Dependabot Vulnerabilities and Documentation Readme#410
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds comprehensive documentation for the Jekyll-based documentation website and updates Ruby gem dependencies. The changes include a new README explaining how to set up, develop, and deploy the documentation site locally, along with dependency version updates.
- New documentation README with setup instructions, project structure, and troubleshooting
- Gemfile dependency updates with version pinning for github-pages (~232), jekyll (~3.10.0), and security-related gems
- Gemfile.lock updated with resolved dependency versions
Reviewed Changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| docs_readme.md | New comprehensive documentation for Jekyll site setup, development, and deployment |
| docs/Gemfile | Updated gem dependencies with version constraints for github-pages, jekyll, webrick, nokogiri, rexml, and tzinfo |
| docs/Gemfile.lock | Updated locked dependency versions reflecting the Gemfile changes |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| gem 'github-pages', '~> 232' | ||
| gem 'jekyll', '~> 3.10.0' | ||
| gem 'webrick', '~> 1.8.2' | ||
| gem 'nokogiri', '~> 1.18.9' |
There was a problem hiding this comment.
The version constraint ~> 1.18.9 allows versions >= 1.18.9 and < 1.19.0, but Gemfile.lock shows version 1.18.10 is installed. Consider using ~> 1.18.10 or >= 1.18.9 to match the locked version, or if 1.18.9 specifically is required, use = 1.18.9 for an exact match.
| gem 'nokogiri', '~> 1.18.9' | |
| gem 'nokogiri', '~> 1.18.10' |
| gem 'jekyll', '~> 3.10.0' | ||
| gem 'webrick', '~> 1.8.2' | ||
| gem 'nokogiri', '~> 1.18.9' | ||
| gem 'rexml', '~> 3.3.6' |
There was a problem hiding this comment.
The version constraint ~> 3.3.6 allows versions >= 3.3.6 and < 3.4.0, but Gemfile.lock shows version 3.3.9 is installed. Consider using ~> 3.3.9 or >= 3.3.6 to match the locked version, or if 3.3.6 specifically is required, use = 3.3.6 for an exact match.
| gem 'rexml', '~> 3.3.6' | |
| gem 'rexml', '~> 3.3.9' |
| gem 'webrick', '~> 1.8.2' | ||
| gem 'nokogiri', '~> 1.18.9' | ||
| gem 'rexml', '~> 3.3.6' | ||
| gem 'tzinfo', '~> 1.2.10' No newline at end of file |
There was a problem hiding this comment.
The version constraint ~> 1.2.10 allows versions >= 1.2.10 and < 1.3.0, but Gemfile.lock shows version 1.2.11 is installed. Consider using ~> 1.2.11 or >= 1.2.10 to match the locked version, or if 1.2.10 specifically is required, use = 1.2.10 for an exact match.
| gem 'tzinfo', '~> 1.2.10' | |
| gem 'tzinfo', '~> 1.2.11' |
Dependabot Vulnerabilities and Documentation Readme
Resolves Issue: https://at-harvard.atlassian.net/browse/LTSDANDI-276
How should this be tested?
Visual - all vulnerabilities were for the documentation of FITS, not the actual application