Skip to content

Update dependency bootstrap to v4.3.1#42

Open
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/bootstrap-4.x
Open

Update dependency bootstrap to v4.3.1#42
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/bootstrap-4.x

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Feb 28, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
bootstrap (source) 4.2.1 -> 4.3.1 age adoption passing confidence

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE Reachability
Medium Medium 6.1 CVE-2019-8331

Release Notes

twbs/bootstrap (bootstrap)

v4.3.1

Compare Source

  • Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
  • Fixed a small issue with our RFS (responsive font sizes) mixins

v4.3.0

Compare Source

Highlights
  • New: Added .stretched-link utility to make any anchor the size of it's nearest position: relative parent, perfect for entirely clickable cards!
  • New: Added .text-break utility for applying word-break: break-word
  • New: Added .rounded-sm and .rounded-lg for small and large border-radius.
  • New: Added .modal-dialog-scrollable modifier class for scrolling content within a modal.
  • New: Added responsive .list-group-horizontal modifier classes for displaying list groups as a horizontal row.
  • Improved: Reduced our compiled CSS by using null for variables that by default inherit their values from other elements (e.g., $headings-color was inherit and is now null until you modifier it in your custom CSS).
  • Improved: Badge focus styles now match their background-color like our buttons.
  • Fixed: Silenced bad selectors in our JS plugins for the href HTML attribute to avoid JavaScript errors. Please try to use valid selectors or the data-target HTML attribute/target option where available.
  • Fixed: Reverted v4.2.1's change to the breakpoint and grid container Sass maps that blocked folks from upgrading when modifying those default variables.
  • Fixed: Restored white-space: nowrap to .dropdown-toggle (before v4.2.1 it was on all .btns) so carets don't wrap to new lines.
  • Deprecated: img-retina, invisible, float, and size mixins are now deprecated and will be removed in v5.
Links

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants