[
https://issues.apache.org/jira/browse/FLINK-8308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16348859#comment-16348859
]
ASF GitHub Bot commented on FLINK-8308:
---------------------------------------
Github user alpinegizmo commented on the issue:
https://github.com/apache/flink/pull/5395
These lines need to be restored to the Gemfile. The hawkins plugin is
needed for the incremental build and live reload feature
group :jekyll_plugins do
gem 'hawkins'
end
The bundled version of jekyll (3.7.2) requires ruby >= 2.1, but our build
machines use ruby 2.0. If we can't get the apache INFRA team to upgrade ruby,
we'll have to rework this.
The Gemfile.lock doesn't work with ruby 2.1 -- I get this error
ruby_dep-1.5.0 requires ruby version >= 2.2.5, which is incompatible
with the current version, ruby 2.1.10p492
but re-bundling fixes this. I think we should commit a Gemfile.lock file
that is compatible back to Ruby 2.1, if we determine we can get ruby 2.1 --
otherwise we'll have to roll back jekyll and then re-bundle with ruby 2.0.
This PR works fine on ruby 2.3 and 2.4. The latest stable release of rvm
doesn't yet support ruby 2.5, so I didn't test it.
> Update yajl-ruby dependency to 1.3.1 or higher
> ----------------------------------------------
>
> Key: FLINK-8308
> URL: https://issues.apache.org/jira/browse/FLINK-8308
> Project: Flink
> Issue Type: Task
> Components: Project Website
> Reporter: Fabian Hueske
> Assignee: Steven Langbroek
> Priority: Critical
> Fix For: 1.5.0, 1.4.1
>
>
> We got notified that yajl-ruby < 1.3.1, a dependency which is used to build
> the Flink website, has a security vulnerability of high severity.
> We should update yajl-ruby to 1.3.1 or higher.
> Since the website is built offline and served as static HTML, I don't think
> this is a super critical issue (please correct me if I'm wrong), but we
> should resolve this soon.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
