Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade bootstrap from 4.3.1 to 5.2.0 #13

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade bootstrap from 4.3.1 to 5.2.0 #13

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade bootstrap from 4.3.1 to 5.2.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 24 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-07-19.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506		 405/1000
Why? CVSS 8.1		 No Known Exploit
Prototype Pollution
SNYK-JS-LODASH-608086		 405/1000
Why? CVSS 8.1		 Proof of Concept
Prototype Pollution
SNYK-JS-LODASH-567746		 405/1000
Why? CVSS 8.1		 Proof of Concept
Command Injection
SNYK-JS-LODASH-1040724		 405/1000
Why? CVSS 8.1		 Proof of Concept
Prototype Pollution
SNYK-JS-ASYNC-2441827		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 405/1000
Why? CVSS 8.1		 Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		 405/1000
Why? CVSS 8.1		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181		 405/1000
Why? CVSS 8.1		 Proof of Concept
Prototype Pollution
SNYK-JS-MINIMIST-2429795		 405/1000
Why? CVSS 8.1		 Proof of Concept
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346		 405/1000
Why? CVSS 8.1		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: bootstrap
  • 5.2.0 - 2022-07-19
    Read more
  • 5.2.0-beta1 - 2022-05-13
    Read more
  • 5.1.3 - 2021-10-09

    Fixes

    🎨 CSS

    • #35143: Revert "Add align-self: center to buttons for improved rendering in flex containers"
  • 5.1.2 - 2021-10-05

    Highlights

    • Temporarily patched a postcss-values-parser issue by rearranging our calc() functions that use negative numbers. This should restore the ability to import and compile Bootstrap's Sass in create-react-app.
    • Added border-radius sizes to small and large .form-selects
    • Added align-self: center to buttons for improved rendering in flex containers
    • Fixed Collapse regression that prevented toggling between sibling children
    • Updated JS Sanitizer to add sms in the SAFE_URL_PATTERN
    • Improved docs around .img-fluid
    • Added role="switch" to our form switches in our docs
    • Implemented GitHub Issue forms to replace our previous issue templates.

    Changes

    🎨 CSS

    • #34799: fix custom property values of row overrides individual cell
    • #34834: Add align-self: center to buttons for improved rendering in flex containers
    • #34853: Add border-radius sizes to small and large .form-selects
    • #34861: Separator for table direct children
    • #35017: Use Sass variable instead of RGB components
    • #35033: Add workaround for dart sass compile error

    ☕️ JavaScript

    • #34951: Fix Collapse regression of handling toggling between sibling chilldren
    • #34980: Minor refactoring
    • #35074: sanitizer: add sms in the SAFE_URL_PATTERN

    📖 Docs

    • #34824: docs: Add role="switch" to switches
    • #34918: docs: Update RFS version & move "v" prefix to config.yml
    • #34920: Fix Backdroped typo
    • #34921: Fix JavaScript typo
    • #34922: fix predefined typo
    • #34923: fix utilities typo
    • #34926: Improve description of .img-fluid in docs
    • #34935: Non-blocking typo fix
    • #34936: replace dummy text with English for Text truncation page
    • #34946: Changes some latin/dummy text to English
    • #35013: Add offcanvas to the components requiring JavaScript
    • #35111: Fix capitalization after period in contents.md

    🛠 Examples

    • #35022: examples: Add role="switch" to switches

    🧰 Misc

    • #34626: Implement issue forms
    • #34940: Add cSpell custom dictionary and docs-spellcheck script
    • #35070: rollup: specify generatedCode: 'es2015'
    • #35086: README.md: fix capitalization after period

    📦 Dependencies

  • 5.1.1 - 2021-09-07
    Read more
  • 5.1.0 - 2021-08-04
    Read more
  • 5.0.2 - 2021-06-22
    Read more
  • 5.0.1 - 2021-05-13
    Read more
  • 5.0.0 - 2021-05-05
  • 5.0.0-beta3 - 2021-03-23
  • 5.0.0-beta2 - 2021-02-10
  • 5.0.0-beta1 - 2020-12-07
  • 5.0.0-alpha3 - 2020-11-11
  • 5.0.0-alpha2 - 2020-09-29
  • 5.0.0-alpha1 - 2020-06-16
  • 4.6.2 - 2022-07-19
    Read more
  • 4.6.1 - 2021-10-28
    Read more
  • 4.6.0 - 2021-01-19
  • 4.5.3 - 2020-10-13
  • 4.5.2 - 2020-08-06
  • 4.5.1 - 2020-08-04
  • 4.5.0 - 2020-05-12
  • 4.4.1 - 2019-11-28
  • 4.4.0 - 2019-11-26
  • 4.3.1 - 2019-02-13
from bootstrap GitHub release notes
Commit messages
Package name: bootstrap
  • edf9c40 Release v5.2.0 (#36768)
  • f451b41 Fix failing test on EventHandler (#36772)
  • 4035ad1 Update devDependencies (#36767)
  • eae51cd Fix various small typos in documentation (#36762)
  • 705d685 Fix typos in code (#36763)
  • 154916c Fixing pagination compile issue
  • 9d5c834 Fix indentation in code sample
  • 150b374 Fix active/focused button link text color
  • d262a50 Add links to Webpack, Parcel, and Vite guides on homepage (#36760)
  • 71cbb88 Support input groups in floating forms (#36759)
  • 6d101b1 Fix typos in `snippets.js` (#36758)
  • ed44892 Docs: same text for disabled ranges and disabled form controls (#36741)
  • aa8d0b3 Standardization of `spyOn` usage (#36742)
  • 713d714 Offcanvas: activate focustrap when backdrop is enabled (#36717)
  • 8bb68b0 Add accNames to all progress bar examples (#36732)
  • b591067 Docs: Capitalize Unicode (#36734)
  • 54317bf Add a banner mixin, helping future releases and maintenance (#36178)
  • ed26906 Fix on #35679 (#36668)
  • 62b3d3c Add some details for non visible scrollspy elements (#36625)
  • a122448 Add `$display-font-family` and `$display-font-style` (#36711)
  • ac654a0 Add CSS custom property: --bs-btn-disabled-border-color to mixin: button-outline-variant
  • 81aa8e0 Update devDependencies (#36715)
  • 5235f8e Fix 'Remove from map' Sass description
  • 270344a Remove headings-color CSS variable due to backward compatibility issues

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot