Github is now telling me I've got security vulnerabilities when I do a "nikola github_deploy".

5 views
Skip to first unread message

T. Kurt Bond

unread,
Jul 23, 2021, 2:43:39 AMJul 23
to nikola-discuss
Github is now telling me I've got security vulnerabilities when I do a "nikola github_deploy".

Here's the message I got:

remote: GitHub found 4 vulnerabilities on tkurtbond/tkurtbond.github.io's default branch (1 high, 3 moderate). To find out more, visit:
remote:      <a url i've omitted>

Anybody have any idea what I should do about this?
--

T. Kurt Bond

unread,
Jul 23, 2021, 2:53:50 AMJul 23
to nikola-discuss
A little more information: I'm using bootblog-jinja, which inherits from bootstrap3-jinja, which is what includes jquery.min.* comes from.

Chris Warrick

unread,
Jul 23, 2021, 6:23:15 PMJul 23
to Nikola—Discuss
Those "vulnerabilities" are caused by jQuery 1.x being used by
bootstrap3-jinja, and jQuery 1.x isn’t supported anymore. I wouldn't
really consider those vulnerabilities important for a typical Nikola
site. You could try to upgrade jQuery for your site, although I think
that jQuery 3 might be too new for some components that bootstrap3
uses. You can also disable the warnings on GitHub.

--
Chris Warrick <https://chriswarrick.com/>
PGP: 5EAAEA16

T. Kurt Bond

unread,
Jul 24, 2021, 4:26:42 PMJul 24
to nikola-discuss
Thanks for the information.

--
You received this message because you are subscribed to the Google Groups "nikola-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nikola-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nikola-discuss/CAMw%2Bj7JYVkvkQaXdzMm5ceZ5DP3WCwcEQnrxOv9BokH%3Df%2B5-sw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages