chore(lib): update dependency bootstrap to v5 [security] #4164
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.6.2
->5.0.0
GitHub Vulnerability Alerts
CVE-2024-6531
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Bootstrap Cross-Site Scripting (XSS) vulnerability
CVE-2024-6531 / GHSA-vc8w-jr9v-vj7f
More information
Details
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
References
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
twbs/bootstrap (bootstrap)
v5.0.0
Compare Source
Highlights
#32155: Updated
make-col()
mixin to generate equal columns when no size is specified#32763: Added new
color-scheme()
mixin#33389: Dropdown menus now have option become clickable
#33453: Added new docs footer
#33548: Offcanvas header components are now vertically aligned
#33549: Added offcanvas-top modifier
#33634: Added support for
.dropdown-item
s wrapped in<li>
s#33626: Fix v5 regressions in tab dropdown functionality
🚀 Features
color-scheme
mixin🎨 CSS
color-scheme
mixin.nav-link
color consistent when using buttons:read-only
css selector instead[readonly]
for consistencyborder-top
on Firefox☕️ JavaScript
hide
method of dropdownisDisabled
util on dropdownnoop
functionselectMenuItem
method private.dropdown-item
wrapped in<li>
tagsaltBoundary
option📖 Docs
rel=noopener
attributeboundary
optionboundary
optionboundary
option descriptionExamples
🌎 Accessibility
🏭 Tests
data-bs-backdrop="static"
from modal tests🧰 Misc
📦 Dependencies
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.