It seems that kramdown has a big security issue and i want this to be fixed.
To solve the problem, we can click to the “See dependabot alert”
And this is what we found:
The fix seems easy to solve…we only need to fix this on the gemfiles…but as i´m using Windows10 to work with jekyll, and i don´t have any jekyll instalation on my machine…i only need to make a little change to the docker-compose.yml file
NOTE: Check this post to understand why i need to do this
1) Edit docker-compose
2) Change the command to
command: bundle update
3) Edit Gemfile file and add the following to the end of the file
# vulnerability found gem "kramdown", ">= 2.3.0"
4) Now, cleanup the container
5) Fix the dependencies
NOTE: you should see the following text after the container ends successfully
jekyll_1 | Bundle updated!
And your Gemfile.lock file should be updated accordingly, with kramdown among other gems
Now, you can edit again your docker-compose file to set the value to the previous one
command: jekyll serve --watch --force_polling --verbose --safe
And thats it!
NOTE: Please remind to execute a docker-compose down prior working again :)