gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction to G

I’m trying to do the Learning Lab for Introduction to GitHub and I saw the message:

We found a potential security vulnerability in one of your dependencies.

In another post it was mentioned for the user to fix it by updating the gemfile.lock file, but how to do this?

Where do I find this file? Is it in the repo itself? If yes, wouldn’t it be easier to fix it on GitHub’s end so that when students get the repo, the gemlock file is already updated and does not have this vulnerability?

Thanks!

@alebourne You’re definitely right, this should be updated on GitHub’s end before it gets to the user. I’m looking into the template repository now, and will try to get this solved soon. 

1 Like

Thank you very much for the prompt response! I appreciate it.

@alebourne The fix is officially pushed. It should no longer be a problem…at least until another thing goes out of date. :slight_smile: Thanks again for letting us know! 

1 Like

Thank YOU for fixing it!:smiley:

Hi,

It’s gone out of date again :slight_smile:

There is another vulnerability found:

1 nokogiri vulnerability found in Gemfile.lock on 21 Aug

Remediation

Upgrade nokogiri to version 1.10.4 or later. For example:

gem “nokogiri”, “>= 1.10.4”


EDIT - nevermind, I left and rejoined, and the vulnerability has been cleaned in the latest version. *sigh*

Hi @terminalcrazy! Thank you for letting us know. I’ve updated the course template, so it should no longer have any outdated dependencies. :)