updating to kramdown 2.3 because dependabot won't do it for me

CDCgov · Aug 18, 2020 · f861ba8 · f861ba8
1 parent 3d2fd58
commit f861ba8
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 35 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -10,3 +10,5 @@
 *.json text eol=lf
 *.yml text eol=lf
 *.csv text eol=lf
+
+.* text eol=lf
diff --git a/Gemfile b/Gemfile
@@ -3,6 +3,10 @@ source 'https://rubygems.org'
 gem 'jekyll'
 gem 'html-proofer'
 
+# manually setting to 2.3 version due to CVE-2020-14001
+gem "kramdown", ">= 2.3"
+gem "kramdown-parser-gfm"
+
 group :jekyll_plugins do
   gem 'jekyll_pages_api'
   gem 'jekyll-redirect-from'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,28 +1,22 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.4.3)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     colorator (1.1.0)
-    concurrent-ruby (1.1.6)
+    concurrent-ruby (1.1.7)
     em-websocket (0.5.1)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
     ethon (0.12.0)
       ffi (>= 1.3.0)
     eventmachine (1.2.7)
-    ffi (1.11.1)
+    ffi (1.13.1)
     forwardable-extended (2.6.0)
-    html-proofer (3.11.1)
-      activesupport (>= 4.2, < 6.0)
+    html-proofer (3.15.3)
       addressable (~> 2.3)
-      mercenary (~> 0.3.2)
-      nokogiri (~> 1.9)
+      mercenary (~> 0.3)
+      nokogumbo (~> 2.0)
       parallel (~> 1.3)
       rainbow (~> 3.0)
       typhoeus (~> 1.3)
@@ -31,20 +25,20 @@ GEM
     http_parser.rb (0.6.0)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
-    jekyll (3.8.6)
+    jekyll (3.9.0)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
       i18n (~> 0.7)
       jekyll-sass-converter (~> 1.0)
       jekyll-watch (~> 2.0)
-      kramdown (~> 1.14)
+      kramdown (>= 1.17, < 3)
       liquid (~> 4.0)
       mercenary (~> 0.3.3)
       pathutil (~> 0.9)
       rouge (>= 1.7, < 4)
       safe_yaml (~> 1.0)
-    jekyll-redirect-from (0.15.0)
+    jekyll-redirect-from (0.16.0)
       jekyll (>= 3.3, < 5.0)
     jekyll-sass-converter (1.5.2)
       sass (~> 3.4)
@@ -53,39 +47,39 @@ GEM
     jekyll_pages_api (0.1.6)
       htmlentities (~> 4.3)
       jekyll (>= 2.0, < 4.0)
-    kramdown (1.17.0)
+    kramdown (2.3.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
     liquid (4.0.3)
-    listen (3.1.5)
-      rb-fsevent (~> 0.9, >= 0.9.4)
-      rb-inotify (~> 0.9, >= 0.9.7)
-      ruby_dep (~> 1.2)
+    listen (3.2.1)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.3.6)
     mini_portile2 (2.4.0)
-    minitest (5.14.1)
-    nokogiri (1.10.8)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
-    parallel (1.17.0)
+    nokogumbo (2.0.2)
+      nokogiri (~> 1.8, >= 1.8.4)
+    parallel (1.19.2)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    public_suffix (3.1.1)
+    public_suffix (4.0.5)
     rainbow (3.0.0)
-    rb-fsevent (0.10.3)
-    rb-inotify (0.10.0)
+    rb-fsevent (0.10.4)
+    rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rouge (3.9.0)
-    ruby_dep (1.5.0)
+    rexml (3.2.4)
+    rouge (3.22.0)
     safe_yaml (1.0.5)
     sass (3.7.4)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    thread_safe (0.3.6)
-    typhoeus (1.3.1)
+    typhoeus (1.4.0)
       ethon (>= 0.9.0)
-    tzinfo (1.2.7)
-      thread_safe (~> 0.1)
-    yell (2.2.0)
+    yell (2.2.2)
 
 PLATFORMS
   ruby
@@ -95,6 +89,8 @@ DEPENDENCIES
   jekyll
   jekyll-redirect-from
   jekyll_pages_api
+  kramdown (>= 2.3)
+  kramdown-parser-gfm
 
 BUNDLED WITH
-   1.16.5
+   1.17.2