chore: update gemfile#413
Conversation
seaerchin
requested review from
alexanderleegs,
dcshzj,
harishv7 and
kishore03109
| minitest (5.22.3) | ||
| mutex_m (0.2.0) | ||
| nokogiri (1.15.6) | ||
| nokogiri (1.16.5) |
There was a problem hiding this comment.
is this a dep of a dep? from PR description it seems this is. a dep of github pages. have we tested if the current github pages version works with this?
There was a problem hiding this comment.
i have absolutely no clue. it shouldn't be as it's specified at the top level but the vulnerability was from this.
also, no. this is because i have no idea where github pages are used + the gem is removed in next_gen ._. i'll test this out remotely
There was a problem hiding this comment.
fyi @harishv7 - checked with @alexanderleegs and we're not quite sure what github pages is actually being used for.
this gemfile is only being used for a few sites (self-hosted) and on further thinking i don't believe we use this gem at all.
i'm open to just marking the deps as not vuln on snyk - wdyt
There was a problem hiding this comment.
I don't think we need to github pages gem tbh, but I am okay to mark this to be ignored on snyk
There was a problem hiding this comment.
same, i'm just keeping it because i'm scared that uninstalling has unintended consequences, however improbable
i'll mark it on snyuk then
2 participants
Problem
nokogirigot vulnerability viagithub-pages. to fix, the gem has been updatedSolution
bump
nokogirito 1.16.5