I'm trying to do the Learning Lab for Introduction to GitHub and I saw the message:
We found a potential security vulnerability in one of your dependencies.
In another post it was mentioned for the user to fix it by updating the gemfile.lock file, but how to do this?
Where do I find this file? Is it in the repo itself? If yes, wouldn't it be easier to fix it on GitHub's end so that when students get the repo, the gemlock file is already updated and does not have this vulnerability?
Solved! Solved! Go to Solution.
@alebourne You're definitely right, this should be updated on GitHub's end before it gets to the user. I'm looking into the template repository now, and will try to get this solved soon.
@alebourne The fix is officially pushed. It should no longer be a problem...at least until another thing goes out of date. :) Thanks again for letting us know!
It's gone out of date again :)
There is another vulnerability found:
1 nokogiri vulnerability found in Gemfile.lock on 21 Aug
Upgrade nokogiri to version 1.10.4 or later. For example:
gem "nokogiri", ">= 1.10.4"
EDIT - nevermind, I left and rejoined, and the vulnerability has been cleaned in the latest version. *sigh*
Hi @TeRmInAlCrAzY! Thank you for letting us know. I've updated the course template, so it should no longer have any outdated dependencies. :)