Gemfile: Bump bootstrap-sass version

osu-cascades / ecotone-web

Monitoring native plants & biodiversity at OSU Cascades.

http://ecotone.osucascades.edu

MIT License

6 stars 9 forks source link

Gemfile: Bump bootstrap-sass version #148

Closed ybakos closed 4 years ago

ybakos commented 4 years ago

https://github.com/osu-cascades/ecotone-web/network/alert/Gemfile.lock/bootstrap-sass/open

FrancescoAiello01 commented 4 years ago

It looks like ruby-sass, a dependency of sass-rails has reached the end of its life and it is recommended to be migrated to sassc-rails:

https://sass-lang.com/ruby-sass

sass-rails version 6.0.0 is a breaking change that moves to sassc-rails (https://github.com/rails/sass-rails/releases).

Do we want to upgrade to sassc-rails in this issue or handle it elsewhere?

ybakos commented 4 years ago

@FrancescoAiello01 True, but we'll need to address that separately, as a complete migration away from bootstrap-sass to the bootstrap gem. The bootstrap-sass gem uses bootstrap 3 CSS selectors, while the bootstrap gem uses bootstrap 4.

To swap those in, we'd likely need to make numerous changes throughout the views and app stylesheet.

For now, just bump the bootstrap-sass version to resolve the security issue.