Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency bootstrap4 to v5 [security] - autoclosed #28149

Closed
wants to merge 1 commit into from
Closed

fix(deps): update dependency bootstrap4 to v5 [security] - autoclosed #28149

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 7, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
bootstrap4 (source) ^4.6.0 -> ^5.0.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-6531

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Release Notes

twbs/bootstrap (bootstrap4)

v5.0.0

Compare Source

Highlights

#​32155: Updated make-col() mixin to generate equal columns when no size is specified
#​32763: Added new color-scheme() mixin
#​33389: Dropdown menus now have option become clickable
#​33453: Added new docs footer
#​33548: Offcanvas header components are now vertically aligned
#​33549: Added offcanvas-top modifier
#​33634: Added support for .dropdown-items wrapped in <li>s
#​33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

  • #​32763: Add color-scheme mixin
  • #​33389: Dropdown — Add option to make the dropdown menu clickable
  • #​33549: Add offcanvas-top modifier

🎨 CSS

  • #​32155: Add equal column mixin
  • #​32763: Add color-scheme mixin
  • #​33292: Make accordion icon rotation more natural
  • #​33411: Fix validation feedback icon in select multiple
  • #​33478: Make .nav-link color consistent when using buttons
  • #​33482: Dropdown — Apply positioning only when Popper is not used
  • #​33548: Vertically align offcanvas header components
  • #​33549: Add offcanvas-top modifier
  • #​33550: Spinner alignment changes
  • #​33598: Hide validation icons from multiple selects
  • #​33600: Have $form-check-input-border's default derive from $black
  • #​33607: Reduce color-scheme complexity
  • #​33642: use :read-only css selector instead [readonly] for consistency
  • #​33658: fix: use list-group variable instead of alert
  • #​33736: accordion: fix border-top on Firefox

☕️ JavaScript

  • #​32439: Decouple BackDrop from modal
  • #​33245: Decouple Modal's scrollbar functionality
  • #​33249: Simplify Modal Config
  • #​33250: Simplify ScrollSpy config
  • #​33310: fix: make EventHandler better handle mouseenter/mouseleave events
  • #​33389: Dropdown — Add option to make the dropdown menu clickable
  • #​33429: Remove element event listeners through base component
  • #​33451: Add missing things in hide method of dropdown
  • #​33456: Use our isDisabled util on dropdown
  • #​33466: Refactor dropdown's hide functionality
  • #​33479: Fix dropdown escape propagation
  • #​33496: Use cached noop function
  • #​33497: Use template literals instead of concatenation
  • #​33499: Fix wrong carousel transformation, direction to order
  • #​33545: Use the backdrop util in offcanvas, enforcing consistency
  • #​33586: Tab.js: Fixes on click handling
  • #​33589: refactor: make static selectMenuItem method private
  • #​33612: tests: fix random BrowserStack failures in scrollbar
  • #​33626: Fix v5 regressions in tab dropdown functionality
  • #​33634: Dropdown: support .dropdown-item wrapped in <li> tags
  • #​33638: Fix toggle between modals example
  • #​33643: fix: clicking an item in navbar dropdown should not collapse the dropdown in firefox
  • #​33666: Modal.js: fix test for scrollbar
  • #​33677: Offcanvas.js: If scroll is allowed, should allow focus on other elements
  • #​33684: Don't change the value for altBoundary option
  • #​33706: Scrollbar: respect the initial body overflow value

📖 Docs

  • #​33446: Make offcanvas example fully static
  • #​33453: Add new docs footer
  • #​33521: The spacing margin side identifiers 's' and 'e' may be intuitive for …
  • #​33522: Clarify docs accordion example
  • #​33543: Update parcel.md
  • #​33553: Add example: Panels stay open
  • #​33567: Fixed wrong method name _getInstance
  • #​33571: footer: fix rel=noopener attribute
  • #​33583: docs: update clipboard.js to v2.0.8
  • #​33597: Docs: Fix wrong dark attribute in Table - Vertical Alignment
  • #​33632: Correct the heading for the States section
  • #​33638: Fix toggle between modals example
  • #​33664: Docs: fix W3C validation errors in list-group example
  • #​33668: Update anchor.js to v4.3.1.
  • #​33669: Change from preventOverflow to detectOverflow in boundary option
  • #​33675: Fix typo
  • #​33676: Fix Grid System docs
  • #​33685: docs: fix the default value of Popper's boundary option
  • #​33687: Fixes #​33686 typo in RTL docs
  • #​33690: Add Bootstrap Icons to alerts docs
  • #​33726: Replace modal and scrollspy placeholder content
  • #​33733: Tooltip/Popover — Minor doc updates
  • #​33735: Clarify boundary option description
  • #​33772: Improve overall new examples' accessibility
  • #​33782: Add new team members to the Teams page
  • #​33786: Docs: adding intro about web accessibility
  • #​33797: Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls
  • #​33810: Tweak toast docs
  • #​33829: Update migration guide for some v5 changes
  • #​33832: Fix doc typo and Bootstrap Icons link
  • #​33833: refactor(docs): Added form file input variables
  • #​33834: Rewrite migration guide

Examples

  • #​33097: Update RTL examples
  • #​33759: fix: change margin breakpoints for bootstrap logo on double header
  • #​33681: Fixes signup form in Heroes example
  • #​33569: Improve responsiveness of Features examples

🌎 Accessibility

🏭 Tests

  • #​33578: Remove unnecessary data-bs-backdrop="static" from modal tests
  • #​33612: tests: fix random BrowserStack failures in scrollbar
  • #​33666: Modal.js: fix test for scrollbar
  • #​33734: Add missing test for clicking select option in a dropdown

🧰 Misc

📦 Dependencies

v4.6.2

Compare Source

Highlights

  • Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
  • We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
  • Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
  • Improved accessibility around our dropdowns, color contrast, and role attributes.
  • Fixed some broken links to supporting documentation.
  • Updated dependencies across the board.

What's Changed

New Contributors

Full Changelog: twbs/bootstrap@v4.6.1...v4.6.2

v4.6.1: 4.6.1

Compare Source

What's changed
Full changelog

twbs/bootstrap@v4.6.0...v4.6.1

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Oct 7, 2024
github-actions[bot]
github-actions bot previously approved these changes Oct 7, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch 2 times, most recently from fa45784 to 749ba2a Compare October 7, 2024 16:16
@pomahtri pomahtri assigned pomahtri and unassigned pomahtri Oct 8, 2024
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 749ba2a to 3eadafa Compare October 8, 2024 12:30
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 3eadafa to 055aef1 Compare October 8, 2024 13:55
github-actions[bot]
github-actions bot previously approved these changes Oct 8, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 055aef1 to a919971 Compare October 9, 2024 10:29
github-actions[bot]
github-actions bot previously approved these changes Oct 9, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from a919971 to 253d598 Compare October 10, 2024 07:07
github-actions[bot]
github-actions bot previously approved these changes Oct 10, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 253d598 to f6f22df Compare October 10, 2024 09:39
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from f6f22df to 7fb53d6 Compare October 10, 2024 13:19
github-actions[bot]
github-actions bot previously approved these changes Oct 10, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 7fb53d6 to 10fbabd Compare October 10, 2024 16:29
github-actions[bot]
github-actions bot previously approved these changes Oct 10, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch 7 times, most recently from 4fb9ad5 to 3efcd83 Compare October 15, 2024 07:40
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 3262856 to 673fcf6 Compare October 18, 2024 22:38
github-actions[bot]
github-actions bot previously approved these changes Oct 18, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 673fcf6 to fc3dac4 Compare October 21, 2024 10:28
github-actions[bot]
github-actions bot previously approved these changes Oct 21, 2024
View reviewed changes
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch 10 times, most recently from 87fb72c to 88843ac Compare October 23, 2024 08:16
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 88843ac to bd9c748 Compare October 23, 2024 18:24
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch 7 times, most recently from e33c1a5 to 2bd1b57 Compare October 25, 2024 08:46
@renovate renovate bot force-pushed the renovate/npm-bootstrap4-vulnerability branch from 2bd1b57 to cbeff43 Compare October 25, 2024 11:12
@renovate renovate bot changed the title fix(deps): update dependency bootstrap4 to v5 [security] fix(deps): update dependency bootstrap4 to v5 [security] - autoclosed Oct 25, 2024
@renovate renovate bot closed this Oct 25, 2024
@renovate renovate bot deleted the renovate/npm-bootstrap4-vulnerability branch October 25, 2024 11:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pomahtri