[Snyk] Upgrade bootstrap from 5.1.1 to 5.3.2

[bcopy]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade bootstrap from 5.1.1 to 5.3.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2023-09-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	375/1000 Why? CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	375/1000 Why? CVSS 7.5	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	375/1000 Why? CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bootstrap

• 5.3.2 - 2023-09-14
  

  Highlights

  • Passing a percentage unit to the global abs() is deprecated since Dart Sass v1.65.0. It resulted in a deprecation warning when compiling Bootstrap with Dart Sass. This has been fixed internally by changing the values passed to the divide() function. The divide() function has not been fixed itself so that we can keep supporting node-sass cross-compatibility. In v6, this won't be an issue as we plan to drop support for node-sass.
  • Using multiple ids in a collapse target wasn't working anymore and has been fixed.

  Color modes

  • Increased color contrast of form range track background in light and dark modes.
  • Fixed table state rendering for color modes with a focus on the striped table in dark mode to increase color contrast.
  • Allow <mark> color customization for color modes.

  Docs

  • Added alternative CDNs section in Getting started -> Download.
  • Added Discord and Bootstrap subreddit links in README and Getting started -> Introduction:
    • Discord maintained by the community
    • Bootstrap subreddit

  ---

  🎨 CSS

  • #38816: Use box-shadow CSS variables shadow utilities
  • #38955: Fix radios looking like ellipse on responsive mode
  • #38976: Use box-shadow CSS vars instead of Sass vars in assets and variables
  • #39030: Fix dart-sass deprecation warning
  • #39033: Color mode: fix table state rendering
  • #39095: Make form range track background more contrasted
  • #39119: New Sass var $btn-link-focus-shadow-rgb to allow customization
  • #39141: New Sass variable to handle <mark> dark mode bg color

  ☕️ JavaScript

  • #38989: Collapse: Fix multiple ids calls
  • #39046: Dropdown: reuse variable

  📖 Docs

  • #38873: Discord reddit bootstrap
  • #38970: docs: add BootstrapVueNext to docs
  • #38977: Docs: Add missing form elements in focusable elements
  • #38978: Docs: Fix popover template role error
  • #38995: introduction: drop details element
  • #39037: Further improve image compression with oxipng and the latest jpegoptim
  • #39054: Docs: Remove incorrect mention of .left- and .right- utilities from migration guide
  • #39060: Migration: add back v5.0.0 heading
  • #39145: Docs: add warning callout to add a workaround when jsDelivr is not available
  • #39177: Fix: make theme selector tick icon visible when active in examples layout
  • #39179: download: Reword CDN paragraph

  🛠 Examples

  • #38994: examples: update 3rd-party packages
  • #39086: Correct grammar error in examples/starter-template

  🌎 Accessibility

  • #38978: Docs: Fix popover template role error
  • #39095: Make form range track background more contrasted

  🧰 Misc

  • #38983: Improve change-version script
  • #38984: Convert build scripts to ESM
  • #39021: CI: update permissions for calibreapp-image-actions.yml

  📦 Dependencies

  • Updated numerous devDependencies
• 5.3.1 - 2023-07-26
  Read more
• 5.3.0 - 2023-05-30
  

  Release v5.3.0 (#38657)

  * Bump version to 5.3.0

  * Dist

• 5.3.0-alpha3 - 2023-04-03
  
  • Fixed wrong interpolated variables with node-sass/Hugo.
  • Added a check for interpolated variables to catch compilation errors with Node Sass when using Sass variables in calc() functions.
  • Started using --bs-border-radius variables across more components.
  • Added .d-inline-grid utility class.
  • Fixed .tooltip-inner placement when using variations in fallbackPlacements.
  • Fix selectors for dark mode carousel overrides when compiling with $color-mode-type: media-query.
  • Updated the styling of floating labels when "floated" to include a background-color to help with multiple lines of text in textareas. This also fixes the colors when form elements are disabled in floating forms.
  • Updated RFS to v10.0.0.

  Full Changelog: v5.3.0-alpha2...v5.3.0-alpha3

• 5.3.0-alpha2 - 2023-03-24
  Read more
• 5.3.0-alpha1 - 2022-12-24
  Read more
• 5.2.3 - 2022-11-22
  

  Fixes

  🎨 CSS

  • #37377: Import root in bootstrap-utilities
  • #37425: Fix deprecation warning with sass 1.56.0
  • #37266: Carousel: Fix RTL translate() direction

  ☕️ JavaScript

  • #37235: fix tooltip/popper disposal inconsistencies
• 5.2.2 - 2022-10-03
  Read more
• 5.2.1 - 2022-09-07
  Read more
• 5.2.0 - 2022-07-19
  Read more
• 5.2.0-beta1 - 2022-05-13
• 5.1.3 - 2021-10-09
• 5.1.2 - 2021-10-05
• 5.1.1 - 2021-09-07

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• 344e912 Release v5.3.2 (#39173)
• 317cb2a download: Reword CDN paragraph (#39179)
• 8df9899 Fix: make theme selector tick icon visible when active in examples layout (#39177)
• 256ad91 README.md: remove BrowserStack badge (#39180)
• 8816177 Update devDependencies (#39174)
• 52edf18 Build(deps): Bump actions/checkout from 3 to 4 (#39148)
• 9900cf3 Fix collapse multiple ids target (#38989)
• d1d49ff New `$btn-link-focus-shadow-rgb` for color modes customisation (#39119)
• bde23ae Allow `<mark>` colors customization for color modes (#39141)
• bb10c99 Add defensive CSS to handle form check input in fleboxes (#38955)
• 86672f4 Fix table state rendering for color modes (#39033)
• 4724e7a Make form range track background more contrasted (#39095)
• 4bf483b Docs: add Discord (community) and Bootstrap subreddit links (#38873)
• fca9c82 Docs: add alternative CDNs section in Getting Started > Download (#39145)
• d07d3a6 Fix dart-sass deprecation warning (#39030)
• 413894d Build(deps-dev): Bump hugo-bin from 0.113.0 to 0.114.2 (#39147)
• fee563d Build(deps): Bump streetsidesoftware/cspell-action from 2 to 3 (#39088)
• a82a9da Build(deps-dev): Bump @ rollup/plugin-node-resolve from 15.2.0 to 15.2.1 (#39090)
• 8b44888 Build(deps-dev): Bump rollup from 3.28.0 to 3.28.1 (#39089)
• dc040fa Corrected a grammer error in by adding the word go to examples/starter-template (#39086)
• e3553ae Update devDependencies (#39083)
• 6091dba Remove incorrect mention of .left utilities from migration guide (#39054)
• 18a400a Further improve image compression with oxipng and the latest jpegoptim (#39037)
• 47da803 Migration: add back v5.0.0 heading (#39060)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs