[Snyk] Security upgrade bootstrap from 3.4.1 to 4.0.0

[mm-prodsec-bot]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• standalone/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting SNYK-JS-BOOTSTRAP-7444617	520

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

[dryrunsecurity]

This pull request uses an outdated Bootstrap dependency (bootstrap 4.0.0) which contains a known XSS vulnerability (GHSA-3wqf-4x89-9g79); upgrading to bootstrap >= 4.1.2 is recommended to mitigate the risk. The finding is non-blocking but should be addressed to avoid exposure to potential cross-site scripting attacks.

Outdated and Unsupported Dependency: Bootstrap 4.0.0 in standalone/package.json

Vulnerability	Outdated and Unsupported Dependency: Bootstrap 4.0.0
Description	The package.json specifies bootstrap version 4.0.0. This version is vulnerable to Cross-Site Scripting (XSS) as identified by GHSA-3wqf-4x89-9g79. This vulnerability is fixed in version 4.1.2 and later. Using an outdated version with known vulnerabilities exposes the application to potential XSS attacks.

mattermost-plugin-calls/standalone/package.json

Lines 24 to 27 in 274d929

	"bootstrap": "4.0.0",
	"core-js": "3.26.1",
	"luxon": "3.3.0",
	"react": "17.0.2",

---

All finding details can be found in the DryRun Security Dashboard.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.02%. Comparing base (11b5b6f) to head (274d929).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1095      +/-   ##
==========================================
- Coverage   26.27%   26.02%   -0.25%     
==========================================
  Files         228      228              
  Lines       14565    12740    -1825     
  Branches     1422     1422              
==========================================
- Hits         3827     3316     -511     
+ Misses      10408     9092    -1316     
- Partials      330      332       +2     

see 53 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.