[INFRA] bump up mkdocs-materials version #211
Conversation
There was a problem hiding this comment.
This looks reasonable. And I prefer this process to manual patches, as I think it's less likely that we'll end up with an unsatisfiable dependency.
On the other hand, it does introduce the possibility of changes in the output HTML that would be hard to detect without close inspection of each artifact. It would be nice to try to figure out a way to compare before-and-after HTML to target visual inspections, but that does not need to be addressed here.
There was a problem hiding this comment.
This looks good. I'll close my PR. The rendered artifact looked good, not sure what the markers affected (as you pointed out they were deleted from this re-lock). Curiously the hashes generated by pipenv for jinja is the same as the one I found in another repo. Perhaps the hashes are general for that version of the package?
yes, these are the specific hashes, they should be the same everywhere. It's just more error-proof (and also easier once you know how) to update these automatically via |
|
I am merging this now to fix the security alert. |
closes #208
This PR is a 2nd attempt to solve the vulnerability issue arising from Jinja2 versions below 2.10.1. Specifically, I am trying to update the Pipfile.lock through
pipenvinstead of manual edits.This was my workflow:
cd bids-specificationpip install pipenv... can be done in any of your environmentspipenv installto make an environment for our repositorypipenv shellto activate the envpip install -U Jinja2(upgrade Jinja2)pipenv lockto lock the current package versions in thePipfile.lockfilePipfile.lockand pushNote that I also updated our mkdocs-material version and this lead to upgrades in a lot of our packages.
I have no clue, why the "Markers" disappeared from the
Pipfile.lock, but I don't think we need them.See the rendered spec here: https://518-150465237-gh.circle-artifacts.com/0/home/circleci/project/site/01-introduction.html