fix(deps): update dependency bootstrap4 to v5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bootstrap4 (source)	^4.6.0 -> ^5.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-6531

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

---

Release Notes

twbs/bootstrap (bootstrap4)

v5.0.0

Compare Source

Highlights

#​32155: Updated make-col() mixin to generate equal columns when no size is specified
#​32763: Added new color-scheme() mixin
#​33389: Dropdown menus now have option become clickable
#​33453: Added new docs footer
#​33548: Offcanvas header components are now vertically aligned
#​33549: Added offcanvas-top modifier
#​33634: Added support for .dropdown-items wrapped in <li>s
#​33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #​32763: Add color-scheme mixin
• #​33389: Dropdown — Add option to make the dropdown menu clickable
• #​33549: Add offcanvas-top modifier

🎨 CSS

• #​32155: Add equal column mixin
• #​32763: Add color-scheme mixin
• #​33292: Make accordion icon rotation more natural
• #​33411: Fix validation feedback icon in select multiple
• #​33478: Make .nav-link color consistent when using buttons
• #​33482: Dropdown — Apply positioning only when Popper is not used
• #​33548: Vertically align offcanvas header components
• #​33549: Add offcanvas-top modifier
• #​33550: Spinner alignment changes
• #​33598: Hide validation icons from multiple selects
• #​33600: Have $form-check-input-border's default derive from $black
• #​33607: Reduce color-scheme complexity
• #​33642: use :read-only css selector instead [readonly] for consistency
• #​33658: fix: use list-group variable instead of alert
• #​33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #​32439: Decouple BackDrop from modal
• #​33245: Decouple Modal's scrollbar functionality
• #​33249: Simplify Modal Config
• #​33250: Simplify ScrollSpy config
• #​33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #​33389: Dropdown — Add option to make the dropdown menu clickable
• #​33429: Remove element event listeners through base component
• #​33451: Add missing things in hide method of dropdown
• #​33456: Use our isDisabled util on dropdown
• #​33466: Refactor dropdown's hide functionality
• #​33479: Fix dropdown escape propagation
• #​33496: Use cached noop function
• #​33497: Use template literals instead of concatenation
• #​33499: Fix wrong carousel transformation, direction to order
• #​33545: Use the backdrop util in offcanvas, enforcing consistency
• #​33586: Tab.js: Fixes on click handling
• #​33589: refactor: make static selectMenuItem method private
• #​33612: tests: fix random BrowserStack failures in scrollbar
• #​33626: Fix v5 regressions in tab dropdown functionality
• #​33634: Dropdown: support .dropdown-item wrapped in <li> tags
• #​33638: Fix toggle between modals example
• #​33643: fix: clicking an item in navbar dropdown should not collapse the dropdown in firefox
• #​33666: Modal.js: fix test for scrollbar
• #​33677: Offcanvas.js: If scroll is allowed, should allow focus on other elements
• #​33684: Don't change the value for altBoundary option
• #​33706: Scrollbar: respect the initial body overflow value

📖 Docs

• #​33446: Make offcanvas example fully static
• #​33453: Add new docs footer
• #​33521: The spacing margin side identifiers 's' and 'e' may be intuitive for …
• #​33522: Clarify docs accordion example
• #​33543: Update parcel.md
• #​33553: Add example: Panels stay open
• #​33567: Fixed wrong method name _getInstance
• #​33571: footer: fix rel=noopener attribute
• #​33583: docs: update clipboard.js to v2.0.8
• #​33597: Docs: Fix wrong dark attribute in Table - Vertical Alignment
• #​33632: Correct the heading for the States section
• #​33638: Fix toggle between modals example
• #​33664: Docs: fix W3C validation errors in list-group example
• #​33668: Update anchor.js to v4.3.1.
• #​33669: Change from preventOverflow to detectOverflow in boundary option
• #​33675: Fix typo
• #​33676: Fix Grid System docs
• #​33685: docs: fix the default value of Popper's boundary option
• #​33687: Fixes #​33686 typo in RTL docs
• #​33690: Add Bootstrap Icons to alerts docs
• #​33726: Replace modal and scrollspy placeholder content
• #​33733: Tooltip/Popover — Minor doc updates
• #​33735: Clarify boundary option description
• #​33772: Improve overall new examples' accessibility
• #​33782: Add new team members to the Teams page
• #​33786: Docs: adding intro about web accessibility
• #​33797: Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls
• #​33810: Tweak toast docs
• #​33829: Update migration guide for some v5 changes
• #​33832: Fix doc typo and Bootstrap Icons link
• #​33833: refactor(docs): Added form file input variables
• #​33834: Rewrite migration guide

Examples

• #​33097: Update RTL examples
• #​33759: fix: change margin breakpoints for bootstrap logo on double header
• #​33681: Fixes signup form in Heroes example
• #​33569: Improve responsiveness of Features examples

🌎 Accessibility

• #​33772: Improve overall new examples' accessibility
• #​33810: Tweak toast docs

🏭 Tests

• #​33578: Remove unnecessary data-bs-backdrop="static" from modal tests
• #​33612: tests: fix random BrowserStack failures in scrollbar
• #​33666: Modal.js: fix test for scrollbar
• #​33734: Add missing test for clicking select option in a dropdown

🧰 Misc

• #​33720: JS tests: add Node.js 16

📦 Dependencies

• Updated numerous devDependencies https://github.com/twbs/bootstrap/pulls?q=is%3Apr+is%3Aclosed+label%3Adependencies+project%3Atwbs%2Fbootstrap%2F27

v4.6.2

Compare Source

Highlights

• Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
• We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
• Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
• Improved accessibility around our dropdowns, color contrast, and role attributes.
• Fixed some broken links to supporting documentation.
• Updated dependencies across the board.

What's Changed

• Removed blurred background reference from the Toast Docs. by @​pricop in https://github.com/twbs/bootstrap/pull/35190
• Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls, more resources by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/35427
• v4-dev backports and updates by @​XhmikosR in https://github.com/twbs/bootstrap/pull/35482
• Backport #​35556 by @​julien-deramond in https://github.com/twbs/bootstrap/pull/35558
• Tweak toast docs by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/35633
• v4-dev backports and updates by @​XhmikosR in https://github.com/twbs/bootstrap/pull/35642
• Doc: Reorder alphabetically lists of components by @​julien-deramond in https://github.com/twbs/bootstrap/pull/36128
• Updated the small-font-size to use a round value by @​pricop in https://github.com/twbs/bootstrap/pull/36172
• v4 dev backports and updates by @​XhmikosR in https://github.com/twbs/bootstrap/pull/35767
• _custom-forms.scss: fix order of attributes by @​twin-elements in https://github.com/twbs/bootstrap/pull/36231
• Replace the deprecated color-adjust with print-color-adjust by @​AdrianCurtin in https://github.com/twbs/bootstrap/pull/36283
• [v4] Doc: remove role="group" from some split drop* buttons by @​julien-deramond in https://github.com/twbs/bootstrap/pull/36254
• Dynamic tabs: use buttons rather than links (backport to v4) by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/33163
• v4 dev updates by @​XhmikosR in https://github.com/twbs/bootstrap/pull/36430
• Fix closing HTML tag in navs docs by @​julien-deramond in https://github.com/twbs/bootstrap/pull/36466
• v4: Horizontal collapse by @​mdo in https://github.com/twbs/bootstrap/pull/36434
• Fixing tabs' tests v4 by @​louismaximepiton in https://github.com/twbs/bootstrap/pull/36485
• Docs: fix some ARIA Authoring Practices Guides broken links by @​julien-deramond in https://github.com/twbs/bootstrap/pull/36490
• v4 - Remove confusing unnecessary id/aria-labelledby for dropdown menus by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/36491
• v4 Docs: outdated ARIA/PF link, expand contrast explanation in accessibility.md by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/36492
• v4: Improve accessible name of version dropdown in docs navbar by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/36504
• Update devDependencies by @​XhmikosR in https://github.com/twbs/bootstrap/pull/36522
• Docs: update clipboard.js to v2.0.11 by @​julien-deramond in https://github.com/twbs/bootstrap/pull/36631
• Update devDependencies by @​XhmikosR in https://github.com/twbs/bootstrap/pull/36724
• v4: Add Fathom by @​mdo in https://github.com/twbs/bootstrap/pull/36727
• Docs: Capitalize Unicode by @​julien-deramond in https://github.com/twbs/bootstrap/pull/36735
• Release v4.6.2 by @​XhmikosR in https://github.com/twbs/bootstrap/pull/36725

New Contributors

• @​twin-elements made their first contribution in https://github.com/twbs/bootstrap/pull/36231
• @​AdrianCurtin made their first contribution in https://github.com/twbs/bootstrap/pull/36283

Full Changelog: twbs/bootstrap@v4.6.1...v4.6.2

v4.6.1: 4.6.1

Compare Source

What's changed

• Replace Sass division with multiplication and custom divide() function by @​mdo in https://github.com/twbs/bootstrap/pull/34571
• Update RFS to v8.1.0 by @​XhmikosR in https://github.com/twbs/bootstrap/pull/34571
• fix(forms): input-group and validation icons by @​ffoodd in https://github.com/twbs/bootstrap/pull/32968
• Fix minor visual bug in Firefox caused by moz-focusring by @​kremit in https://github.com/twbs/bootstrap/pull/32821
• Adjust SAFE_URL_PATTERN regex for use with test method of regexes by @​nikonthethird in https://github.com/twbs/bootstrap/pull/33153
• Add sms in the SAFE_URL_PATTERN for sanitizer by @​XhmikosR in https://github.com/twbs/bootstrap/pull/35074
• Adjust feedback icon position and padding for select.form-control by @​mdo in https://github.com/twbs/bootstrap/pull/33206
• Carousel: use buttons, not links, for prev/next controls by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/33165
• v4: Sass docs for default variables by @​mdo in https://github.com/twbs/bootstrap/pull/33392
• Handle complex expressions in add() & subtract() by @​ffoodd in https://github.com/twbs/bootstrap/pull/34047
• More concise improvements for add() and subtract() by @​ffoodd in https://github.com/twbs/bootstrap/pull/34432
• Remove aria-haspopup from dropdowns by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/33624
• Dropdown: support .dropdown-item wrapped in <li> tags by @​cpsievert in https://github.com/twbs/bootstrap/pull/33649
• Update Node versions in JS tests (drop Node 10, add Node 16), update docs JS assets and add variables for vertical-align in spinners by @​XhmikosR in https://github.com/twbs/bootstrap/pull/33807
• Replace Freenode with Libera IRC server by @​midzer https://github.com/twbs/bootstrap/pull/34050
• Fix repetition in the Navbar docs description by @​coliff in https://github.com/twbs/bootstrap/pull/34208
• Enable 0.x with negative margins in utilities by @​k-utsumi in https://github.com/twbs/bootstrap/pull/33593
• Remove print thead rule by @​coliff in https://github.com/twbs/bootstrap/pull/34426
• Fix prevented show event disabling modals with fade class from being displayed again by @​alpadev in https://github.com/twbs/bootstrap/pull/34087
• Input group validation with custom-file input by @​ffoodd in https://github.com/twbs/bootstrap/pull/33239
• Add eslint-plugin-qunit and tighten JS tests by @​XhmikosR in https://github.com/twbs/bootstrap/pull/32270
• Update our tests to Node 16 and npm 8 by @​XhmikosR in https://github.com/twbs/bootstrap/pull/35142
• Disabled link cleanup by @​patrickhlauke in https://github.com/twbs/bootstrap/pull/34924
• Updated our devDependencies including terser; also enabled two passes for terser by @​XhmikosR

Full changelog

twbs/bootstrap@v4.6.0...v4.6.1

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.