Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

update to Jekyll 3.8 #555

Closed
Ana06 opened this issue Apr 27, 2018 · 16 comments 路 Fixed by #565

Comments

@Ana06
Copy link

@Ana06 Ana06 commented Apr 27, 2018

Is it plan to update to Jelyll 3.8? Currently 3.7.3 is used. 馃樁 An update would be great!

@merlinpatt

This comment has been minimized.

Copy link
Contributor

@merlinpatt merlinpatt commented May 22, 2018

I would also like to see this. Is there a way to force 3.8 in the meantime?

@kenman345

This comment has been minimized.

Copy link
Contributor

@kenman345 kenman345 commented Jul 16, 2018

@merlinpatt Unfortunately, if you're using the github-pages gem then you are locked down. If you were to bring in all these gems themselves instead of github-pages bundling them, then you might be able to get it but its still a bit annoying to have it that way, especially since you wont get those advantages with gh-pages.

3.8 brings a lot of site generation speed so I hope that PR gets merged soon.

@merlinpatt

This comment has been minimized.

Copy link
Contributor

@merlinpatt merlinpatt commented Jul 16, 2018

@kenman345 I don't know if it will. There was activity a few days ago that was bumping the version of something else, and I would have thought that would be the perfect time to bump Jekyll but it still hasn't happened yet. I don't understand what is holding it up

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Aug 11, 2018

@merlinpatt It will, it just takes the (already fairly small) team a lot of time to verify whether the latest version is safe to put on GitHub Pages. There's usually a lot of delay between Jekyll mainline releases and GitHub Pages updates, no need to worry about it.

@merlinpatt

This comment has been minimized.

Copy link
Contributor

@merlinpatt merlinpatt commented Aug 11, 2018

Is there any way the community can help verify that it is safe?

Is there anything we can do to help speed up the process in the future with tests or something?

What are the possible concerns? I thought it was built by GitHub so that should make it easier to handle updates.

What is the usual delay between Jekyll and Pages releases?

Sorry for all the questions, especially if they've already been answered, but I only started using Jekyll/Pages this last year so I don't know about any of this. It would be ideal if there was an FAQ for all this because I'm sure I'm not the only one who's had these questions.

And from the outside, waiting 4 months for an update, especially without comment from maintainers when there has been other activity on the repo in the meantime, can make it seem like no one cares about this happening.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Aug 11, 2018

@merlinpatt Jekyll and GitHub Pages are developed independently from another. Jekyll has a different release schedule from GitHub Pages, and doesn't try to adjust its to GitHub Pages'. I can't speak for the GitHub Pages team, but from my assumption, GitHub Pages is simply a very large website hosting service, which is why the software it uses needs to be verified secure to be running in a sandboxed environment.

I do agree that there could be more consistency as to why GitHub Pages updates are taking a while. @benbalter has anything like this ever been in the pipeline?

@merlinpatt

This comment has been minimized.

Copy link
Contributor

@merlinpatt merlinpatt commented Oct 6, 2018

@parkr or @benbalter any update on this issue?

@JosueDanielBust

This comment has been minimized.

Copy link

@JosueDanielBust JosueDanielBust commented Oct 25, 2018

Any update here?
I get this error today after launch a new update on one site.

1 jekyll vulnerability found in Gemfile.lock 2 hours ago
Remediation
Upgrade jekyll to version 3.8.4 or later. For example:
gem "jekyll", ">= 3.8.4"

Details: CVE-2018-17567

@marco-c

This comment has been minimized.

Copy link
Contributor

@marco-c marco-c commented Oct 25, 2018

@JosueDanielBust you can fork the repo and set the dependency to your repo, this way you can manually update the version. It's not great as you will have to remember to set it back to the default "github-pages" when the time comes, but better than being stuck on an old version if you really need the update.

@Ana06

This comment has been minimized.

Copy link
Author

@Ana06 Ana06 commented Oct 25, 2018

@marco-c

@JosueDanielBust you can fork the repo and set the dependency to your repo, this way you can manually update the version. It's not great as you will have to remember to set it back to the default "github-pages" when the time comes, but better than being stuck on an old version if you really need the update.

But if you host your page in GitHub pages and you require a dependency that is not installed there it won't work

@merlinpatt

This comment has been minimized.

Copy link
Contributor

@merlinpatt merlinpatt commented Feb 23, 2019

It's been 10 months since this issue was first made. What progress has there been?

@merlinpatt

This comment has been minimized.

Copy link
Contributor

@merlinpatt merlinpatt commented Mar 11, 2019

I would like to add that previous releases of Jekyll have been added into the gh-pages gem within weeks, as seen in the chart below. I am very confused why this release has taken nearly a year.

Version Jekyll Released pages-gem updates Timeframe
3.7.3 2018-02-25 2018-03-16 < 3 weeks
3.7.2 2018-01-25 2018-02-05 < 2 weeks
3.6.2 2017-10-21 2018-10-23 < 1 week
3.6.0 2017-09-21 2017-09-21 < 1 day
3.6.0.pre.beta1 2017-08-23 2017-08-24 < 2 days
@dergigi

This comment has been minimized.

Copy link

@dergigi dergigi commented Mar 12, 2019

That's strange indeed. I am eagerly awaiting an update as well, so thank you for pushing this issue @merlinpatt

@BerkhanBerkdemir

This comment has been minimized.

Copy link

@BerkhanBerkdemir BerkhanBerkdemir commented Mar 16, 2019

The funny thing is that there is no comment from a member

@parkr parkr closed this in #565 Apr 23, 2019
@dergigi

This comment has been minimized.

Copy link

@dergigi dergigi commented Apr 23, 2019

Yay, finally! Thanks to however pushed this through 馃憤

@brando90

This comment has been minimized.

Copy link

@brando90 brando90 commented Oct 28, 2019

I am getting this weird error:

$ bundle
Fetching gem metadata from https://rubygems.org/..........
Fetching gem metadata from https://rubygems.org/.
You have requested:
  jekyll ~> 3.8.5

The bundle currently has jekyll locked at 4.0.0.
Try running `bundle update jekyll`

If you are updating multiple gems in your Gemfile at once,
try passing them all to `bundle update`

is there a way to solve it using the solutions discussed here?

https://stackoverflow.com/questions/58598084/how-does-one-downgrade-jekyll-to-work-with-github-pages

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can鈥檛 perform that action at this time.