[Snyk] Upgrade bootstrap from 4.1.3 to 4.4.1 #1

snyk-bot · 2020-04-01T03:52:28Z

Snyk has created this PR to upgrade bootstrap from 4.1.3 to 4.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 4 months ago, on 2019-11-28.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	No Known Exploit

Release notes

Package name: bootstrap

4.4.1 - 2019-11-28
- Fix Dart Sass compatibility (#29755, #29763)
- Add :disabled for disabled fieldset (#29762)
4.4.0 - 2019-11-26
Highlights

Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.
- New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
- New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
- New add() and subtract() functions for avoiding errors and zero values from CSS's built in calc feature.
- New make-col-auto() mixin to make our .col-auto class available with custom HTML.
- Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
- Deprecated: bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they're going away in v5.
- Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
- More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
- Fixed a couple dozen CSS and JS bugs.
- Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
- Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.
Links
- List of closed issues and merged pull requests
- Review the project board
4.3.1 - 2019-02-13
- Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
- Fixed a small issue with our RFS (responsive font sizes) mixins
4.3.0 - 2019-02-11
Highlights
- New: Added .stretched-link utility to make any anchor the size of it's nearest position: relative parent, perfect for entirely clickable cards!
- New: Added .text-break utility for applying word-break: break-word
- New: Added .rounded-sm and .rounded-lg for small and large border-radius.
- New: Added .modal-dialog-scrollable modifier class for scrolling content within a modal.
- New: Added responsive .list-group-horizontal modifier classes for displaying list groups as a horizontal row.
- Improved: Reduced our compiled CSS by using null for variables that by default inherit their values from other elements (e.g., $headings-color was inherit and is now null until you modifier it in your custom CSS).
- Improved: Badge focus styles now match their background-color like our buttons.
- Fixed: Silenced bad selectors in our JS plugins for the href HTML attribute to avoid JavaScript errors. Please try to use valid selectors or the data-target HTML attribute/target option where available.
- Fixed: Reverted v4.2.1's change to the breakpoint and grid container Sass maps that blocked folks from upgrading when modifying those default variables.
- Fixed: Restored white-space: nowrap to .dropdown-toggle (before v4.2.1 it was on all .btns) so carets don't wrap to new lines.
- Deprecated: img-retina, invisible, float, and size mixins are now deprecated and will be removed in v5.
Links
- Read the full ship list
- Review the project board
4.2.1 - 2018-12-21
Bump to v4.2.1 to republish package on npm. See v4.2.0 release notes for changes introduced in v4.2.
4.1.3 - 2018-07-24
- Fixed: Removed the :not(:root) selector from our svg Reboot styles, resolving an issue that caused all inline SVGs ignore vertical-align styles via single class due to higher specificity.
- Fixed: Moved the browserslist config from our package.json to a separate file to avoid unintended inherited browser settings across npm projects.
- Fixed: Buttons in custom file inputs are once again clickable when focused.
- Improved: Bootstrap's plugins can now be imported separately in any contexts because they are now UMD ready.
- Improved: .form-controls now have a fixed height to compensate for differences in computed height across different types. This also fixes some IE alignment issues.
- Improved: Added Noto Color Emoji to our system font stack for better rendering in Linux OSes.