[Snyk] Upgrade bootstrap from 5.1.3 to 5.3.3

[wambugucoder]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade bootstrap from 5.1.3 to 5.3.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 12 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-02-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579155	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Directory Traversal SNYK-JS-MOMENT-2440688	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-NODEFETCH-2342118	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bootstrap

• 5.3.3 - 2024-02-20
  

  Highlights

  • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
  • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

  Color modes

  • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
  • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
  • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

  Miscellaneous

  • Allowed <dl>, <dt> and <dd> in the sanitizer.
  • Dropped evenly items distribution for modal and offcanvas headers.
  • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
  • Fixed the focus box-shadow for the validation stated form controls.
  • Fixed the focus ring on focused checked buttons.
  • Fixed the product example mobile navbar toggler.
  • Changed the RTL processing of carousel control icons.

  ---

  🎨 CSS

  • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
  • #38719: Fix focus box-shadow for validation stated form-controls
  • #38884: fix border-radius on radio-switch
  • #39294: Tests: update navbar in visual modal test
  • #39373: refactor css: modal and offcanvas header spacing
  • #39380: Fix Sass compilation breaking change in v5.3
  • #39387: docs: fix typo
  • #39411: Optimize the accordion icon
  • #39497: Fix a typo
  • #39536: Changed RTL processing of carousel control icons
  • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
  • #39595: CSS: Fix the focus ring on focused checked buttons

  ☕️ JavaScript

  • #39201: Selector Engine: fix multiple IDs
  • #39224: Fix edge case in color-mode.js
  • #39376: Allow dl, dt and dd in sanitizer

  📖 Docs

  • #39200: Typo Fix
  • #39214: Doc: use .text-bg-{color} for all badges
  • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
  • #39249: Doc: consistent rendering of 'Heads up!' callouts
  • #39281: Fix getOrCreateInstance() doc example
  • #39293: Update background.md
  • #39304: Doc: add expanded accordion explanation
  • #39320: Drop .table-light from table foot example
  • #39340: Doc: add dispose() to Offcanvas methods
  • #39378: Docs: fix sentence in modal
  • #39417: Fix color schemes description in Sass customization documentation
  • #39418: Docs: change vite config path import in vite guide
  • #39435: Docs: add shift-color() usage example in sass customization page
  • #39458: Docs: enhance .card-img-* description
  • #39503: Minor image compression improvements
  • #39519: Docs: use consistent HTML elements in Utilities -> Background page
  • #39520: Docs: drop unused .theme-icon class
  • #39528: docs: clean up example.html
  • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
  • #39539: Update links on get-started page
  • #39592: Update vite.md
  • #39604: Fix typo in 'media-breakpoint-between' in migration docs
  • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
  • #39663: updated table to be responsive

  🛠 Examples

  • #39657: Fix product example mobile navbar toggler
  • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

  🏭 Tests

  • #39294: Tests: update navbar in visual modal test

  🧰 Misc

  • #39096: CI: stop running coveralls in forks
  • #39501: CI: switch to Node.js 20

  📦 Dependencies

  • Updated numerous devDependencies
• 5.3.2 - 2023-09-14
  Read more
• 5.3.1 - 2023-07-26
  Read more
• 5.3.0 - 2023-05-30
  

  Release v5.3.0 (#38657)

  * Bump version to 5.3.0

  * Dist

• 5.3.0-alpha3 - 2023-04-03
  
  • Fixed wrong interpolated variables with node-sass/Hugo.
  • Added a check for interpolated variables to catch compilation errors with Node Sass when using Sass variables in calc() functions.
  • Started using --bs-border-radius variables across more components.
  • Added .d-inline-grid utility class.
  • Fixed .tooltip-inner placement when using variations in fallbackPlacements.
  • Fix selectors for dark mode carousel overrides when compiling with $color-mode-type: media-query.
  • Updated the styling of floating labels when "floated" to include a background-color to help with multiple lines of text in textareas. This also fixes the colors when form elements are disabled in floating forms.
  • Updated RFS to v10.0.0.

  Full Changelog: v5.3.0-alpha2...v5.3.0-alpha3

• 5.3.0-alpha2 - 2023-03-24
  Read more
• 5.3.0-alpha1 - 2022-12-24
  Read more
• 5.2.3 - 2022-11-22
  

  Fixes

  🎨 CSS

  • #37377: Import root in bootstrap-utilities
  • #37425: Fix deprecation warning with sass 1.56.0
  • #37266: Carousel: Fix RTL translate() direction

  ☕️ JavaScript

  • #37235: fix tooltip/popper disposal inconsistencies
• 5.2.2 - 2022-10-03
  Read more
• 5.2.1 - 2022-09-07
  Read more
• 5.2.0 - 2022-07-19
• 5.2.0-beta1 - 2022-05-13
• 5.1.3 - 2021-10-09

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• 6e1f75f Release v5.3.3 (#39524)
• 3caef2b Build(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)
• 4abac9b Build(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)
• c396a2a Build(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)
• c9a8a40 Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)
• 6aecb37 Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)
• 4081168 Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)
• 4605d71 Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)
• 08eeee3 Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)
• f92d635 Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)
• 6ed1cdd Selector Engine: fix multiple IDs (#39201)
• 1bc85bf Fix product example mobile navbar toggler (#39657)
• cb7467b Docs: fix typos in Vite, Parcel and Webpack guides (#39592)
• d30385b Docs: update colors table to be responsive in Customize > Color page (#39663)
• 4e35f64 Drop `--bs-accordion-btn-focus-border-color` and deprecate `$accordion-button-focus-border-color` (#39560)
• 409fd23 Changed RTL processing of carousel control icons (#39536)
• 5010e8d Fix the focus ring on focused checked buttons (#39595)
• d85a84b Update jasmine and regenerate package-lock.json (#39654)
• e4d8f14 Build(deps): Bump release-drafter/release-drafter from 5 to 6 (#39653)
• 40c6d8a Build(deps-dev): Bump eslint-config-xo from 0.43.1 to 0.44.0 (#39651)
• 4e94fb5 Build(deps-dev): Bump eslint-plugin-unicorn from 50.0.1 to 51.0.0 (#39650)
• 4a7f538 Build(deps-dev): Bump postcss from 8.4.33 to 8.4.34 (#39652)
• aaa8e6c Build(deps-dev): Bump stylelint-config-twbs-bootstrap (#39649)
• 52cc934 Bump copyright year to 2024

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs