krinkle