Update dependency bootstrap to v4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bootstrap (source)	^3.4.1 -> ^4.0.0

---

Bootstrap Cross-Site Scripting (XSS) vulnerability

CVE-2024-6484 / GHSA-9mvj-f7w8-pvh2

More information

Details

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Severity

• CVSS Score: 6.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-6484
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap-sass/CVE-2024-6484.yml
• https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2024-6484.yml
• https://github.com/twbs/bootstrap
• https://www.herodevs.com/vulnerability-directory/cve-2024-6484

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

twbs/bootstrap (bootstrap)

v4.0.0

Compare Source

Our first stable v4 release! 🎉

Highlights:

• Brand new examples and overhauls for existing ones.
• Additional border utilities have been added and the default border-color for them darkened from $gray-200 to $gray-300.
• Pagination focus styles now match button and input focus state.
• Added responsive .order-0 classes to reset column order.
• Improved examples of form validation documentation by adding tooltip examples and more.
• New documentation added for using our CSS variables to the Theming page.
• Improved consistent across browsers when printing.
• Sass map extends and docs
• New and improved print display utilities

Project board

For more details, visit https://github.com/twbs/bootstrap/issues/25098.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.