[Snyk] Upgrade bootstrap from 4.3.1 to 4.4.1

[snyk-bot]

Snyk has created this PR to upgrade bootstrap from 4.3.1 to 4.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2019-11-28.

Release notes

Package name: bootstrap

• 4.4.1 - 2019-11-28
  
  • Fix Dart Sass compatibility (#29755, #29763)
  • Add :disabled for disabled fieldset (#29762)
• 4.4.0 - 2019-11-26
  

  Highlights

  Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.

  • New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
  • New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
  • New add() and subtract() functions for avoiding errors and zero values from CSS's built in calc feature.
  • New make-col-auto() mixin to make our .col-auto class available with custom HTML.
  • Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
  • Deprecated: bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they're going away in v5.
  • Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
  • More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
  • Fixed a couple dozen CSS and JS bugs.
  • Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
  • Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.

  Links

  • List of closed issues and merged pull requests
  • Review the project board
• 4.3.1 - 2019-02-13
  
  • Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
  • Fixed a small issue with our RFS (responsive font sizes) mixins

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• dca1ab7 Release v4.4.1.
• b07b6f7 Fix dart Sass compatibility for subtract (#29763)
• 0d148d8 V4: Add :disabled for disabled fieldset (#29762)
• c24aaa6 Fix dart Sass compatibility (#29755)
• 301ee19 Update Gemfile.lock
• 593574d Release v4.4.0 (#29735)
• d61bba5 Backport #29734
• 7aa1722 Update change-version.js (#29736)
• 340009e Update devDependencies and gems.
• bdd8752 Switch to the Coveralls Action (#29478)
• e0a2d58 Backport #29624
• 136afcf Update anchor.js to v4.2.1 (#29662)
• eb1e1cf Fixed input-height-sm and input-height-lg calculations (#29653)
• 5be0fe8 package.json: Add funding property (#29646)
• a0bb417 Fix icons link.
• 590c1ba progress: Fix IE overflow (#29629)
• f12ae8c Sass: fix version in deprecation messages.
• 6b7ca12 Make check label cursor customizable (#29633)
• 0aa6a81 Update devDependencies and gems.
• 7629dae Update modal.md (#29621)
• dd96b83 backport #29516: added animation when modal backdrop is static
• 29f5853 backport #29523: skip hidden dropdowns while focusing
• f55566e Add configurable button text wrapping (#29554)
• 7ecfa6a Backport #29585

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs