Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade bootstrap from 3.4.1 to 5.3.3 #3

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

nerdy-tech-com-gitub
Copy link
Owner

Snyk has created this PR to upgrade bootstrap from 3.4.1 to 5.3.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 50 versions ahead of your current version.
  • The recommended version was released 8 months ago, on 2024-02-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Denial of Service (DoS)
SNYK-JS-HTTPPROXYMIDDLEWARE-8229906
614/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 8.7
Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-7444593
614/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 8.7
Proof of Concept
Cross-site Scripting
SNYK-JS-BOOTSTRAP-7444617
614/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 8.7
Proof of Concept
Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060
614/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 8.7
No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
614/1000
Why? Proof of Concept exploit, Recently disclosed, CVSS 8.7
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: bootstrap
  • 5.3.3 - 2024-02-20

    Highlights

    • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
    • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

    Color modes

    • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
    • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
    • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

    Miscellaneous

    • Allowed <dl>, <dt> and <dd> in the sanitizer.
    • Dropped evenly items distribution for modal and offcanvas headers.
    • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
    • Fixed the focus box-shadow for the validation stated form controls.
    • Fixed the focus ring on focused checked buttons.
    • Fixed the product example mobile navbar toggler.
    • Changed the RTL processing of carousel control icons.

    🎨 CSS

    • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
    • #38719: Fix focus box-shadow for validation stated form-controls
    • #38884: fix border-radius on radio-switch
    • #39294: Tests: update navbar in visual modal test
    • #39373: refactor css: modal and offcanvas header spacing
    • #39380: Fix Sass compilation breaking change in v5.3
    • #39387: docs: fix typo
    • #39411: Optimize the accordion icon
    • #39497: Fix a typo
    • #39536: Changed RTL processing of carousel control icons
    • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
    • #39595: CSS: Fix the focus ring on focused checked buttons

    ☕️ JavaScript

    • #39201: Selector Engine: fix multiple IDs
    • #39224: Fix edge case in color-mode.js
    • #39376: Allow dl, dt and dd in sanitizer

    📖 Docs

    • #39200: Typo Fix
    • #39214: Doc: use .text-bg-{color} for all badges
    • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
    • #39249: Doc: consistent rendering of 'Heads up!' callouts
    • #39281: Fix getOrCreateInstance() doc example
    • #39293: Update background.md
    • #39304: Doc: add expanded accordion explanation
    • #39320: Drop .table-light from table foot example
    • #39340: Doc: add dispose() to Offcanvas methods
    • #39378: Docs: fix sentence in modal
    • #39417: Fix color schemes description in Sass customization documentation
    • #39418: Docs: change vite config path import in vite guide
    • #39435: Docs: add shift-color() usage example in sass customization page
    • #39458: Docs: enhance .card-img-* description
    • #39503: Minor image compression improvements
    • #39519: Docs: use consistent HTML elements in Utilities -> Background page
    • #39520: Docs: drop unused .theme-icon class
    • #39528: docs: clean up example.html
    • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
    • #39539: Update links on get-started page
    • #39592: Update vite.md
    • #39604: Fix typo in 'media-breakpoint-between' in migration docs
    • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
    • #39663: updated table to be responsive

    🛠 Examples

    • #39657: Fix product example mobile navbar toggler
    • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

    🏭 Tests

    • #39294: Tests: update navbar in visual modal test

    🧰 Misc

    • #39096: CI: stop running coveralls in forks
    • #39501: CI: switch to Node.js 20

    📦 Dependencies

  • 5.3.2 - 2023-09-14
    Read more
  • 5.3.1 - 2023-07-26
    Read more
  • 5.3.0 - 2023-05-30

    Release v5.3.0 (#38657)

    * Bump version to 5.3.0

    * Dist

  • 5.3.0-alpha3 - 2023-04-03
    • Fixed wrong interpolated variables with node-sass/Hugo.
    • Added a check for interpolated variables to catch compilation errors with Node Sass when using Sass variables in calc() functions.
    • Started using --bs-border-radius variables across more components.
    • Added .d-inline-grid utility class.
    • Fixed .tooltip-inner placement when using variations in fallbackPlacements.
    • Fix selectors for dark mode carousel overrides when compiling with $color-mode-type: media-query.
    • Updated the styling of floating labels when "floated" to include a background-color to help with multiple lines of text in textareas. This also fixes the colors when form elements are disabled in floating forms.
    • Updated RFS to v10.0.0.

    Full Changelog: v5.3.0-alpha2...v5.3.0-alpha3

  • 5.3.0-alpha2 - 2023-03-24
    Read more
  • 5.3.0-alpha1 - 2022-12-24
    Read more
  • 5.2.3 - 2022-11-22

    Fixes

    🎨 CSS

    • #37377: Import root in bootstrap-utilities
    • #37425: Fix deprecation warning with sass 1.56.0
    • #37266: Carousel: Fix RTL translate() direction

    ☕️ JavaScript

    • #37235: fix tooltip/popper disposal inconsistencies
  • 5.2.2 - 2022-10-03
    Read more
  • 5.2.1 - 2022-09-07
    Read more
  • 5.2.0 - 2022-07-19
  • 5.2.0-beta1 - 2022-05-13
  • 5.1.3 - 2021-10-09
  • 5.1.2 - 2021-10-05
  • 5.1.1 - 2021-09-07
  • 5.1.0 - 2021-08-04
  • 5.0.2 - 2021-06-22
  • 5.0.1 - 2021-05-13
  • 5.0.0 - 2021-05-05
  • 5.0.0-beta3 - 2021-03-23
  • 5.0.0-beta2 - 2021-02-10
  • 5.0.0-beta1 - 2020-12-07
  • 5.0.0-alpha3 - 2020-11-11
  • 5.0.0-alpha2 - 2020-09-29
  • 5.0.0-alpha1 - 2020-06-16
  • 4.6.2 - 2022-07-19
  • 4.6.1 - 2021-10-28
  • 4.6.0 - 2021-01-19
  • 4.5.3 - 2020-10-13
  • 4.5.2 - 2020-08-06
  • 4.5.1 - 2020-08-04
  • 4.5.0 - 2020-05-12
  • 4.4.1 - 2019-11-28
  • 4.4.0 - 2019-11-26
  • 4.3.1 - 2019-02-13
  • 4.3.0 - 2019-02-11
  • 4.2.1 - 2018-12-21
  • 4.1.3 - 2018-07-24
  • 4.1.2 - 2018-07-12
  • 4.1.1 - 2018-04-30
  • 4.1.0 - 2018-04-09
  • 4.0.0 - 2018-01-18
  • 4.0.0-beta.3 - 2017-12-28
  • 4.0.0-beta.2 - 2017-10-19
  • 4.0.0-beta - 2017-08-11
  • 4.0.0-alpha.6 - 2017-01-06
  • 4.0.0-alpha.5 - 2016-10-19
  • 4.0.0-alpha.4 - 2016-09-05
  • 4.0.0-alpha.3 - 2016-07-27
  • 4.0.0-alpha.2 - 2015-12-09
  • 3.4.1 - 2019-02-13
from bootstrap GitHub release notes
Commit messages
Package name: bootstrap
  • 6e1f75f Release v5.3.3 (#39524)
  • 3caef2b Build(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)
  • 4abac9b Build(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)
  • c396a2a Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)
  • c9a8a40 Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)
  • 6aecb37 Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)
  • 4081168 Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)
  • 4605d71 Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)
  • 08eeee3 Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)
  • f92d635 Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)
  • 6ed1cdd Selector Engine: fix multiple IDs (#39201)
  • 1bc85bf Fix product example mobile navbar toggler (#39657)
  • cb7467b Docs: fix typos in Vite, Parcel and Webpack guides (#39592)
  • d30385b Docs: update colors table to be responsive in Customize > Color page (#39663)
  • 4e35f64 Drop `--bs-accordion-btn-focus-border-color` and deprecate `$accordion-button-focus-border-color` (#39560)
  • 409fd23 Changed RTL processing of carousel control icons (#39536)
  • 5010e8d Fix the focus ring on focused checked buttons (#39595)
  • d85a84b Update jasmine and regenerate package-lock.json (#39654)
  • e4d8f14 Build(deps): Bump release-drafter/release-drafter from 5 to 6 (#39653)
  • 40c6d8a Build(deps-dev): Bump eslint-config-xo from 0.43.1 to 0.44.0 (#39651)
  • 4e94fb5 Build(deps-dev): Bump eslint-plugin-unicorn from 50.0.1 to 51.0.0 (#39650)
  • 4a7f538 Build(deps-dev): Bump postcss from 8.4.33 to 8.4.34 (#39652)
  • aaa8e6c Build(deps-dev): Bump stylelint-config-twbs-bootstrap (#39649)
  • 52cc934 Bump copyright year to 2024

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants