Updated documentation.

Author: justinhartman

CHANGELOG.md

@@ -3,6 +3,17 @@
 Below is a detailed change-log, along with specific tasks completed, for each
 version released to date for the Jekyll Heroku Starter Kit.
 
+## Version 1.3.0 (07/07/2020)
+
+- [#bugfix](#bugfix)
+  - Fixed OS Command Injection in Rake [CVE-2020-8130](https://github.com/advisories/GHSA-jppv-gw3r-w3q8).
+  - Fixed Percent-encoded cookies can be used to overwrite existing prefixed cookie names [CVE-2020-8184](https://github.com/advisories/GHSA-j6w9-fv6q-3q52).
+- [#enhancement](#enhancement)
+  - Updated `jekyll` to `3.7.8`.
+  - Updated `bundler` to `1.17.2`.
+  - Updated `ruby` to `2.6.3`.
+  - Updated `README.md` and `index.md`.
+
 ## Version 1.2.0 (27/05/2018)
 
 - [#new](#new)

README.md

@@ -200,107 +200,134 @@ $ git push heroku master
 This will generate a build log that should resemble the below success.
 
 ```console
-Counting objects: 6, done.
-Delta compression using up to 4 threads.
-Compressing objects: 100% (6/6), done.
-Writing objects: 100% (6/6), 5.06 KiB | 647.00 KiB/s, done.
-Total 6 (delta 3), reused 0 (delta 0)
+Enumerating objects: 18, done.
+Counting objects: 100% (18/18), done.
+Delta compression using up to 4 threads
+Compressing objects: 100% (10/10), done.
+Writing objects: 100% (10/10), 153.31 KiB | 10.95 MiB/s, done.
+Total 10 (delta 7), reused 0 (delta 0)
 remote: Compressing source files... done.
 remote: Building source:
 remote:
 remote: -----> Ruby app detected
+remote: -----> Installing bundler 1.17.3
+remote: -----> Removing BUNDLED WITH version in the Gemfile.lock
 remote: -----> Compiling Ruby/Rack
-remote: -----> Using Ruby version: ruby-2.3.3
-remote: -----> Installing dependencies using bundler 1.15.2
+remote: -----> Using Ruby version: ruby-2.6.3
+remote: -----> Installing dependencies using bundler 1.17.3
 remote:        Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
-remote:        Warning: the running version of Bundler (1.15.2) is older than the version that created the lockfile (1.16.1). We suggest you upgrade to the latest version of Bundler by running `gem install bundler`.
-remote:        Fetching gem metadata from https://rubygems.org/..........
-remote:        Fetching version metadata from https://rubygems.org/..
-remote:        Fetching dependency metadata from https://rubygems.org/.
-remote:        Using rake 12.3.1
-remote:        Using public_suffix 3.0.2
-remote:        Using bundler 1.15.2
-remote:        Using colorator 1.1.0
-remote:        Using concurrent-ruby 1.0.5
-remote:        Using eventmachine 1.2.7
-remote:        Using http_parser.rb 0.6.0
-remote:        Using ffi 1.9.23
-remote:        Using forwardable-extended 2.6.0
-remote:        Using rb-fsevent 0.10.3
-remote:        Using ruby_dep 1.5.0
-remote:        Using kramdown 1.16.2
-remote:        Using liquid 4.0.0
-remote:        Using mercenary 0.3.6
-remote:        Using rouge 3.1.1
-remote:        Using safe_yaml 1.0.4
-remote:        Fetching posix-spawn 0.3.13
-remote:        Using rack 1.6.10
-remote:        Using i18n 0.9.5
-remote:        Using addressable 2.5.2
-remote:        Using rb-inotify 0.9.10
-remote:        Using em-websocket 0.5.1
-remote:        Using pathutil 0.16.1
-remote:        Using sass-listen 4.0.0
-remote:        Using listen 3.1.5
-remote:        Using sass 3.5.6
-remote:        Using jekyll-watch 2.0.0
-remote:        Using jekyll-sass-converter 1.5.2
-remote:        Using jekyll 3.8.2
-remote:        Fetching jekyll-feed 0.9.3
-remote:        Fetching jekyll-include-cache 0.1.0
-remote:        Installing posix-spawn 0.3.13 with native extensions
-remote:        Installing jekyll-include-cache 0.1.0
-remote:        Installing jekyll-feed 0.9.3
-remote:        Fetching jekyll-paginate-v2 1.9.4
-remote:        Using jekyll-redirect-from 0.13.0
-remote:        Using jekyll-seo-tag 2.5.0
-remote:        Fetching jekyll-sitemap 1.2.0
-remote:        Installing jekyll-paginate-v2 1.9.4
-remote:        Installing jekyll-sitemap 1.2.0
-remote:        Using rack-jekyll 0.5.0
-remote:        Using jekyll-theme-minimal 0.1.1
-remote:        Fetching jekyll-last-modified-at 1.0.1
-remote:        Installing jekyll-last-modified-at 1.0.1
-remote:        Bundle complete! 12 Gemfile dependencies, 38 gems now installed.
+remote:        Fetching gem metadata from https://rubygems.org/.........
+remote:        Fetching rake 13.0.1
+remote:        Installing rake 13.0.1
+remote:        Fetching public_suffix 4.0.5
+remote:        Using bundler 1.17.3
+remote:        Fetching colorator 1.1.0
+remote:        Fetching concurrent-ruby 1.1.6
+remote:        Installing public_suffix 4.0.5
+remote:        Installing colorator 1.1.0
+remote:        Fetching eventmachine 1.2.7
+remote:        Installing concurrent-ruby 1.1.6
+remote:        Installing eventmachine 1.2.7 with native extensions
+remote:        Fetching http_parser.rb 0.6.0
+remote:        Installing http_parser.rb 0.6.0 with native extensions
+remote:        Fetching ffi 1.13.1
+remote:        Installing ffi 1.13.1 with native extensions
+remote:        Fetching forwardable-extended 2.6.0
+remote:        Installing forwardable-extended 2.6.0
+remote:        Fetching rb-fsevent 0.10.4
+remote:        Installing rb-fsevent 0.10.4
+remote:        Fetching kramdown 1.17.0
+remote:        Installing kramdown 1.17.0
+remote:        Fetching liquid 4.0.3
+remote:        Installing liquid 4.0.3
+remote:        Fetching mercenary 0.3.6
+remote:        Installing mercenary 0.3.6
+remote:        Fetching rouge 3.20.0
+remote:        Installing rouge 3.20.0
+remote:        Fetching safe_yaml 1.0.5
+remote:        Installing safe_yaml 1.0.5
+remote:        Fetching posix-spawn 0.3.14
+remote:        Installing posix-spawn 0.3.14 with native extensions
+remote:        Fetching rack 1.6.13
+remote:        Installing rack 1.6.13
+remote:        Fetching addressable 2.7.0
+remote:        Installing addressable 2.7.0
+remote:        Fetching i18n 0.9.5
+remote:        Installing i18n 0.9.5
+remote:        Fetching pathutil 0.16.2
+remote:        Fetching rb-inotify 0.10.1
+remote:        Installing pathutil 0.16.2
+remote:        Installing rb-inotify 0.10.1
+remote:        Fetching sass-listen 4.0.0
+remote:        Fetching listen 3.2.1
+remote:        Installing listen 3.2.1
+remote:        Installing sass-listen 4.0.0
+remote:        Fetching jekyll-watch 2.2.1
+remote:        Fetching sass 3.7.4
+remote:        Installing jekyll-watch 2.2.1
+remote:        Installing sass 3.7.4
+remote:        Fetching jekyll-sass-converter 1.5.2
+remote:        Installing jekyll-sass-converter 1.5.2
+remote:        Fetching em-websocket 0.5.1
+remote:        Installing em-websocket 0.5.1
+remote:        Fetching jekyll 3.8.7
+remote:        Installing jekyll 3.8.7
+remote:        Fetching jekyll-feed 0.14.0
+remote:        Fetching jekyll-include-cache 0.2.0
+remote:        Fetching jekyll-last-modified-at 1.3.0
+remote:        Installing jekyll-include-cache 0.2.0
+remote:        Installing jekyll-feed 0.14.0
+remote:        Installing jekyll-last-modified-at 1.3.0
+remote:        Fetching jekyll-redirect-from 0.16.0
+remote:        Fetching jekyll-paginate-v2 3.0.0
+remote:        Fetching jekyll-seo-tag 2.6.1
+remote:        Installing jekyll-paginate-v2 3.0.0
+remote:        Installing jekyll-redirect-from 0.16.0
+remote:        Installing jekyll-seo-tag 2.6.1
+remote:        Fetching jekyll-sitemap 1.4.0
+remote:        Fetching rack-jekyll 0.5.0
+remote:        Installing jekyll-sitemap 1.4.0
+remote:        Fetching jekyll-theme-minimal 0.1.1
+remote:        Installing rack-jekyll 0.5.0
+remote:        Installing jekyll-theme-minimal 0.1.1
+remote:        Bundle complete! 12 Gemfile dependencies, 37 gems now installed.
 remote:        Gems in the groups development and test were not installed.
-remote:        Bundled gems are installed into ./vendor/bundle.
-remote:        Bundle completed (4.39s)
+remote:        Bundled gems are installed into `./vendor/bundle`
+remote:        Bundle completed (23.64s)
 remote:        Cleaning up the bundler cache.
-remote:        Warning: the running version of Bundler (1.15.2) is older than the version that created the lockfile (1.16.1). We suggest you upgrade to the latest version of Bundler by running `gem install bundler`.
-remote:        The latest bundler is 1.16.2, but you are currently running 1.15.2.
-remote:        To update, run `gem install bundler`
+remote: -----> Writing config/database.yml to read from DATABASE_URL
 remote: -----> Detecting rake tasks
 remote: -----> Precompiling assets
 remote:        Running: rake assets:precompile
-remote:        Configuration file: /tmp/build_02fecdee16af99fdfb60e024ca330ed4/_config.yml
-remote:        Invalid theme folder: _includes
-remote:                    Source: /tmp/build_02fecdee16af99fdfb60e024ca330ed4
-remote:               Destination: /tmp/build_02fecdee16af99fdfb60e024ca330ed4/_site
+remote:        Configuration file: /tmp/build_7c043d4debd1a9e02e7244a541fc709d/_config.yml
+remote:                    Source: /tmp/build_7c043d4debd1a9e02e7244a541fc709d
+remote:               Destination: /tmp/build_7c043d4debd1a9e02e7244a541fc709d/_site
 remote:         Incremental build: disabled. Enable with --incremental
 remote:              Generating...
+remote:               Jekyll Feed: Generating feed for posts
 remote:                 AutoPages: Disabled/Not configured in site.config.
 remote:                Pagination: Disabled in site.config.
-remote:                            done in 0.556 seconds.
+remote:                            done in 0.483 seconds.
 remote:         Auto-regeneration: disabled. Use --watch to enable.
-remote:        Asset precompilation completed (1.28s)
+remote:        Asset precompilation completed (1.37s)
 remote:
 remote: -----> Static HTML app detected
 remote:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 remote:                                  Dload  Upload   Total   Spent    Left  Speed
-remote: 100  838k  100  838k    0     0  6185k      0 --:--:-- --:--:-- --:--:-- 6212k
+remote: 100  838k  100  838k    0     0  8360k      0 --:--:-- --:--:-- --:--:-- 8386k
 remote: -----> Installed directory to /app/bin
 remote: -----> Discovering process types
-remote:        Procfile declares types -> web
+remote:        Procfile declares types -> LANG, RACK_ENV, addons, console, rake, web
 remote:
 remote: -----> Compressing...
-remote:        Done: 25M
+remote:        Done: 21.2M
 remote: -----> Launching...
-remote:        Released v12
+remote:        Released v29
 remote:        https://jekyll-heroku-starter-kit.herokuapp.com/ deployed to Heroku
 remote:
 remote: Verifying deploy... done.
 To https://git.heroku.com/jekyll-heroku-starter-kit.git
-   4c1eff6..65eeca2  master -> master
+   fa218a6..07b8c9a  master -> master
 ```
 
 Visit your Heroku URL (e.g. [https://jekyll-heroku-starter-kit.herokuapp.com][example])

index.md

@@ -203,107 +203,134 @@ $ git push heroku master
 This will generate a build log that should resemble the below success.
 
 ```console
-Counting objects: 6, done.
-Delta compression using up to 4 threads.
-Compressing objects: 100% (6/6), done.
-Writing objects: 100% (6/6), 5.06 KiB | 647.00 KiB/s, done.
-Total 6 (delta 3), reused 0 (delta 0)
+Enumerating objects: 18, done.
+Counting objects: 100% (18/18), done.
+Delta compression using up to 4 threads
+Compressing objects: 100% (10/10), done.
+Writing objects: 100% (10/10), 153.31 KiB | 10.95 MiB/s, done.
+Total 10 (delta 7), reused 0 (delta 0)
 remote: Compressing source files... done.
 remote: Building source:
 remote:
 remote: -----> Ruby app detected
+remote: -----> Installing bundler 1.17.3
+remote: -----> Removing BUNDLED WITH version in the Gemfile.lock
 remote: -----> Compiling Ruby/Rack
-remote: -----> Using Ruby version: ruby-2.3.3
-remote: -----> Installing dependencies using bundler 1.15.2
+remote: -----> Using Ruby version: ruby-2.6.3
+remote: -----> Installing dependencies using bundler 1.17.3
 remote:        Running: bundle install --without development:test --path vendor/bundle --binstubs vendor/bundle/bin -j4 --deployment
-remote:        Warning: the running version of Bundler (1.15.2) is older than the version that created the lockfile (1.16.1). We suggest you upgrade to the latest version of Bundler by running `gem install bundler`.
-remote:        Fetching gem metadata from https://rubygems.org/..........
-remote:        Fetching version metadata from https://rubygems.org/..
-remote:        Fetching dependency metadata from https://rubygems.org/.
-remote:        Using rake 12.3.1
-remote:        Using public_suffix 3.0.2
-remote:        Using bundler 1.15.2
-remote:        Using colorator 1.1.0
-remote:        Using concurrent-ruby 1.0.5
-remote:        Using eventmachine 1.2.7
-remote:        Using http_parser.rb 0.6.0
-remote:        Using ffi 1.9.23
-remote:        Using forwardable-extended 2.6.0
-remote:        Using rb-fsevent 0.10.3
-remote:        Using ruby_dep 1.5.0
-remote:        Using kramdown 1.16.2
-remote:        Using liquid 4.0.0
-remote:        Using mercenary 0.3.6
-remote:        Using rouge 3.1.1
-remote:        Using safe_yaml 1.0.4
-remote:        Fetching posix-spawn 0.3.13
-remote:        Using rack 1.6.10
-remote:        Using i18n 0.9.5
-remote:        Using addressable 2.5.2
-remote:        Using rb-inotify 0.9.10
-remote:        Using em-websocket 0.5.1
-remote:        Using pathutil 0.16.1
-remote:        Using sass-listen 4.0.0
-remote:        Using listen 3.1.5
-remote:        Using sass 3.5.6
-remote:        Using jekyll-watch 2.0.0
-remote:        Using jekyll-sass-converter 1.5.2
-remote:        Using jekyll 3.8.2
-remote:        Fetching jekyll-feed 0.9.3
-remote:        Fetching jekyll-include-cache 0.1.0
-remote:        Installing posix-spawn 0.3.13 with native extensions
-remote:        Installing jekyll-include-cache 0.1.0
-remote:        Installing jekyll-feed 0.9.3
-remote:        Fetching jekyll-paginate-v2 1.9.4
-remote:        Using jekyll-redirect-from 0.13.0
-remote:        Using jekyll-seo-tag 2.5.0
-remote:        Fetching jekyll-sitemap 1.2.0
-remote:        Installing jekyll-paginate-v2 1.9.4
-remote:        Installing jekyll-sitemap 1.2.0
-remote:        Using rack-jekyll 0.5.0
-remote:        Using jekyll-theme-minimal 0.1.1
-remote:        Fetching jekyll-last-modified-at 1.0.1
-remote:        Installing jekyll-last-modified-at 1.0.1
-remote:        Bundle complete! 12 Gemfile dependencies, 38 gems now installed.
+remote:        Fetching gem metadata from https://rubygems.org/.........
+remote:        Fetching rake 13.0.1
+remote:        Installing rake 13.0.1
+remote:        Fetching public_suffix 4.0.5
+remote:        Using bundler 1.17.3
+remote:        Fetching colorator 1.1.0
+remote:        Fetching concurrent-ruby 1.1.6
+remote:        Installing public_suffix 4.0.5
+remote:        Installing colorator 1.1.0
+remote:        Fetching eventmachine 1.2.7
+remote:        Installing concurrent-ruby 1.1.6
+remote:        Installing eventmachine 1.2.7 with native extensions
+remote:        Fetching http_parser.rb 0.6.0
+remote:        Installing http_parser.rb 0.6.0 with native extensions
+remote:        Fetching ffi 1.13.1
+remote:        Installing ffi 1.13.1 with native extensions
+remote:        Fetching forwardable-extended 2.6.0
+remote:        Installing forwardable-extended 2.6.0
+remote:        Fetching rb-fsevent 0.10.4
+remote:        Installing rb-fsevent 0.10.4
+remote:        Fetching kramdown 1.17.0
+remote:        Installing kramdown 1.17.0
+remote:        Fetching liquid 4.0.3
+remote:        Installing liquid 4.0.3
+remote:        Fetching mercenary 0.3.6
+remote:        Installing mercenary 0.3.6
+remote:        Fetching rouge 3.20.0
+remote:        Installing rouge 3.20.0
+remote:        Fetching safe_yaml 1.0.5
+remote:        Installing safe_yaml 1.0.5
+remote:        Fetching posix-spawn 0.3.14
+remote:        Installing posix-spawn 0.3.14 with native extensions
+remote:        Fetching rack 1.6.13
+remote:        Installing rack 1.6.13
+remote:        Fetching addressable 2.7.0
+remote:        Installing addressable 2.7.0
+remote:        Fetching i18n 0.9.5
+remote:        Installing i18n 0.9.5
+remote:        Fetching pathutil 0.16.2
+remote:        Fetching rb-inotify 0.10.1
+remote:        Installing pathutil 0.16.2
+remote:        Installing rb-inotify 0.10.1
+remote:        Fetching sass-listen 4.0.0
+remote:        Fetching listen 3.2.1
+remote:        Installing listen 3.2.1
+remote:        Installing sass-listen 4.0.0
+remote:        Fetching jekyll-watch 2.2.1
+remote:        Fetching sass 3.7.4
+remote:        Installing jekyll-watch 2.2.1
+remote:        Installing sass 3.7.4
+remote:        Fetching jekyll-sass-converter 1.5.2
+remote:        Installing jekyll-sass-converter 1.5.2
+remote:        Fetching em-websocket 0.5.1
+remote:        Installing em-websocket 0.5.1
+remote:        Fetching jekyll 3.8.7
+remote:        Installing jekyll 3.8.7
+remote:        Fetching jekyll-feed 0.14.0
+remote:        Fetching jekyll-include-cache 0.2.0
+remote:        Fetching jekyll-last-modified-at 1.3.0
+remote:        Installing jekyll-include-cache 0.2.0
+remote:        Installing jekyll-feed 0.14.0
+remote:        Installing jekyll-last-modified-at 1.3.0
+remote:        Fetching jekyll-redirect-from 0.16.0
+remote:        Fetching jekyll-paginate-v2 3.0.0
+remote:        Fetching jekyll-seo-tag 2.6.1
+remote:        Installing jekyll-paginate-v2 3.0.0
+remote:        Installing jekyll-redirect-from 0.16.0
+remote:        Installing jekyll-seo-tag 2.6.1
+remote:        Fetching jekyll-sitemap 1.4.0
+remote:        Fetching rack-jekyll 0.5.0
+remote:        Installing jekyll-sitemap 1.4.0
+remote:        Fetching jekyll-theme-minimal 0.1.1
+remote:        Installing rack-jekyll 0.5.0
+remote:        Installing jekyll-theme-minimal 0.1.1
+remote:        Bundle complete! 12 Gemfile dependencies, 37 gems now installed.
 remote:        Gems in the groups development and test were not installed.
-remote:        Bundled gems are installed into ./vendor/bundle.
-remote:        Bundle completed (4.39s)
+remote:        Bundled gems are installed into `./vendor/bundle`
+remote:        Bundle completed (23.64s)
 remote:        Cleaning up the bundler cache.
-remote:        Warning: the running version of Bundler (1.15.2) is older than the version that created the lockfile (1.16.1). We suggest you upgrade to the latest version of Bundler by running `gem install bundler`.
-remote:        The latest bundler is 1.16.2, but you are currently running 1.15.2.
-remote:        To update, run `gem install bundler`
+remote: -----> Writing config/database.yml to read from DATABASE_URL
 remote: -----> Detecting rake tasks
 remote: -----> Precompiling assets
 remote:        Running: rake assets:precompile
-remote:        Configuration file: /tmp/build_02fecdee16af99fdfb60e024ca330ed4/_config.yml
-remote:        Invalid theme folder: _includes
-remote:                    Source: /tmp/build_02fecdee16af99fdfb60e024ca330ed4
-remote:               Destination: /tmp/build_02fecdee16af99fdfb60e024ca330ed4/_site
+remote:        Configuration file: /tmp/build_7c043d4debd1a9e02e7244a541fc709d/_config.yml
+remote:                    Source: /tmp/build_7c043d4debd1a9e02e7244a541fc709d
+remote:               Destination: /tmp/build_7c043d4debd1a9e02e7244a541fc709d/_site
 remote:         Incremental build: disabled. Enable with --incremental
 remote:              Generating...
+remote:               Jekyll Feed: Generating feed for posts
 remote:                 AutoPages: Disabled/Not configured in site.config.
 remote:                Pagination: Disabled in site.config.
-remote:                            done in 0.556 seconds.
+remote:                            done in 0.483 seconds.
 remote:         Auto-regeneration: disabled. Use --watch to enable.
-remote:        Asset precompilation completed (1.28s)
+remote:        Asset precompilation completed (1.37s)
 remote:
 remote: -----> Static HTML app detected
 remote:   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
 remote:                                  Dload  Upload   Total   Spent    Left  Speed
-remote: 100  838k  100  838k    0     0  6185k      0 --:--:-- --:--:-- --:--:-- 6212k
+remote: 100  838k  100  838k    0     0  8360k      0 --:--:-- --:--:-- --:--:-- 8386k
 remote: -----> Installed directory to /app/bin
 remote: -----> Discovering process types
-remote:        Procfile declares types -> web
+remote:        Procfile declares types -> LANG, RACK_ENV, addons, console, rake, web
 remote:
 remote: -----> Compressing...
-remote:        Done: 25M
+remote:        Done: 21.2M
 remote: -----> Launching...
-remote:        Released v12
+remote:        Released v29
 remote:        https://jekyll-heroku-starter-kit.herokuapp.com/ deployed to Heroku
 remote:
 remote: Verifying deploy... done.
 To https://git.heroku.com/jekyll-heroku-starter-kit.git
-   4c1eff6..65eeca2  master -> master
+   fa218a6..07b8c9a  master -> master
 ```
 
 Visit your Heroku URL (e.g. [https://jekyll-heroku-starter-kit.herokuapp.com][example])