Still no word on when my aunt’s funeral will be. Practically speaking, it seems like it won’t be until after Thanksgiving. But we did have one year with 2 funerals the week OF Thanksgiving. So, that’s been a thing.

After taking a bit of time off, I decided to tackle the security vulnerability messages I’d been getting from Github for my blog.

Turns out, I had 2 packages that were out of date: the core jekyll gem itself and ffi, which I hadn’t heard of. It seems to be something Ruby people use. The instructions for upgrading jekyll worked for ffi, but I got a message that said Bundler attempted to update jekyll but its version stayed the same. I’d initially tried bundle update, which updated ffi and a bunch of other things. I hadn’t updated anything in awhile, so I figured I may as well get everything. But when I got the ...version stayed the same message, I figured I’d try the more specific bundle update jekyll command. Still, no dice.

UPDATE: Funeral is Monday. Flight tickets purchased. Next week will be a busy week.

So, I looked at the Gemfile and Gemfile.lock and wondered if I needed to change one of those. They reminded me of requirements.txt and Pipfile.lock in Python (I still use the former, but am familiar with the later). I don’t ever do anything in Ruby, so I’m not familiar with their infrastructure. Then I found an issue on Github (which I can’t find again) where someone suggested updating the jekyll line in the Gemfile, then running bundle update jekyll. This made sense, as the security warning gave me a message that looked like an updated line IN a Gemfile. So, I tried THAT, and it worked. Blog infrastructure updated. And I’ve got a little more insight into HOW to keep it updated, as well as some of the motivation (I think) behind Pipenv and what it’s doing. Which is nice.

Later peeps!