[ Docker  Blog  ]

It seems that kramdown has a big security issue and i want this to be fixed.

kramdown security issue

To solve the problem, we can click to the “See dependabot alert”

And this is what we found:

kramdown security issue2


The fix seems easy to solve…we only need to fix this on the gemfiles…but as i´m using Windows10 to work with jekyll, and i don´t have any jekyll instalation on my machine…i only need to make a little change to the docker-compose.yml file

NOTE: Check this post to understand why i need to do this

1) Edit docker-compose

2) Change the command to

   command: bundle update

3) Edit Gemfile file and add the following to the end of the file

   # vulnerability found 
   gem "kramdown", ">= 2.3.0"

4) Now, cleanup the container

   docker-compose down   

5) Fix the dependencies

   docker-compose up   

NOTE: you should see the following text after the container ends successfully

jekyll_1  | Bundle updated!

And your Gemfile.lock file should be updated accordingly, with kramdown among other gems

gemfile.lock update

Now, you can edit again your docker-compose file to set the value to the previous one

command: jekyll serve --watch --force_polling --verbose --safe

And thats it!

NOTE: Please remind to execute a docker-compose down prior working again :)