chore(deps): update dependency bootstrap to v5 [security] #321
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.6.1
->^5.0.0
GitHub Vulnerability Alerts
CVE-2024-6531
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Release Notes
twbs/bootstrap (bootstrap)
v5.0.0
Compare Source
Highlights
#32155: Updated
make-col()
mixin to generate equal columns when no size is specified#32763: Added new
color-scheme()
mixin#33389: Dropdown menus now have option become clickable
#33453: Added new docs footer
#33548: Offcanvas header components are now vertically aligned
#33549: Added offcanvas-top modifier
#33634: Added support for
.dropdown-item
s wrapped in<li>
s#33626: Fix v5 regressions in tab dropdown functionality
🚀 Features
color-scheme
mixin🎨 CSS
color-scheme
mixin.nav-link
color consistent when using buttons:read-only
css selector instead[readonly]
for consistencyborder-top
on Firefox☕️ JavaScript
hide
method of dropdownisDisabled
util on dropdownnoop
functionselectMenuItem
method private.dropdown-item
wrapped in<li>
tagsaltBoundary
option📖 Docs
rel=noopener
attributeboundary
optionboundary
optionboundary
option descriptionExamples
🌎 Accessibility
🏭 Tests
data-bs-backdrop="static"
from modal tests🧰 Misc
📦 Dependencies
v4.6.2
Compare Source
Highlights
color-adjust
withprint-color-adjust
in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, likebootstrap.min.css
, you may still see the warning.small
and.small
to compute to a whole pixel value (was12.8px
and now is14px
).role
attributes.What's Changed
color-adjust
withprint-color-adjust
by @AdrianCurtin in https://github.com/twbs/bootstrap/pull/36283role="group"
from some split drop* buttons by @julien-deramond in https://github.com/twbs/bootstrap/pull/36254accessibility.md
by @patrickhlauke in https://github.com/twbs/bootstrap/pull/36492New Contributors
Full Changelog: twbs/bootstrap@v4.6.1...v4.6.2
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.