[Snyk] Upgrade bootstrap from 5.1.1 to 5.3.3

[fer-rouco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade bootstrap from 5.1.1 to 5.3.3.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

✨ Snyk has automatically assigned this pull request, set who gets assigned.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 14 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-02-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-XLSX-5457926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bootstrap

• 5.3.3 - 2024-02-20
  

  Highlights

  • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
  • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

  Color modes

  • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
  • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
  • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

  Miscellaneous

  • Allowed <dl>, <dt> and <dd> in the sanitizer.
  • Dropped evenly items distribution for modal and offcanvas headers.
  • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
  • Fixed the focus box-shadow for the validation stated form controls.
  • Fixed the focus ring on focused checked buttons.
  • Fixed the product example mobile navbar toggler.
  • Changed the RTL processing of carousel control icons.

  ---

  🎨 CSS

  • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
  • #38719: Fix focus box-shadow for validation stated form-controls
  • #38884: fix border-radius on radio-switch
  • #39294: Tests: update navbar in visual modal test
  • #39373: refactor css: modal and offcanvas header spacing
  • #39380: Fix Sass compilation breaking change in v5.3
  • #39387: docs: fix typo
  • #39411: Optimize the accordion icon
  • #39497: Fix a typo
  • #39536: Changed RTL processing of carousel control icons
  • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
  • #39595: CSS: Fix the focus ring on focused checked buttons

  ☕️ JavaScript

  • #39201: Selector Engine: fix multiple IDs
  • #39224: Fix edge case in color-mode.js
  • #39376: Allow dl, dt and dd in sanitizer

  📖 Docs

  • #39200: Typo Fix
  • #39214: Doc: use .text-bg-{color} for all badges
  • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
  • #39249: Doc: consistent rendering of 'Heads up!' callouts
  • #39281: Fix getOrCreateInstance() doc example
  • #39293: Update background.md
  • #39304: Doc: add expanded accordion explanation
  • #39320: Drop .table-light from table foot example
  • #39340: Doc: add dispose() to Offcanvas methods
  • #39378: Docs: fix sentence in modal
  • #39417: Fix color schemes description in Sass customization documentation
  • #39418: Docs: change vite config path import in vite guide
  • #39435: Docs: add shift-color() usage example in sass customization page
  • #39458: Docs: enhance .card-img-* description
  • #39503: Minor image compression improvements
  • #39519: Docs: use consistent HTML elements in Utilities -> Background page
  • #39520: Docs: drop unused .theme-icon class
  • #39528: docs: clean up example.html
  • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
  • #39539: Update links on get-started page
  • #39592: Update vite.md
  • #39604: Fix typo in 'media-breakpoint-between' in migration docs
  • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
  • #39663: updated table to be responsive

  🛠 Examples

  • #39657: Fix product example mobile navbar toggler
  • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

  🏭 Tests

  • #39294: Tests: update navbar in visual modal test

  🧰 Misc

  • #39096: CI: stop running coveralls in forks
  • #39501: CI: switch to Node.js 20

  📦 Dependencies

  • Updated numerous devDependencies
• 5.3.2 - 2023-09-14
  Read more
• 5.3.1 - 2023-07-26
  Read more
• 5.3.0 - 2023-05-30
  

  Release v5.3.0 (#38657)

  * Bump version to 5.3.0

  * Dist

• 5.3.0-alpha3 - 2023-04-03
  
  • Fixed wrong interpolated variables with node-sass/Hugo.
  • Added a check for interpolated variables to catch compilation errors with Node Sass when using Sass variables in calc() functions.
  • Started using --bs-border-radius variables across more components.
  • Added .d-inline-grid utility class.
  • Fixed .tooltip-inner placement when using variations in fallbackPlacements.
  • Fix selectors for dark mode carousel overrides when compiling with $color-mode-type: media-query.
  • Updated the styling of floating labels when "floated" to include a background-color to help with multiple lines of text in textareas. This also fixes the colors when form elements are disabled in floating forms.
  • Updated RFS to v10.0.0.

  Full Changelog: v5.3.0-alpha2...v5.3.0-alpha3

• 5.3.0-alpha2 - 2023-03-24
  Read more
• 5.3.0-alpha1 - 2022-12-24
  Read more
• 5.2.3 - 2022-11-22
  

  Fixes

  🎨 CSS

  • #37377: Import root in bootstrap-utilities
  • #37425: Fix deprecation warning with sass 1.56.0
  • #37266: Carousel: Fix RTL translate() direction

  ☕️ JavaScript

  • #37235: fix tooltip/popper disposal inconsistencies
• 5.2.2 - 2022-10-03
  Read more
• 5.2.1 - 2022-09-07
  Read more
• 5.2.0 - 2022-07-19
• 5.2.0-beta1 - 2022-05-13
• 5.1.3 - 2021-10-09
• 5.1.2 - 2021-10-05
• 5.1.1 - 2021-09-07

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• 6e1f75f Release v5.3.3 (#39524)
• 3caef2b Build(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)
• 4abac9b Build(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)
• c396a2a Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)
• c9a8a40 Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)
• 6aecb37 Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)
• 4081168 Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)
• 4605d71 Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)
• 08eeee3 Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)
• f92d635 Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)
• 6ed1cdd Selector Engine: fix multiple IDs (#39201)
• 1bc85bf Fix product example mobile navbar toggler (#39657)
• cb7467b Docs: fix typos in Vite, Parcel and Webpack guides (#39592)
• d30385b Docs: update colors table to be responsive in Customize > Color page (#39663)
• 4e35f64 Drop `--bs-accordion-btn-focus-border-color` and deprecate `$accordion-button-focus-border-color` (#39560)
• 409fd23 Changed RTL processing of carousel control icons (#39536)
• 5010e8d Fix the focus ring on focused checked buttons (#39595)
• d85a84b Update jasmine and regenerate package-lock.json (#39654)
• e4d8f14 Build(deps): Bump release-drafter/release-drafter from 5 to 6 (#39653)
• 40c6d8a Build(deps-dev): Bump eslint-config-xo from 0.43.1 to 0.44.0 (#39651)
• 4e94fb5 Build(deps-dev): Bump eslint-plugin-unicorn from 50.0.1 to 51.0.0 (#39650)
• 4a7f538 Build(deps-dev): Bump postcss from 8.4.33 to 8.4.34 (#39652)
• aaa8e6c Build(deps-dev): Bump stylelint-config-twbs-bootstrap (#39649)
• 52cc934 Bump copyright year to 2024

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

👩‍💻 Set who automatically gets assigned

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs