Hello. I set up my Jekyll site on GitHub Pages a few years ago and am now revisiting it so I’m a little rusty on how it all works!
I have a few queries…
Is it OK to create new posts and update layouts directly on the Github website?
I’ve got a Dependabot security vulnerability alert to update to 2.3.0 but “Dependabot cannot create a pull request as one or more other dependencies require a version that is incompatible with this update.”. How do I update to the latest version of Kramdown?
How can I make sure my version of Jekyll is up to date?
Yes you can use GitHub or your IDE or a CMS like Forestry or Netlify to update posts, pages and layouts. There are pros and cons to each. Sometimes if I am confident in the change especially around content rather than code, I’ll make the change directly in GitHub. Also particularly useful if you add an Edit with GitHub page on your site - I find this is useful to jump from GitHub.io site to editing on GitHub. Even if no one else uses the button (they’d have to fork the repo too).
Regarding vulnerabilities, what I have done recently is bumped to the latest Jekyll version on 3.X which also solves the Kramdown issue, without having to lockdown Kramdown in Gemfile or the lockfile.
And to keep up with future updates, I don’t pin at Jekyll 3.9.0 but rather let it float to any 3.X (but < 4.X)
gem 'jekyll', '~> 3'
You could also do this for 3.9 and above, setting a min version. This is more verbose.
Thanks for your replies! Where do I execute either of the above commands? I tried installing the command line tool on my Mac but when I execute any of the commands I just get
ERROR: While executing gem ... (Gem::CommandLineError) Unknown command jekyll,