Skip to content

Comments

chore(deps): update dependency kramdown to v2 [security]#248

Open
renovate-bot wants to merge 1 commit intogoogleapis:mainfrom
renovate-bot:renovate/rubygems-kramdown-vulnerability
Open

chore(deps): update dependency kramdown to v2 [security]#248
renovate-bot wants to merge 1 commit intogoogleapis:mainfrom
renovate-bot:renovate/rubygems-kramdown-vulnerability

Conversation

@renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Mar 3, 2025

This PR contains the following updates:

Package Change Age Confidence
kramdown (source) "~> 1.5""~> 2.3" age confidence

GitHub Vulnerability Alerts

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested a review from a team March 3, 2025 20:16
@trusted-contributions-gcf trusted-contributions-gcf bot added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label Mar 3, 2025
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch from ccedf0c to cd72e80 Compare March 3, 2025 22:46
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 6 times, most recently from dc5c54f to 489a2f2 Compare March 17, 2025 20:26
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from 2e1009d to 2cc6b57 Compare April 1, 2025 17:07
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 4 times, most recently from 5f5991e to 7c9db4e Compare April 30, 2025 22:08
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 4 times, most recently from a451e31 to ce2c720 Compare May 13, 2025 19:10
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 11 times, most recently from 3c164b6 to 954165c Compare June 1, 2025 08:42
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 8 times, most recently from b0d77d4 to 2664be7 Compare October 9, 2025 13:15
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from 0c50a4f to 762afe0 Compare November 11, 2025 03:49
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from ea24d06 to 71db3c6 Compare November 19, 2025 02:15
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from 249567b to 7ed2ea9 Compare December 15, 2025 23:14
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 4 times, most recently from f9b868f to f52b659 Compare December 31, 2025 20:44
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from f1624e9 to d551c74 Compare January 23, 2026 22:50
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from aedd1f1 to c4edb4d Compare February 2, 2026 19:54
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 3 times, most recently from 053008b to f806cfb Compare February 13, 2026 18:53
@renovate-bot renovate-bot requested a review from a team as a code owner February 13, 2026 18:53
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch 2 times, most recently from 0897f3b to baa4307 Compare February 16, 2026 15:02
@renovate-bot renovate-bot force-pushed the renovate/rubygems-kramdown-vulnerability branch from baa4307 to 665a6db Compare February 16, 2026 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kokoro:force-run Add this label to force Kokoro to re-run the tests.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant