Skip to content

Jekyll 3.9.0 upgrade #1756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 14, 2020
Merged

Jekyll 3.9.0 upgrade #1756

merged 2 commits into from
Aug 14, 2020

Conversation

@SethTisue
Copy link
Member

@SethTisue SethTisue commented Aug 14, 2020

we got a security alert that we should update kramdown to 2.3.0,
as per GHSA-mqm2-cgpr-p4m6

afaict that requires upgrading to Jekyll 3.9.0, which will....
hopefully be fine

while we're updating things, I did a full bundle update

let's try this out in this repo first, and if everything seems okay,
I'll submit a PR to the scala-lang.org repo too

as usual with Ruby stuff, :i-have-no-idea-what-im-doing:

@SethTisue
Jekyll 3.9.0 upgrade
e1a70d7
@SethTisue
revert upgrade of jekyll-redirect-from
da687a9 
because CI complained:

> jekyll-redirect-from-0.16.0 requires ruby version >= 2.4.0, which is
> incompatible with the current version, ruby 2.3.1p112

we should move to Ruby 2.4 eventually I guess, but it doesn't
need to be now
@SethTisue SethTisue mentioned this pull request Aug 14, 2020
Closed
@SethTisue SethTisue merged commit 6d2caf1 into scala:master Aug 14, 2020
@SethTisue SethTisue deleted the update-kramdown branch August 14, 2020 15:57
SethTisue added a commit to SethTisue/scala-lang that referenced this pull request Aug 19, 2020
@SethTisue
Jekyll 3.9.0 upgrade, also kramdown upgrade
4d10f60 
this is comparable to scala/docs.scala-lang#1756.  the motivation is
the same: we got a security alert about kramdown.

but it went a bit differently in this repo. if I did `bundle update
jekyll` that went all the way to some 4.x version. I don't know why.
but it seems safer to do a smaller upgrade first. `bundle update
--minor jekyll` got us to 3.9.0, but then kramdown didn't get updated,
so I followed it with `bundle update kramdown` (after adding
`kramdown-parser-gfm` to `Gemfile`, as in the other PR)

since I didn't do a full `bundle update`, I didn't need to revert
any version bump of jekyll-redirect-from

so.... it's not great that this doesn't bring the two repos exactly
in sync, but oh well. I'm trying to resolve the security issue without
putting excess effort into it.

I wouldn't oppose followup PR(s) that reduce the deltas between the
repos.
@SethTisue SethTisue mentioned this pull request Aug 19, 2020
Merged
SethTisue added a commit to SethTisue/scala.epfl.ch that referenced this pull request Aug 19, 2020
@SethTisue
update to latest github-pages
57baa52 
akin to scala/scala-lang#1157 and scala/docs.scala-lang#1756

but here just `bundle update github-pages` was sufficient to get us
on the desired Jekyll version (3.9.0) and desired kramdown version
(2.3.0) that has the security fix that prompted the upgrade
@SethTisue SethTisue mentioned this pull request Aug 19, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SethTisue