[Snyk] Upgrade bootstrap from 4.0.0-beta.2 to 4.4.1

[snyk-bot]

Snyk has created this PR to upgrade bootstrap from 4.0.0-beta.2 to 4.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 11 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2019-11-28.

Release notes

Package name: bootstrap

• 4.4.1 - 2019-11-28
  
  • Fix Dart Sass compatibility (#29755, #29763)
  • Add :disabled for disabled fieldset (#29762)
• 4.4.0 - 2019-11-26
  

  Highlights

  Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.

  • New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
  • New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
  • New add() and subtract() functions for avoiding errors and zero values from CSS's built in calc feature.
  • New make-col-auto() mixin to make our .col-auto class available with custom HTML.
  • Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
  • Deprecated: bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they're going away in v5.
  • Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
  • More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
  • Fixed a couple dozen CSS and JS bugs.
  • Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
  • Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.

  Links

  • List of closed issues and merged pull requests
  • Review the project board
• 4.3.1 - 2019-02-13
  
  • Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
  • Fixed a small issue with our RFS (responsive font sizes) mixins
• 4.3.0 - 2019-02-11
  

  Highlights

  • New: Added .stretched-link utility to make any anchor the size of it's nearest position: relative parent, perfect for entirely clickable cards!
  • New: Added .text-break utility for applying word-break: break-word
  • New: Added .rounded-sm and .rounded-lg for small and large border-radius.
  • New: Added .modal-dialog-scrollable modifier class for scrolling content within a modal.
  • New: Added responsive .list-group-horizontal modifier classes for displaying list groups as a horizontal row.
  • Improved: Reduced our compiled CSS by using null for variables that by default inherit their values from other elements (e.g., $headings-color was inherit and is now null until you modifier it in your custom CSS).
  • Improved: Badge focus styles now match their background-color like our buttons.
  • Fixed: Silenced bad selectors in our JS plugins for the href HTML attribute to avoid JavaScript errors. Please try to use valid selectors or the data-target HTML attribute/target option where available.
  • Fixed: Reverted v4.2.1's change to the breakpoint and grid container Sass maps that blocked folks from upgrading when modifying those default variables.
  • Fixed: Restored white-space: nowrap to .dropdown-toggle (before v4.2.1 it was on all .btns) so carets don't wrap to new lines.
  • Deprecated: img-retina, invisible, float, and size mixins are now deprecated and will be removed in v5.

  Links

  • Read the full ship list
  • Review the project board
• 4.2.1 - 2018-12-21
  

  Bump to v4.2.1 to republish package on npm. See v4.2.0 release notes for changes introduced in v4.2.

• 4.1.3 - 2018-07-24
  
  • Fixed: Removed the :not(:root) selector from our svg Reboot styles, resolving an issue that caused all inline SVGs ignore vertical-align styles via single class due to higher specificity.
  • Fixed: Moved the browserslist config from our package.json to a separate file to avoid unintended inherited browser settings across npm projects.
  • Fixed: Buttons in custom file inputs are once again clickable when focused.
  • Improved: Bootstrap's plugins can now be imported separately in any contexts because they are now UMD ready.
  • Improved: .form-controls now have a fixed height to compensate for differences in computed height across different types. This also fixes some IE alignment issues.
  • Improved: Added Noto Color Emoji to our system font stack for better rendering in Linux OSes.
• 4.1.2 - 2018-07-12
  
  • Fixed an XSS vulnerability in tooltip, collapse, and scrollspy plugins
  • Improved how we query elements in our JavaScript plugins
  • Inline SVGs now have the same vertical alignment as images
  • Fixed issues with double transitions on carousels
  • Added Edge and IE10-11 fallbacks to our floating labels example
  • Various improvements to form controls, including disabled states on file inputs and unified focus styles for selects

  Checkout the v4.1.2 ship list and GitHub project for the full details.

• 4.1.1 - 2018-04-30
• 4.1.0 - 2018-04-09
• 4.0.0 - 2018-01-18
• 4.0.0-beta.3 - 2017-12-28
• 4.0.0-beta.2 - 2017-10-19

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• dca1ab7 Release v4.4.1.
• b07b6f7 Fix dart Sass compatibility for subtract (#29763)
• 0d148d8 V4: Add :disabled for disabled fieldset (#29762)
• c24aaa6 Fix dart Sass compatibility (#29755)
• 301ee19 Update Gemfile.lock
• 593574d Release v4.4.0 (#29735)
• d61bba5 Backport #29734
• 7aa1722 Update change-version.js (#29736)
• 340009e Update devDependencies and gems.
• bdd8752 Switch to the Coveralls Action (#29478)
• e0a2d58 Backport #29624
• 136afcf Update anchor.js to v4.2.1 (#29662)
• eb1e1cf Fixed input-height-sm and input-height-lg calculations (#29653)
• 5be0fe8 package.json: Add funding property (#29646)
• a0bb417 Fix icons link.
• 590c1ba progress: Fix IE overflow (#29629)
• f12ae8c Sass: fix version in deprecation messages.
• 6b7ca12 Make check label cursor customizable (#29633)
• 0aa6a81 Update devDependencies and gems.
• 7629dae Update modal.md (#29621)
• dd96b83 backport #29516: added animation when modal backdrop is static
• 29f5853 backport #29523: skip hidden dropdowns while focusing
• f55566e Add configurable button text wrapping (#29554)
• 7ecfa6a Backport #29585

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs