-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[deps] Auth: Update bootstrap to v5 [SECURITY] #4881
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4881 +/- ##
=======================================
Coverage 42.66% 42.66%
=======================================
Files 1411 1411
Lines 65087 65087
Branches 5959 5959
=======================================
Hits 27772 27772
Misses 36075 36075
Partials 1240 1240 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
We do not use the carrousel component, so this security finding does not affect us directly. We do still wish to update to Version 5. But the lift to update the UI is larger and is impacting other flows. |
b710e41
to
e81cb7f
Compare
e81cb7f
to
19cd403
Compare
Internal tracking:
|
I agree with @ike-kottlowski, updating all the UI is quite an effort. I ran a build from this branch locally, and all the CSS styles were broken. |
… existing theme colors
@@ -49,3 +53,11 @@ h3 { | |||
.form-check-input { | |||
margin-top: .45rem; | |||
} | |||
|
|||
a { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bootstrap 5 automatically adds an underline to hyperlinks. This change removes the underline to match the Bootstrap 4 style.
@withinfocus I needed to adjust the appearance of hyperlinks, so I took the opportunity to upgrade Bootstrap to the latest version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
# Conflicts: # src/Admin/AdminConsole/Views/Providers/Edit.cshtml
74302b7
* [deps] Auth: Update bootstrap to v5 [SECURITY] * Update bootstrap and import dependencies in site.scss * Update site.scss to include the theme color 'dark' * Refactor site.scss to merge the 'primary-accent' theme color into the existing theme colors * Update bootstrap classes for v5 * Refactor form layout in Index.cshtml and AddExistingOrganization.cshtml * Revert change to the shield icon in the navbar * Fix organization form select inputs * Fixed search input sizes * Fix elements in Providers and Users search * More bootstrap migration * Revert change to tax rate delete button * Add missing label classes in Users/Edit.cshtml * More component migrations * Refactor form classes and labels in CreateMsp.cshtml and CreateReseller.cshtml * Update package dependencies in Sso * Revert changes to Providers/Edit.cshtml * Refactor CreateMultiOrganizationEnterprise.cshtml and Providers/Edit.cshtml for bootstrap 5 * Refactor webpack.config.js to use @popperjs/core instead of popper.js * Remove popperjs package dependency * Restore Bootstrap 4 link styling behavior - Remove default text decoration - Add underline only on hover * Update Bootstrap to version 5.3.3 * Update deprecated text color classes from 'text-muted' to 'text-body-secondary' across various views * Refactor provider edit view for bootstrap 5 * Remove underline in Add/Create organization links in provider page --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rui Tome <[email protected]> Co-authored-by: Rui Tomé <[email protected]>
* [deps] Auth: Update bootstrap to v5 [SECURITY] * Update bootstrap and import dependencies in site.scss * Update site.scss to include the theme color 'dark' * Refactor site.scss to merge the 'primary-accent' theme color into the existing theme colors * Update bootstrap classes for v5 * Refactor form layout in Index.cshtml and AddExistingOrganization.cshtml * Revert change to the shield icon in the navbar * Fix organization form select inputs * Fixed search input sizes * Fix elements in Providers and Users search * More bootstrap migration * Revert change to tax rate delete button * Add missing label classes in Users/Edit.cshtml * More component migrations * Refactor form classes and labels in CreateMsp.cshtml and CreateReseller.cshtml * Update package dependencies in Sso * Revert changes to Providers/Edit.cshtml * Refactor CreateMultiOrganizationEnterprise.cshtml and Providers/Edit.cshtml for bootstrap 5 * Refactor webpack.config.js to use @popperjs/core instead of popper.js * Remove popperjs package dependency * Restore Bootstrap 4 link styling behavior - Remove default text decoration - Add underline only on hover * Update Bootstrap to version 5.3.3 * Update deprecated text color classes from 'text-muted' to 'text-body-secondary' across various views * Refactor provider edit view for bootstrap 5 * Remove underline in Add/Create organization links in provider page --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Rui Tome <[email protected]> Co-authored-by: Rui Tomé <[email protected]>
This PR contains the following updates:
4.6.2
->5.0.0
GitHub Vulnerability Alerts
CVE-2024-6531
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Release Notes
twbs/bootstrap (bootstrap)
v5.0.0
Compare Source
Highlights
#32155: Updated
make-col()
mixin to generate equal columns when no size is specified#32763: Added new
color-scheme()
mixin#33389: Dropdown menus now have option become clickable
#33453: Added new docs footer
#33548: Offcanvas header components are now vertically aligned
#33549: Added offcanvas-top modifier
#33634: Added support for
.dropdown-item
s wrapped in<li>
s#33626: Fix v5 regressions in tab dropdown functionality
🚀 Features
color-scheme
mixin🎨 CSS
color-scheme
mixin.nav-link
color consistent when using buttons:read-only
css selector instead[readonly]
for consistencyborder-top
on Firefox☕️ JavaScript
hide
method of dropdownisDisabled
util on dropdownnoop
functionselectMenuItem
method private.dropdown-item
wrapped in<li>
tagsaltBoundary
option📖 Docs
rel=noopener
attributeboundary
optionboundary
optionboundary
option descriptionExamples
🌎 Accessibility
🏭 Tests
data-bs-backdrop="static"
from modal tests🧰 Misc
📦 Dependencies
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.