Skip to content

Update vulnerable Bundler lockfile dependencies#8

Merged
sidjana merged 2 commits into
masterfrom
copilot/resolve-dependabot-security-alerts
Jul 1, 2026
Merged

Update vulnerable Bundler lockfile dependencies#8
sidjana merged 2 commits into
masterfrom
copilot/resolve-dependabot-security-alerts

Conversation

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

This PR clears the open Dependabot alerts in the site’s Ruby bundle by updating the affected transitive gems in Gemfile.lock. The change is scoped to the existing Jekyll setup and avoids altering site content or runtime configuration.

  • Security updates

    • Bumps vulnerable locked gems to patched versions:
      • concurrent-ruby 1.2.21.3.7
      • google-protobuf 3.23.43.25.8
      • webrick 1.8.11.9.2
  • Scope control

    • Keeps the remediation lockfile-only.
    • Avoids unnecessary movement in the Jekyll/theme dependency graph.
  • Resulting lockfile delta

    -    concurrent-ruby (1.2.2)
    -    google-protobuf (3.23.4)
    -    webrick (1.8.1)
    +    concurrent-ruby (1.3.7)
    +    google-protobuf (3.25.8)
    +    webrick (1.9.2)

Copilot AI changed the title [WIP] Resolve Dependabot security alerts in hpcpowerstack.github.io Update vulnerable Bundler lockfile dependencies Jul 1, 2026
Copilot AI requested a review from sidjana July 1, 2026 14:56

@sidjana sidjana left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sidjana sidjana marked this pull request as ready for review July 1, 2026 16:41
@sidjana sidjana merged commit afdeb3b into master Jul 1, 2026
1 check failed
Copilot AI requested a review from sidjana July 1, 2026 16:41
Copilot stopped work on behalf of sidjana due to an error July 1, 2026 16:41
@sidjana sidjana deleted the copilot/resolve-dependabot-security-alerts branch July 2, 2026 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants