Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade bootstrap from 4.3.1 to 5.0.0 #33

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Omrisnyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • src/ProjectTemplates/Web.Spa.ProjectTemplates/content/Angular-CSharp/ClientApp/package.json
  • src/ProjectTemplates/Web.Spa.ProjectTemplates/content/Angular-CSharp/ClientApp/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-7444580
  204  
medium severity Cross-site Scripting
SNYK-JS-BOOTSTRAP-7444617
  204  
Release notes
Package name: bootstrap
  • 5.0.0 - 2021-05-05

    Highlights

    #32155: Updated make-col() mixin to generate equal columns when no size is specified
    #32763: Added new color-scheme() mixin
    #33389: Dropdown menus now have option become clickable
    #33453: Added new docs footer
    #33548: Offcanvas header components are now vertically aligned
    #33549: Added offcanvas-top modifier
    #33634: Added support for .dropdown-items wrapped in <li>s
    #33626: Fix v5 regressions in tab dropdown functionality

    🚀 Features

    • #32763: Add color-scheme mixin
    • #33389: Dropdown — Add option to make the dropdown menu clickable
    • #33549: Add offcanvas-top modifier

    🎨 CSS

    • #32155: Add equal column mixin
    • #32763: Add color-scheme mixin
    • #33292: Make accordion icon rotation more natural
    • #33411: Fix validation feedback icon in select multiple
    • #33478: Make .nav-link color consistent when using buttons
    • #33482: Dropdown — Apply positioning only when Popper is not used
    • #33548: Vertically align offcanvas header components
    • #33549: Add offcanvas-top modifier
    • #33550: Spinner alignment changes
    • #33598: Hide validation icons from multiple selects
    • #33600: Have $form-check-input-border's default derive from $black
    • #33607: Reduce color-scheme complexity
    • #33642: use :read-only css selector instead [readonly] for consistency
    • #33658: fix: use list-group variable instead of alert
    • #33736: accordion: fix border-top on Firefox

    ☕️ JavaScript

    • #32439: Decouple BackDrop from modal
    • #33245: Decouple Modal's scrollbar functionality
    • #33249: Simplify Modal Config
    • #33250: Simplify ScrollSpy config
    • #33310: fix: make EventHandler better handle mouseenter/mouseleave events
    • #33389: Dropdown — Add option to make the dropdown menu clickable
    • #33429: Remove element event listeners through base component
    • #33451: Add missing things in hide method of dropdown
    • #33456: Use our isDisabled util on dropdown
    • #33466: Refactor dropdown's hide functionality
    • #33479: Fix dropdown escape propagation
    • #33496: Use cached noop function
    • #33497: Use template literals instead of concatenation
    • #33499: Fix wrong carousel transformation, direction to order
    • #33545: Use the backdrop util in offcanvas, enforcing consistency
    • #33586: Tab.js: Fixes on click handling
    • #33589: refactor: make static selectMenuItem method private
    • #33612: tests: fix random BrowserStack failures in scrollbar
    • #33626: Fix v5 regressions in tab dropdown functionality
    • #33634: Dropdown: support .dropdown-item wrapped in <li> tags
    • #33638: Fix toggle between modals example
    • #33643: fix: clicking an item in navbar dropdown should not collapse the dropdown in firefox
    • #33666: Modal.js: fix test for scrollbar
    • #33677: Offcanvas.js: If scroll is allowed, should allow focus on other elements
    • #33684: Don't change the value for altBoundary option
    • #33706: Scrollbar: respect the initial body overflow value

    📖 Docs

    • #33446: Make offcanvas example fully static
    • #33453: Add new docs footer
    • #33521: The spacing margin side identifiers 's' and 'e' may be intuitive for …
    • #33522: Clarify docs accordion example
    • #33543: Update parcel.md
    • #33553: Add example: Panels stay open
    • #33567: Fixed wrong method name _getInstance
    • #33571: footer: fix rel=noopener attribute
    • #33583: docs: update clipboard.js to v2.0.8
    • #33597: Docs: Fix wrong dark attribute in Table - Vertical Alignment
    • #33632: Correct the heading for the States section
    • #33638: Fix toggle between modals example
    • #33664: Docs: fix W3C validation errors in list-group example
    • #33668: Update anchor.js to v4.3.1.
    • #33669: Change from preventOverflow to detectOverflow in boundary option
    • #33675: Fix typo
    • #33676: Fix Grid System docs
    • #33685: docs: fix the default value of Popper's boundary option
    • #33687: Fixes #33686 typo in RTL docs
    • #33690: Add Bootstrap Icons to alerts docs
    • #33726: Replace modal and scrollspy placeholder content
    • #33733: Tooltip/Popover — Minor doc updates
    • #33735: Clarify boundary option description
    • #33772: Improve overall new examples' accessibility
    • #33782: Add new team members to the Teams page
    • #33786: Docs: adding intro about web accessibility
    • #33797: Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls
    • #33810: Tweak toast docs
    • #33829: Update migration guide for some v5 changes
    • #33832: Fix doc typo and Bootstrap Icons link
    • #33833: refactor(docs): Added form file input variables
    • #33834: Rewrite migration guide

    Examples

    • #33097: Update RTL examples
    • #33759: fix: change margin breakpoints for bootstrap logo on double header
    • #33681: Fixes signup form in Heroes example
    • #33569: Improve responsiveness of Features examples

    🌎 Accessibility

    • #33772: Improve overall new examples' accessibility
    • #33810: Tweak toast docs

    🏭 Tests

    • #33578: Remove unnecessary data-bs-backdrop="static" from modal tests
    • #33612: tests: fix random BrowserStack failures in scrollbar
    • #33666: Modal.js: fix test for scrollbar
    • #33734: Add missing test for clicking select option in a dropdown

    🧰 Misc

    • #33720: JS tests: add Node.js 16

    📦 Dependencies

  • 5.0.0-beta3 - 2021-03-23

    Highlights

    • Added new offcanvas component for left, right, and bottom-aligned hidden content
    • Added four new snippet-based examples: headers, heroes, features, and sidebars
    • Updated the starter template example and a few other examples
    • Added new Sass docs section to nearly every page to show variables, mixins, loops, and keyframes from our source code
    • Added new .list-group-numbered variation to list groups that uses pseudo-elements for numbering list group items.
    • Removed explicit focus state suppression in Reboot
    • Improved carousel swipe behaviors for RTL
    • Updated accordions to improve transitions and borders when animating
    • Updated Sass customization docs to show how to properly override default variables
    • Fixed tooltips not appearing after rapid focus in and out
    • Fixed dropdown events not bubbling and forms inside dropdowns not propagating
    • Removed flip option from dropdowns
    • Disabled select now render consistently in Chrome
    • Button elements now grow in .nav-fill and .nav-justified
    • JavaScript plugin constructors now accept CSS selectors
    • De-duped the .border-0 utility
    • Fixed event handler removal in dropdown/carousel dispose
    • Added new Parcel guide to the docs
    • Added input focus blur Sass variable
    • Updated .browserslistrc to drop Android and add Safari/iOS 12 as the new minimum version (completing our two latest major releases guideline for supported browsers).

    🚀 Features

    • #29017: Offcanvas as component
    • #32245: Allow constructors to accept a CSS selector
    • #33068: Add ol.list-group with pseudo-element numbers

    🎨 CSS

    • #32747: Add Sass docs (variables, mixins, and loops) to most pages
    • #32925: Clear duplicated class border-0
    • #33029: Remove explicit suppression of focus outline
    • #33031: Add input focus blur variable
    • #33068: Add ol.list-group with pseudo-element numbers
    • #33127: Reset select:disabled opacity for Chrome
    • #33149: Revamp accordion borders to fix pixel jumping
    • #33154: Fix sibling card links in RTL
    • #33210: Properly set .list-group-item color
    • #33211: Validated controls border in input-group
    • #33213: Buttons should grow in nav-fill & nav-justified
    • #33325: Remove duplicate text-decoration style for abbr[title]
    • #33426: Fix flush accordion styles

    ☕️ JavaScript

    • #30621: modal: don't add margin & padding when sticky is not full width
    • #32180: refactor: use a Map instead of an Object in dom/data
    • #32245: Allow constructors to accept a CSS selector
    • #32446: util: change isRTL to a function
    • #32913: Fix carousel RTL and refactor code, fix rtl swipe issues
    • #33000: Fix event handler removal in dropdown/carousel dispose
    • #33056: modal: move common code to a new isAnimated method
    • #33120: Remove the default positioning from .dropup
    • #33136: Adjust SAFE_URL_PATTERN regex for use with test method of regexes.
    • #33198: Dropdown — Drop flip option
    • #33248: Accept data-bs-body option in the configuration object as well
    • #33257: Dynamic tab should not show when triggered on disabled element
    • #33261: Change the name of the Offcanvas constructor
    • #33289: fix tooltips disappearing after trying to interact during their fade out animation
    • #33382: Allow offcanvas to be initialized in open state
    • #33385: Use more safe check for 'isDisabled' helper
    • #33442: Allow data-toggle="dropdown" and form click events to bubble

    📖 Docs

    • #30909: Add Parcel Bundler doc
    • #32747: Add Sass docs (variables, mixins, and loops) to most pages
    • #33006: docs: add bootstrap5 zh-tw in translations
    • #33049: Docs improvements after beta2
    • #33081: Fix typo in nav-tabs docs
    • #33123: Clarify docs around .navbar-brand
    • #33207: Add an example of v4's media component in the flex utils docs
    • #33246: Update the "Nonblocking files" section in the docs
    • #33267: Grammatically update the doc
    • #33300: Update modal's show method to accept relatedTarget as an argument
    • #33301: Add example: toggle modal dialogs
    • #33322: Fix Flex utilities documentation to add vertical space in example
    • #33332: Mention .no-gutters removal in migration guide
    • #33333: Fixes some copy around inline forms
    • #33380: Utilities to Utilities API (Borders doc page)
    • #33386: Update Customize > Sass docs to properly place default variable overrides
    • #33430: Add link to new Parcel guide in starter template
    • #33443: offcanvas-navbar: add missing redirect

    🏭 Tests

    • #32662: Unit tests for Popper V2
    • #33045: Simplify karma.conf.js
    • #33060: Add the missing expectations for to...

…harp/ClientApp/package.json & src/ProjectTemplates/Web.Spa.ProjectTemplates/content/Angular-CSharp/ClientApp/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-7444580
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-7444617
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Typo in RTL docs
2 participants