Removing Gemfile.lock file

The Gemfile.lock file was removed from Moonrise in commit b002d22

This file regularly brings up security vulnerabilities in GitHub, saying that your Moonrise site is vulnerable due to outdated dependencies.

It seems GitHub Pages never uses your Gemfile to build the Moonrise site because they have their own Gemfile with whitelisted Jekyll version and plugins.

The Gemfile.lock security vulnerabilities will only affect those who work on the Moonrise site locally on their PC.

In these cases, the security vulnerabilities apply and you should run bundle update regularly before editing your site to keep your PC safe.
The Moonrise Wiki already recommends running bundle update before bundle exec jekyll serve, which will update your Gemfile.lock and fix vulnerabilities
When you push the code to GitHub, GitHub Pages will build your site using their own Gemfile and Gemfile.lock, which will always be up-to-date.

This will not affect anyone who edits your Moonrise site on GitHub via the "Edit file" feature.

Provide feedback