Uploaded image for project: 'Marathon'
  1. Marathon
  2. MARATHON-8009

Update docs/Gemfile.lock to fix a nokogiri vulnerability

    Details

    • Type: Task
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Build & CI
    • Labels:
      None

      Description

      Github reports a vulnerability

      We found a potential security vulnerability in one of your dependencies. The nokogiri dependency defined in Gemfile.lock has a known critical severity security vulnerability in version range < 1.8.1 and should be updated.

      Unfortunately, the version of github-pages that depends on nokogiri = 1.8.1 also depends on jekyll-redirect-from = 1.2.1 which has a bug, which is fixed in 1.3.0. With 1.2.1, there is the following error when trying to compile the docs:

      Configuration file: /site-docs/_config.yml
                  Source: .
             Destination: /site-docs/_site
       Incremental build: disabled. Enable with --incremental
            Generating... 
        Liquid Exception: invalid byte sequence in US-ASCII in _layouts/redirect.html
      jekyll 3.6.2 | Error:  invalid byte sequence in US-ASCII
      

      Once github-pages depending on jekyll-redirect-from = 1.3.0 is released, we need to update Gemfile.lock by running bundle update.

        Attachments

          Activity

            People

            • Assignee:
              ken Ken Sipe
              Reporter:
              ivanchernetsky Ivan Chernetsky
              Team:
              Orchestration Team
              Watchers:
              Ivan Chernetsky
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: