Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 3
Message 1 of 7

gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction to G

Solved! Go to Solution.

I'm trying to do the Learning Lab for Introduction to GitHub and I saw the message:

We found a potential security vulnerability in one of your dependencies.

 

In another post it was mentioned for the user to fix it by updating the gemfile.lock file, but how to do this?

Where do I find this file? Is it in the repo itself? If yes, wouldn't it be easier to fix it on GitHub's end so that when students get the repo, the gemlock file is already updated and does not have this vulnerability?

 

Thanks!

 

Screen Shot 2018-10-09 at 9.24.37 PM.png

6 Replies
Solution
Moderator
Message 2 of 7

Re: gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction

@alebourne You're definitely right, this should be updated on GitHub's end before it gets to the user. I'm looking into the template repository now, and will try to get this solved soon. 

Copilot Lvl 3
Message 3 of 7

Re: gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction

Thank you very much for the prompt response! I appreciate it.

Moderator
Message 4 of 7

Re: gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction

@alebourne The fix is officially pushed. It should no longer be a problem...at least until another thing goes out of date. :) Thanks again for letting us know! 

Copilot Lvl 3
Message 5 of 7

Re: gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction

Thank YOU for fixing it!:smileyhappy:

Ground Controller Lvl 1
Message 6 of 7

Re: gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction

Hi,

It's gone out of date again :)

There is another vulnerability found:


1 nokogiri vulnerability found in Gemfile.lock on 21 Aug

Remediation

Upgrade nokogiri to version 1.10.4 or later. For example:

gem "nokogiri", ">= 1.10.4"

 

-----------------------

EDIT - nevermind, I left and rejoined, and the vulnerability has been cleaned in the latest version. *sigh*

Moderator
Message 7 of 7

Re: gemfile.lock vulnerability in github-slideshow repo in the Learning lab lesson for Introduction

 

Hi @TeRmInAlCrAzY! Thank you for letting us know. I've updated the course template, so it should no longer have any outdated dependencies. :)