Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade bootstrap from 4.1.1 to 4.4.1 #27

Closed
wants to merge 2 commits into from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented May 4, 2020

Snyk has created this PR to upgrade bootstrap from 4.1.1 to 4.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released 5 months ago, on 2019-11-28.

The recommended version fixes:

Severity Issue Exploit Maturity
Cross-site Scripting (XSS)
npm:bootstrap:20180529
No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-73560
No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-BOOTSTRAP-173700
No Known Exploit
Release notes
Package name: bootstrap
  • 4.4.1 - 2019-11-28
    • Fix Dart Sass compatibility (#29755, #29763)
    • Add :disabled for disabled fieldset (#29762)
  • 4.4.0 - 2019-11-26

    Highlights

    Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.

    • New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
    • New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
    • New add() and subtract() functions for avoiding errors and zero values from CSS's built in calc feature.
    • New make-col-auto() mixin to make our .col-auto class available with custom HTML.
    • Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
    • Deprecated: bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they're going away in v5.
    • Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
    • More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
    • Fixed a couple dozen CSS and JS bugs.
    • Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
    • Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.

    Links

  • 4.3.1 - 2019-02-13
    • Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
    • Fixed a small issue with our RFS (responsive font sizes) mixins
  • 4.3.0 - 2019-02-11

    Highlights

    • New: Added .stretched-link utility to make any anchor the size of it's nearest position: relative parent, perfect for entirely clickable cards!
    • New: Added .text-break utility for applying word-break: break-word
    • New: Added .rounded-sm and .rounded-lg for small and large border-radius.
    • New: Added .modal-dialog-scrollable modifier class for scrolling content within a modal.
    • New: Added responsive .list-group-horizontal modifier classes for displaying list groups as a horizontal row.
    • Improved: Reduced our compiled CSS by using null for variables that by default inherit their values from other elements (e.g., $headings-color was inherit and is now null until you modifier it in your custom CSS).
    • Improved: Badge focus styles now match their background-color like our buttons.
    • Fixed: Silenced bad selectors in our JS plugins for the href HTML attribute to avoid JavaScript errors. Please try to use valid selectors or the data-target HTML attribute/target option where available.
    • Fixed: Reverted v4.2.1's change to the breakpoint and grid container Sass maps that blocked folks from upgrading when modifying those default variables.
    • Fixed: Restored white-space: nowrap to .dropdown-toggle (before v4.2.1 it was on all .btns) so carets don't wrap to new lines.
    • Deprecated: img-retina, invisible, float, and size mixins are now deprecated and will be removed in v5.

    Links

  • 4.2.1 - 2018-12-21

    Bump to v4.2.1 to republish package on npm. See v4.2.0 release notes for changes introduced in v4.2.

  • 4.1.3 - 2018-07-24
    • Fixed: Removed the :not(:root) selector from our svg Reboot styles, resolving an issue that caused all inline SVGs ignore vertical-align styles via single class due to higher specificity.
    • Fixed: Moved the browserslist config from our package.json to a separate file to avoid unintended inherited browser settings across npm projects.
    • Fixed: Buttons in custom file inputs are once again clickable when focused.
    • Improved: Bootstrap's plugins can now be imported separately in any contexts because they are now UMD ready.
    • Improved: .form-controls now have a fixed height to compensate for differences in computed height across different types. This also fixes some IE alignment issues.
    • Improved: Added Noto Color Emoji to our system font stack for better rendering in Linux OSes.
  • 4.1.2 - 2018-07-12
    • Fixed an XSS vulnerability in tooltip, collapse, and scrollspy plugins
    • Improved how we query elements in our JavaScript plugins
    • Inline SVGs now have the same vertical alignment as images
    • Fixed issues with double transitions on carousels
    • Added Edge and IE10-11 fallbacks to our floating labels example
    • Various improvements to form controls, including disabled states on file inputs and unified focus styles for selects

    Checkout the v4.1.2 ship list and GitHub project for the full details.

  • 4.1.1 - 2018-04-30
from bootstrap GitHub release notes
Commit messages
Package name: bootstrap
  • dca1ab7 Release v4.4.1.
  • b07b6f7 Fix dart Sass compatibility for subtract (#29763)
  • 0d148d8 V4: Add :disabled for disabled fieldset (#29762)
  • c24aaa6 Fix dart Sass compatibility (#29755)
  • 301ee19 Update Gemfile.lock
  • 593574d Release v4.4.0 (#29735)
  • d61bba5 Backport #29734
  • 7aa1722 Update change-version.js (#29736)
  • 340009e Update devDependencies and gems.
  • bdd8752 Switch to the Coveralls Action (#29478)
  • e0a2d58 Backport #29624
  • 136afcf Update anchor.js to v4.2.1 (#29662)
  • eb1e1cf Fixed input-height-sm and input-height-lg calculations (#29653)
  • 5be0fe8 package.json: Add funding property (#29646)
  • a0bb417 Fix icons link.
  • 590c1ba progress: Fix IE overflow (#29629)
  • f12ae8c Sass: fix version in deprecation messages.
  • 6b7ca12 Make check label cursor customizable (#29633)
  • 0aa6a81 Update devDependencies and gems.
  • 7629dae Update modal.md (#29621)
  • dd96b83 backport #29516: added animation when modal backdrop is static
  • 29f5853 backport #29523: skip hidden dropdowns while focusing
  • f55566e Add configurable button text wrapping (#29554)
  • 7ecfa6a Backport #29585

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@rom1504
Copy link
Member

rom1504 commented May 4, 2020

Conflicts try again

@rom1504 rom1504 closed this May 4, 2020
@rom1504 rom1504 deleted the snyk-upgrade-5c43a0c1a48e0743e33ac266f755f2a1 branch May 9, 2020 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants