Still no word on when my aunt’s funeral will be. Practically speaking, it seems like it won’t be until after Thanksgiving. But we did have one year with 2 funerals the week OF Thanksgiving. So, that’s been a thing.
After taking a bit of time off, I decided to tackle the security vulnerability messages I’d been getting from Github for my blog.
Turns out, I had 2 packages that were out of date: the core
jekyll gem itself and
ffi, which I hadn’t heard of. It seems to be something Ruby people use. The instructions for upgrading jekyll worked for
ffi, but I got a message that said
Bundler attempted to update jekyll but its version stayed the same. I’d initially tried
bundle update, which updated
ffi and a bunch of other things. I hadn’t updated anything in awhile, so I figured I may as well get everything. But when I got the
...version stayed the same message, I figured I’d try the more specific
bundle update jekyll command. Still, no dice.
UPDATE: Funeral is Monday. Flight tickets purchased. Next week will be a busy week.
So, I looked at the
Gemfile.lock and wondered if I needed to change one of those. They reminded me of
Pipfile.lock in Python (I still use the former, but am familiar with the later). I don’t ever do anything in Ruby, so I’m not familiar with their infrastructure. Then I found an issue on Github (which I can’t find again) where someone suggested updating the
jekyll line in the
Gemfile, then running
bundle update jekyll. This made sense, as the security warning gave me a message that looked like an updated line IN a
Gemfile. So, I tried THAT, and it worked. Blog infrastructure updated. And I’ve got a little more insight into HOW to keep it updated, as well as some of the motivation (I think) behind Pipenv and what it’s doing. Which is nice.