Skip to content

fix(CVE-2020-14001): Update kramdown to 2.3.0 #6564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ericclemmons merged 1 commit into from
Aug 12, 2020
Merged

fix(CVE-2020-14001): Update kramdown to 2.3.0 #6564

ericclemmons merged 1 commit into from
Aug 12, 2020

Conversation

@ericclemmons
Copy link
Contributor

@ericclemmons ericclemmons commented Aug 12, 2020
edited
Loading

Issue #, if available:

https://github.com/aws-amplify/amplify-js/network/alert/docs/Gemfile.lock/kramdown/open

Description of changes:

Updated jekyll + github-pages to latest, since they were using kramdown v1.

https://jekyllrb.com/news/2020/08/05/jekyll-3-9-0-released/

Validated by running bundle exec jekyll serve to check out site & yarn docs for generating the /api pages.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ericclemmons ericclemmons self-assigned this Aug 12, 2020
ericclemmons
ericclemmons commented Aug 12, 2020
View reviewed changes
docs/Gemfile
# This will help ensure the proper Jekyll version is running.
# Happy Jekylling!
gem "jekyll", "~> 3.6.2"
gem "jekyll"
Copy link
Contributor Author

@ericclemmons ericclemmons Aug 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://jekyllrb.com/news/2020/08/05/jekyll-3-9-0-released/

The Gemfile.lock reflects the version without explicitly setting it here.

This avoids transient problems with bundle update jekyll which won't do squat due to this pinning.

ericclemmons
ericclemmons commented Aug 12, 2020
View reviewed changes
docs/Gemfile.lock
Comment on lines +70 to +71
kramdown (= 2.3.0)
kramdown-parser-gfm (= 1.1.0)
Copy link
Contributor Author

@ericclemmons ericclemmons Aug 12, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

bundle update kramdown isn't sufficient due to jekyll's requirement of kramdown@1.

@codecov
Copy link

codecov bot commented Aug 12, 2020

Codecov Report

Merging #6564 into main will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main    #6564   +/-   ##
=======================================
  Coverage   73.26%   73.26%           
=======================================
  Files         208      208           
  Lines       12920    12920           
  Branches     2525     2525           
=======================================
  Hits         9466     9466           
  Misses       3263     3263           
  Partials      191      191

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a819a26...d59e3b7. Read the comment docs.

sammartinez
sammartinez approved these changes Aug 12, 2020
View reviewed changes
Copy link
Contributor

@sammartinez sammartinez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🌮

@ericclemmons ericclemmons merged commit 797e0bf into aws-amplify:main Aug 12, 2020
@ericclemmons ericclemmons deleted the CVE-2020-14001 branch August 12, 2020 23:29
BryceStevenWilley added a commit to BryceStevenWilley/BryceStevenWilley.github.io that referenced this pull request Sep 27, 2020
@BryceStevenWilley
Updated Kramdown version, removed some old drafts
8a82c28 
* Got how to update from aws-amplify/amplify-js#6564
nubpro pushed a commit to nubpro/amplify-js that referenced this pull request Oct 2, 2020
@ericclemmons @nubpro
fix(CVE-2020-14001): Update kramdown to 2.3.0 (aws-amplify#6564)
843b118 
https://jekyllrb.com/news/2020/08/05/jekyll-3-9-0-released/
iartemiev pushed a commit that referenced this pull request Oct 13, 2020
@ericclemmons @iartemiev
fix(CVE-2020-14001): Update kramdown to 2.3.0 (#6564)
98f1356 
https://jekyllrb.com/news/2020/08/05/jekyll-3-9-0-released/
@github-actions
Copy link

github-actions bot commented Aug 13, 2021

This pull request has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs.

Looking for a help forum? We recommend joining the Amplify Community Discord server *-help channels or Discussions for those types of questions.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@sammartinez sammartinez sammartinez approved these changes

@ashika01 ashika01 ashika01 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ericclemmons ericclemmons

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ericclemmons @sammartinez @ashika01