[Snyk] Upgrade bootstrap from 4.3.1 to 4.5.2

[snyk-bot]

Snyk has created this PR to upgrade bootstrap from 4.3.1 to 4.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 14 days ago, on 2020-08-06.

Release notes

Package name: bootstrap

• 4.5.2 - 2020-08-06
  

  This release addresses the following two issues:

  • #31438 restores the make-container-max-widths mixin. We won't be using the mixin ourselves, but it will remain in the codebase for the rest of v4 with today's release. We've added a deprecation notice as well.
  • #31439 removes flex: 1 0 100% from .rows. This was added to address shrinking rows inside the navbar component after our responsive containers were added in v4.4.0. Removing this rolls us back to the expected grid and flex behavior—your row will shrink unfortunately without further changes. We could add extra custom CSS to address this, but it seems shortsighted to rush into that. Instead, apply .flex-fill to the .row and your row will behave as usual.
• 4.5.1 - 2020-08-04
  

  CSS

  • #30808: Simplify list-group borders in cards
  • #30810: Add z-index to .custom-check to fix their rendering in CSS columns
  • #30817: Add border-radius to .card-img-overlay
  • #30830: Prevent conflicts with components with classes
  • #30922: Fix color on disabled checked state for custom controls
  • #30932: Restore word-break: break-word; on .text-break utility.
  • #30940: Prevent .row from shrinking in flex containers
  • #30957: Nullify custom form states' box-shadow
  • #30959: Toasts in IE11
  • #30960: Fix IE11 validation tooltip alignment in input groups
  • #30965: Improve floating labels example in IE
  • #30966: Improve floating labels with Edge and a general refactor
  • #30969: Remove duplicated container breakpoints in compiled CSS
  • #30999: Revert min-width: 0 on .col due to unforeseen side effects
  • #31148: Remove duplicate properties on custom controls
  • #31165: Remove backdrop-filter from docs subnav and toasts
  • #31339: Add link to view docs pages on GitHub
  • #31347: Turn off scroll anchoring for accordions
  • #31381: Remove overflow: hidden from toasts

  JavaScript

  • #30326: Prevent overflowing static backdrop modal animation
  • #30936: Add role="dialog" in modals via JavaScript
  • #30992: Avoid preventing input event onclick
  • #31155: Clear timeout before showing the toast

  Build

  • #30797: Fix release script docs
  • #31011: Updated Babel config
  • #31296: Update to Ruby 2.7 and Bundler 2.x

  Docs

  • #30809: Update docs callout for responsive SVG images
  • #30813: Mention Bootstrap Icons in extend/icons.md page
  • #30896: Improve wording on Downloads page
  • #30897: Prevent skip links from overlapping header in docs
  • #30957: Add .card-img-bottom example
  • #30973: Update some nav examples by removing .nav-item from .nav-link to be more consistent
  • #31070: Fix some broken examples and typos
  • #31135: Move color utility callouts to start of page
  • #31234: Clean up docs forms for accessibility
  • #31344: Mention toasts in the components requiring JavaScript page
• 4.5.0 - 2020-05-12
  Read more
• 4.4.1 - 2019-11-28
  
  • Fix Dart Sass compatibility (#29755, #29763)
  • Add :disabled for disabled fieldset (#29762)
• 4.4.0 - 2019-11-26
  

  Highlights

  Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.

  • New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
  • New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
  • New add() and subtract() functions for avoiding errors and zero values from CSS's built in calc feature.
  • New make-col-auto() mixin to make our .col-auto class available with custom HTML.
  • Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
  • Deprecated: bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they're going away in v5.
  • Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
  • More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
  • Fixed a couple dozen CSS and JS bugs.
  • Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
  • Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.

  Links

  • List of closed issues and merged pull requests
  • Review the project board
• 4.3.1 - 2019-02-13
  
  • Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
  • Fixed a small issue with our RFS (responsive font sizes) mixins

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• 5f2480a Prepare v4.5.2. (#31444)
• c0aa405 Remove undefined `$ignore-warning`
• e6ab4ad Deprecate the `make-container-max-widths` mixin
• af4419b Restore make-container-max-widths mixin
• f083759 Remove flex: 1 0 100% from rows (#31439) (#31445)
• 89dc975 Prepare v4.5.1. (#31408)
• e0f89dc Backport #31339 (#31414)
• 30d375b Remove overflow: hidden from toasts (#31381) (#31407)
• 6879a3c Update devDependencies and gems
• d44a1e1 Backport #31344
• 81d3e2b docs(skippy): prevent skip links from overlapping header
• 1abe926 Add unit test for toast to check clearTimeout to have been called (#31298)
• f530ab7 Clear timeout before showing the toast (#31155)
• 0ec2ce4 Update to Ruby 2.7/Bundler 2.x. (#31296)
• cc49a5b Turn off scroll anchoring for accordions (#31347)
• 99013a5 Docs: forms accessibility cleanup (backport from v5) (#31234)
• 38bcf10 Update dependencies, gems and regenerate package-lock.json (#31261)
• f40e1b6 Update devDependencies and gems
• ad8d3a6 Update Babel config (#31011)
• 9a6cfeb Backport #30326 (Unit test)
• ea01c29 Backport #30326
• 234dd96 Backport #31135
• c49b084 BrowserStack: test on Edge 15
• b2ef98f Remove backdrop-filter from toasts

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[codecov]

Codecov Report

Merging #209 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##            master      #209   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           17        17           
  Lines          130       130           
  Branches        24        24           
=========================================
  Hits           130       130           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 212c378...f2287fe. Read the comment docs.