You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Gemfile.lock security vulnerabilities will only affect those who work on the Moonrise site locally on their PC.
In these cases, the security vulnerabilities apply and you should run bundle update regularly before editing your site to keep your PC safe.
The Moonrise Wiki already recommends running bundle update before bundle exec jekyll serve, which will update your Gemfile.lock and fix vulnerabilities
When you push the code to GitHub, GitHub Pages will build your site using their own Gemfile and Gemfile.lock, which will always be up-to-date.
This will not affect anyone who edits your Moonrise site on GitHub via the "Edit file" feature.
The text was updated successfully, but these errors were encountered:
The
Gemfile.lockfile was removed from Moonrise in commit b002d22This file regularly brings up security vulnerabilities in GitHub, saying that your Moonrise site is vulnerable due to outdated dependencies.
It seems GitHub Pages never uses your
Gemfileto build the Moonrise site because they have their ownGemfilewith whitelisted Jekyll version and plugins.The
Gemfile.locksecurity vulnerabilities will only affect those who work on the Moonrise site locally on their PC.bundle updateregularly before editing your site to keep your PC safe.bundle updatebeforebundle exec jekyll serve, which will update yourGemfile.lockand fix vulnerabilitiesGemfileandGemfile.lock, which will always be up-to-date.This will not affect anyone who edits your Moonrise site on GitHub via the "Edit file" feature.
The text was updated successfully, but these errors were encountered: