New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump yajl-ruby #6582

Merged
merged 2 commits into from Nov 29, 2017

Conversation

Projects
None yet
5 participants
@jekyllbot
Contributor

jekyllbot commented Nov 28, 2017

Fix https://nvd.nist.gov/vuln/detail/CVE-2017-16516

Bump yajl-ruby to avoid vulnerability

@DirtyF DirtyF requested a review from jekyll/core Nov 28, 2017

@oe

oe approved these changes Nov 28, 2017

@oe

This comment has been minimized.

Show comment
Hide comment
@oe

oe Nov 28, 2017

Member

pygments still depends on 1.3.0 😢

Member

oe commented Nov 28, 2017

pygments still depends on 1.3.0 😢

@parkr

This comment has been minimized.

Show comment
Hide comment
@parkr

parkr Nov 28, 2017

Member

Jekyll 4.0: drop pygments support.

Poll to see how many folks are using it: https://mobile.twitter.com/jekyllrb/status/935657216811651072

Member

parkr commented Nov 28, 2017

Jekyll 4.0: drop pygments support.

Poll to see how many folks are using it: https://mobile.twitter.com/jekyllrb/status/935657216811651072

@parkr

This comment has been minimized.

Show comment
Hide comment
@parkr

parkr Nov 29, 2017

Member

Version 1.2.3 was released with this patch. brianmario/yajl-ruby@58bd1e3

Member

parkr commented Nov 29, 2017

Version 1.2.3 was released with this patch. brianmario/yajl-ruby@58bd1e3

@DirtyF

This comment has been minimized.

Show comment
Hide comment
@DirtyF
Member

DirtyF commented Nov 29, 2017

@parkr

This comment has been minimized.

Show comment
Hide comment
@parkr

parkr Nov 29, 2017

Member

We weren’t able to upgrade to pygments 1.0 for some reason. It upgrades the pigments python library which removed support for something we rely on, I think. Deprecating it is the Way to go in my opinion.

Member

parkr commented Nov 29, 2017

We weren’t able to upgrade to pygments 1.0 for some reason. It upgrades the pigments python library which removed support for something we rely on, I think. Deprecating it is the Way to go in my opinion.

@ashmaroli

This comment has been minimized.

Show comment
Hide comment
@ashmaroli

ashmaroli Nov 29, 2017

Member

We weren’t able to upgrade to pygments 1.0 for some reason.

We did not upgrade due to a missing support for symlinks on Ruby 2.2 on Windows

Update: We can now upgrade to Pygments 1.0 via #5937

Member

ashmaroli commented Nov 29, 2017

We weren’t able to upgrade to pygments 1.0 for some reason.

We did not upgrade due to a missing support for symlinks on Ruby 2.2 on Windows

Update: We can now upgrade to Pygments 1.0 via #5937

@DirtyF

This comment has been minimized.

Show comment
Hide comment
@DirtyF

DirtyF Nov 29, 2017

Member

@jekyllbot: merge +dev

Member

DirtyF commented Nov 29, 2017

@jekyllbot: merge +dev

@jekyllbot jekyllbot merged commit a137408 into master Nov 29, 2017

2 of 3 checks passed

continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
WIP ready for review
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@jekyllbot jekyllbot deleted the pull/security-yajl-ruby branch Nov 29, 2017

DirtyF added a commit that referenced this pull request Dec 7, 2017

Bump yajl-ruby (#6582)
Merge pull request 6582

DirtyF added a commit that referenced this pull request Dec 7, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment