X Tutup
The Wayback Machine - https://web.archive.org/web/20220323042000/https://github.com/github/pages-gem/pull/762
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump kramdown to v2.3.1 #762

Merged
merged 1 commit into from Mar 31, 2021
Merged

Bump kramdown to v2.3.1 #762

merged 1 commit into from Mar 31, 2021

Conversation

hubot
Copy link
Contributor

@hubot hubot commented Mar 22, 2021
edited by parkr

maziyarpanahi added a commit to JohnSnowLabs/spark-nlp that referenced this issue Mar 29, 2021
@maziyarpanahi
Update github-pages [skip ci]
c40442d 
- waiting for github/pages-gem#762 to be released to solve CVE-2021-28834 security issue
@maziyarpanahi
Copy link

@maziyarpanahi maziyarpanahi commented Mar 29, 2021

Remote code execution in Kramdown
: GHSA-52p9-v744-mwjj

@kenyon kenyon mentioned this pull request Mar 29, 2021
Closed
@sprankhub sprankhub mentioned this pull request Mar 30, 2021
Closed
@olleolleolle olleolleolle mentioned this pull request Mar 30, 2021
Merged
@samuelhward samuelhward mentioned this pull request Mar 30, 2021
Closed
4 tasks
@overheadhunter overheadhunter mentioned this pull request Mar 30, 2021
Closed
@daenney
Copy link

@daenney daenney commented Mar 30, 2021

@parkr Would it be possible to get this merged today? Github Dependabot is raising hell on repositories due to the Kramdown CVE, but I can't update because Github's own github-pages gem isn't updated yet.

@Jason3S Jason3S mentioned this pull request Mar 30, 2021
Merged
@llucax
Copy link

@llucax llucax commented Mar 30, 2021

Any particular reason for the dependency to be pinned on the patch version? Isn't semver supposed to avoid this kind of issues where security updates should be automatically applied when doing stuff like bundle update?

@staticintlucas staticintlucas mentioned this pull request Mar 30, 2021
Closed
@Carlgo11 Carlgo11 mentioned this pull request Mar 30, 2021
Closed
@iwazaru iwazaru mentioned this pull request Mar 31, 2021
Merged
2 tasks
@olleolleolle olleolleolle mentioned this pull request Mar 31, 2021
Merged
@joshpencheon joshpencheon mentioned this pull request Mar 31, 2021
Closed
@jriggins jriggins merged commit 46a24e9 into master Mar 31, 2021
4 checks passed
@jriggins jriggins deleted the hubot/kramdown-v2-3-1 branch Mar 31, 2021
@ApCoder123 ApCoder123 mentioned this pull request Mar 31, 2021
Closed
@DavidePastore DavidePastore mentioned this pull request Apr 10, 2021
Merged
@brockneedscoffee brockneedscoffee mentioned this pull request Apr 21, 2021
Merged
5 tasks
@PierreRambaud PierreRambaud mentioned this pull request Apr 21, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet
5 participants
@hubot @maziyarpanahi @daenney @llucax @jriggins
X Tutup