Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump yajl-ruby #6582

Merged
merged 2 commits into from
Nov 29, 2017
Merged

Bump yajl-ruby #6582

merged 2 commits into from
Nov 29, 2017

Conversation

jekyllbot
Copy link
Contributor

@jekyllbot jekyllbot commented Nov 28, 2017
edited by DirtyF
Loading

Fix https://nvd.nist.gov/vuln/detail/CVE-2017-16516

Bump yajl-ruby to avoid vulnerability

@DirtyF DirtyF requested a review from a team November 28, 2017 23:04
@ghost
Copy link

ghost commented Nov 28, 2017

pygments still depends on 1.3.0 😢

@parkr
Copy link
Member

parkr commented Nov 28, 2017

Jekyll 4.0: drop pygments support.

Poll to see how many folks are using it: https://mobile.twitter.com/jekyllrb/status/935657216811651072

@parkr
Copy link
Member

parkr commented Nov 29, 2017

Version 1.2.3 was released with this patch. brianmario/yajl-ruby@58bd1e3

@DirtyF
Copy link
Member

DirtyF commented Nov 29, 2017

Pygments removed this dependency: pygments/pygments.rb@b9ba68b#diff-9e3c071577dae1e900f87a1e439da813

@parkr
Copy link
Member

parkr commented Nov 29, 2017

We weren’t able to upgrade to pygments 1.0 for some reason. It upgrades the pigments python library which removed support for something we rely on, I think. Deprecating it is the Way to go in my opinion.

@ashmaroli
Copy link
Member

ashmaroli commented Nov 29, 2017
edited
Loading

We weren’t able to upgrade to pygments 1.0 for some reason.

We did not upgrade due to a missing support for symlinks on Ruby 2.2 on Windows

Update: We can now upgrade to Pygments 1.0 via #5937

@DirtyF
Copy link
Member

DirtyF commented Nov 29, 2017

@jekyllbot: merge +dev

@jekyllbot jekyllbot merged commit a137408 into master Nov 29, 2017
@jekyllbot jekyllbot deleted the pull/security-yajl-ruby branch November 29, 2017 08:37
jekyllbot added a commit that referenced this pull request Nov 29, 2017
@jekyllbot
Update history to reflect merge of #6582 [ci skip]
64c87c9
This was referenced Nov 30, 2017
Closed
Merged
Closed
DirtyF pushed a commit that referenced this pull request Dec 7, 2017
@jekyllbot @DirtyF
Bump yajl-ruby (#6582)
79bf9f2 
Merge pull request 6582
DirtyF pushed a commit that referenced this pull request Dec 7, 2017
@jekyllbot @DirtyF
Update history to reflect merge of #6582 [ci skip]
664b20d
@jekyll jekyll locked and limited conversation to collaborators Jul 12, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
Assignees
No one assigned
Labels
dependency fix frozen-due-to-age internal
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jekyllbot @parkr @DirtyF @ashmaroli