jekyll-assets icon indicating copy to clipboard operation
jekyll-assets copied to clipboard

Published 20 hours ago verified publisher icon envygeeks

Jekyll-assets ~> 3.0 does not support Jekyll 4.2.0

Open TerminalAddict opened this issue 4 years ago • 4 comments

Request

Jekyll-assets ~> 3.0 does not support Jekyll 4.2.0

I am trying to resolve a Dependabot "Known high severity security vulnerability detected in rack < 2.1.4 defined in Gemfile.lock"

dependency: rack required by sprockets, sprockets required by jekyll-assets Jekyll-assets requires jekyll <4.0 .. I have 4.2 in my project.

Examples

if I pin jekyll assets in my gemfile:

jekyll-assets (~> 3.0) x86_64-linux was resolved to 3.0.12, which depends on
      jekyll (>= 3.5, < 4.0)

right now I'm stuck on jekyll-assets 1.0.0, hence the dependabot vulnerability

TerminalAddict avatar Dec 23 '20 21:12 TerminalAddict

The latest tag does not support this, but on master the gemspec file does support Jekyll 3 and 4. So this needs to be tagged and of course the maintainers need to be comfortable that this and all other changes since the last tag are ready.

MichaelCurrin avatar Dec 24 '20 06:12 MichaelCurrin

Any chance this will be tagged soon and will be compatible with Jekyll 4 ?

nadundesilva avatar Mar 23 '21 16:03 nadundesilva

Any update to this? Been over a year

itsfaraaz avatar Jul 07 '22 16:07 itsfaraaz