Address bootstrap-sass security vulnerability. (#1980)

* Address bootstrap-sass security vulnerability. Required upgrading ruby from 2.3.1 to at least 2.3.3, so upgraded to latest 2.3.x (2.3.8). * Change ruby version used by Travis.
duke-libraries · Mar 8, 2019 · 103c876 · 103c876
1 parent ad936f1
commit 103c876
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 8 deletions.
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.3.1
+2.3.8
diff --git a/.travis.yml b/.travis.yml
@@ -5,7 +5,7 @@ before_install:
   - sudo apt-get install -qq libvips-dev
   - gem install bundler
 rvm:
-  - 2.3.1
+  - 2.3.8
 cache: bundler
 script: "bundle exec rake dul_hydra:ci:build"
 # To exclude antivirus tests:

diff --git a/Gemfile b/Gemfile
@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
-ruby '2.3.1'
+ruby '2.3.8'
 
 gem 'rails', '4.2.11'
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -57,7 +57,7 @@ GEM
     addressable (2.5.0)
       public_suffix (~> 2.0, >= 2.0.2)
     arel (6.0.4)
-    autoprefixer-rails (6.7.3)
+    autoprefixer-rails (9.4.10.1)
       execjs
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
@@ -80,9 +80,9 @@ GEM
       rsolr (~> 1.0, >= 1.0.11)
     block_helpers (0.3.3)
       activesupport (>= 2.0)
-    bootstrap-sass (3.3.7)
+    bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
-      sass (>= 3.3.4)
+      sassc (>= 2.0.0)
     builder (3.2.3)
     byebug (9.0.6)
     cancancan (1.16.0)
@@ -448,6 +448,9 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
+    sassc (2.0.1)
+      ffi (~> 1.9)
+      rake
     sinatra (1.4.8)
       rack (~> 1.5)
       rack-protection (~> 1.4)
@@ -561,7 +564,7 @@ DEPENDENCIES
   web-console (~> 2.0)
 
 RUBY VERSION
-   ruby 2.3.1p112
+   ruby 2.3.8p459
 
 BUNDLED WITH
    1.17.1
diff --git a/lib/dul_hydra/version.rb b/lib/dul_hydra/version.rb
@@ -1,3 +1,3 @@
 module DulHydra
-  VERSION = "4.12.4"
+  VERSION = "4.12.5"
 end