Skip to content

Update dependency bootstrap to v4.1.2 [SECURITY]#81

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-bootstrap-vulnerability
Open

Update dependency bootstrap to v4.1.2 [SECURITY]#81
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-bootstrap-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Dec 5, 2019

Copy link
Copy Markdown

This PR contains the following updates:

Package Change Age Confidence
bootstrap (source) 4.0.04.1.2 age confidence

Bootstrap Cross-site Scripting vulnerability

CVE-2018-14041 / GHSA-pj7m-g53m-7638

More information

Details

In Bootstrap 4.x before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

twbs/bootstrap (bootstrap)

v4.1.2

Compare Source

  • Fixed an XSS vulnerability in tooltip, collapse, and scrollspy plugins
  • Improved how we query elements in our JavaScript plugins
  • Inline SVGs now have the same vertical alignment as images
  • Fixed issues with double transitions on carousels
  • Added Edge and IE10-11 fallbacks to our floating labels example
  • Various improvements to form controls, including disabled states on file inputs and unified focus styles for selects

Checkout the v4.1.2 ship list and GitHub project for the full details.

v4.1.1

Compare Source

Our first patch release for Bootstrap 4! Here's a quick rundown of some of the changes:

  • Added validation styles for file inputs
  • Improved printing of dark tables
  • Suppressed that text-hide deprecation notice by default
  • Cleaned up some JS globals and improve coverage
  • Bumped dependencies, namely Jekyll
  • Fixed docs issue with incorrect name for our monospace font utility

Checkout the v4.1.1 ship list and GitHub project for the full details.

v4.1.0

Compare Source

  • Added new custom range form control.
  • Added new .carousel-fade modifier to switch carousel from horizontal sliding to crossfade.
  • Added new .dropdown-item-text for plaintext dropdown items.
  • Added new .flex-fill, .flex-grow-*, and .flex-shrink-* utilities.
  • Added new .table-borderless variant for tables.
  • Added new .text-monospace utility.
  • Added new .text-body (default body color), .text-black-50 (50% opacity black), and .text-white-50 (50% opacity white) utilities.
  • Added new .shadow-* utilities for quickly adding box-shadows.
  • Added ability to disable Popper's positioning in dropdowns.
  • Fixed longstanding issue with Chrome incorrectly rendering cards across CSS columns.
  • Deprecated .text-hide—you'll see a warning during compilation—as it's a dated and undocumented feature.
  • Fixed up Dashboard and Offcanvas examples across Firefox and IE.
  • Breadcrumbs can now use non-string values as dividers.
  • Updated our Theming docs to confirm you cannot use CSS variables in media queries (sorry folks!).

Be sure to look at the ship list and project board for more details on all our fixes.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 076af67 to 704f0da Compare May 15, 2020 16:55
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 704f0da to 270ecc8 Compare July 1, 2020 11:51
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 270ecc8 to a6420c1 Compare August 27, 2020 03:59
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from a6420c1 to 2090fd8 Compare October 28, 2020 22:58
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 2090fd8 to e49caa5 Compare January 22, 2021 09:59
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from e49caa5 to 46cf654 Compare March 7, 2022 10:28
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 46cf654 to dfd7b23 Compare September 25, 2022 18:36
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from dfd7b23 to 5e71b83 Compare March 24, 2023 23:05
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v4.3.1 [security] fix(deps): update dependency bootstrap to v4.3.1 [security] - autoclosed Oct 25, 2023
@renovate renovate Bot closed this Oct 25, 2023
@renovate renovate Bot deleted the renovate/npm-bootstrap-vulnerability branch October 25, 2023 20:11
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v4.3.1 [security] - autoclosed fix(deps): update dependency bootstrap to v4.3.1 [security] Oct 25, 2023
@renovate renovate Bot reopened this Oct 25, 2023
@renovate renovate Bot restored the renovate/npm-bootstrap-vulnerability branch October 25, 2023 21:27
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 5e71b83 to 5c00672 Compare October 25, 2023 21:27
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v4.3.1 [security] fix(deps): update dependency bootstrap to v4.1.2 [security] Aug 6, 2024
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v4.1.2 [security] fix(deps): update dependency bootstrap to v4.1.2 [security] - autoclosed Dec 8, 2024
@renovate renovate Bot closed this Dec 8, 2024
@renovate renovate Bot deleted the renovate/npm-bootstrap-vulnerability branch December 8, 2024 19:12
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v4.1.2 [security] - autoclosed fix(deps): update dependency bootstrap to v4.1.2 [security] Dec 8, 2024
@renovate renovate Bot reopened this Dec 8, 2024
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 43db5ba to 5c00672 Compare December 8, 2024 22:54
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 5c00672 to 1d3f531 Compare August 13, 2025 15:42
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v4.1.2 [security] fix(deps): update dependency bootstrap to v5 [security] Aug 13, 2025
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 1d3f531 to 8910b23 Compare August 31, 2025 11:12
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch from 8910b23 to 81108a5 Compare October 9, 2025 21:43
@renovate renovate Bot changed the title fix(deps): update dependency bootstrap to v5 [security] chore(deps): update dependency bootstrap to v4.3.1 [security] Oct 9, 2025
@renovate renovate Bot changed the title chore(deps): update dependency bootstrap to v4.3.1 [security] chore(deps): update dependency bootstrap to v4.1.2 [security] Oct 16, 2025
@renovate renovate Bot changed the title chore(deps): update dependency bootstrap to v4.1.2 [security] chore(deps): update dependency bootstrap to v4.1.2 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot changed the title chore(deps): update dependency bootstrap to v4.1.2 [security] - autoclosed chore(deps): update dependency bootstrap to v4.1.2 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-bootstrap-vulnerability branch 2 times, most recently from 81108a5 to 8b39e4c Compare March 30, 2026 21:59
@renovate renovate Bot changed the title chore(deps): update dependency bootstrap to v4.1.2 [security] Update dependency bootstrap to v4.1.2 [SECURITY] Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant