Update dependency bootstrap to v4.1.2 [SECURITY]#81
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
076af67 to
704f0da
Compare
704f0da to
270ecc8
Compare
270ecc8 to
a6420c1
Compare
a6420c1 to
2090fd8
Compare
2090fd8 to
e49caa5
Compare
e49caa5 to
46cf654
Compare
46cf654 to
dfd7b23
Compare
dfd7b23 to
5e71b83
Compare
5e71b83 to
5c00672
Compare
43db5ba to
5c00672
Compare
5c00672 to
1d3f531
Compare
1d3f531 to
8910b23
Compare
8910b23 to
81108a5
Compare
81108a5 to
8b39e4c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.0.0→4.1.2Bootstrap Cross-site Scripting vulnerability
CVE-2018-14041 / GHSA-pj7m-g53m-7638
More information
Details
In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.
Severity
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Release Notes
twbs/bootstrap (bootstrap)
v4.1.2Compare Source
Checkout the v4.1.2 ship list and GitHub project for the full details.
v4.1.1Compare Source
Our first patch release for Bootstrap 4! Here's a quick rundown of some of the changes:
text-hidedeprecation notice by defaultCheckout the v4.1.1 ship list and GitHub project for the full details.
v4.1.0Compare Source
.carousel-fademodifier to switch carousel from horizontal sliding to crossfade..dropdown-item-textfor plaintext dropdown items..flex-fill,.flex-grow-*, and.flex-shrink-*utilities..table-borderlessvariant for tables..text-monospaceutility..text-body(default body color),.text-black-50(50% opacity black), and.text-white-50(50% opacity white) utilities..shadow-*utilities for quickly addingbox-shadows..text-hide—you'll see a warning during compilation—as it's a dated and undocumented feature.Be sure to look at the ship list and project board for more details on all our fixes.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.