From 103c8762088a137e1a32d51b44bf2436c83a4297 Mon Sep 17 00:00:00 2001
From: Jim Coble <jim.coble@duke.edu>
Date: Fri, 8 Mar 2019 13:10:39 -0500
Subject: [PATCH] Address bootstrap-sass security vulnerability. (#1980)

* Address bootstrap-sass security vulnerability.

Required upgrading ruby from 2.3.1 to at least 2.3.3, so upgraded to latest 2.3.x (2.3.8).

* Change ruby version used by Travis.
---
 .ruby-version            |  2 +-
 .travis.yml              |  2 +-
 Gemfile                  |  2 +-
 Gemfile.lock             | 11 +++++++----
 lib/dul_hydra/version.rb |  2 +-
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/.ruby-version b/.ruby-version
index 2bf1c1cc..bc4abe86 100644
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.1
+2.3.8
diff --git a/.travis.yml b/.travis.yml
index f4eb5eff..8acd2bd7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -5,7 +5,7 @@ before_install:
   - sudo apt-get install -qq libvips-dev
   - gem install bundler
 rvm:
-  - 2.3.1
+  - 2.3.8
 cache: bundler
 script: "bundle exec rake dul_hydra:ci:build"
 # To exclude antivirus tests:
diff --git a/Gemfile b/Gemfile
index a41ef665..31228ee9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
-ruby '2.3.1'
+ruby '2.3.8'
 
 gem 'rails', '4.2.11'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 682728d7..c286267d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -57,7 +57,7 @@ GEM
     addressable (2.5.0)
       public_suffix (~> 2.0, >= 2.0.2)
     arel (6.0.4)
-    autoprefixer-rails (6.7.3)
+    autoprefixer-rails (9.4.10.1)
       execjs
     axiom-types (0.1.1)
       descendants_tracker (~> 0.0.4)
@@ -80,9 +80,9 @@ GEM
       rsolr (~> 1.0, >= 1.0.11)
     block_helpers (0.3.3)
       activesupport (>= 2.0)
-    bootstrap-sass (3.3.7)
+    bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
-      sass (>= 3.3.4)
+      sassc (>= 2.0.0)
     builder (3.2.3)
     byebug (9.0.6)
     cancancan (1.16.0)
@@ -448,6 +448,9 @@ GEM
       sprockets (>= 2.8, < 4.0)
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
+    sassc (2.0.1)
+      ffi (~> 1.9)
+      rake
     sinatra (1.4.8)
       rack (~> 1.5)
       rack-protection (~> 1.4)
@@ -561,7 +564,7 @@ DEPENDENCIES
   web-console (~> 2.0)
 
 RUBY VERSION
-   ruby 2.3.1p112
+   ruby 2.3.8p459
 
 BUNDLED WITH
    1.17.1
diff --git a/lib/dul_hydra/version.rb b/lib/dul_hydra/version.rb
index 2f5d9301..a5a05fff 100644
--- a/lib/dul_hydra/version.rb
+++ b/lib/dul_hydra/version.rb
@@ -1,3 +1,3 @@
 module DulHydra
-  VERSION = "4.12.4"
+  VERSION = "4.12.5"
 end