Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.
Color modes
Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.
Miscellaneous
Allowed <dl>, <dt> and <dd> in the sanitizer.
Dropped evenly items distribution for modal and offcanvas headers.
Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
Fixed the focus box-shadow for the validation stated form controls.
Fixed the focus ring on focused checked buttons.
Fixed the product example mobile navbar toggler.
Changed the RTL processing of carousel control icons.
🎨 CSS
#37508: Use child combinators to avoid inheriting parent accordion's flush styles
#38719: Fix focus box-shadow for validation stated form-controls
Added better configurability for comment scrubbing default behavior
Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu
Added better handling and readability of the nodeType property, thanks @ssi02014
Fixed some smaller issues in README and other documentation
DOMPurify 3.1.2
Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions
DOMPurify 3.1.1
Fixed an mXSS sanitiser bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
DOMPurify 3.1.0
Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated README to warn about happy-dom not being safe for use with DOMPurify yet
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies
DOMPurify 3.0.11
Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T
DOMPurify 3.0.10
Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
Bumped up some build and test dependencies
DOMPurify 3.0.9
Fixed a problem with proper detection of Custom Elements, thanks @kevin-mizu
Refactored the hasOwnProperty logic, thanks @ssi02014
Removed a superfluous console.warn making HappyDom happier, thanks @HugoPoi
Modernized some of the demo hooks for better looks, thanks @Steb95
Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.
Additionally:
Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.
Version 23.2.0
This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.
There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.
Version 23.1.0
Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)
Added the string-valued ARIA attribute-reflecting properties to Element.
Fixed history.pushState() and history.replaceState() to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.
Fixed the input.valueAsANumber setter to handle NaN correctly. (alexandertrefz)
Updated various dependencies, including cssstyle which contains several bug fixes.
Version 23.0.1
Fixed the incorrect canvas peer dependency introduced in v23.0.0.
Version 23.0.0
Node.js v18 is now the minimum supported version.
Updated various dependencies, including whatwg-url which integrates various additions to the URL and URLSearchParams objects.
Version 22.1.0
Added crypto.randomUUID(). (jamesbvaughan)
Added DOMRect and DOMRectReadOnly.
Added AbortSignal.timeout().
Added abortSignal.throwIfAborted().
Added support for the submitter argument to the FormData constructor. (jenseng)
Improved getComputedStyle()'s results for color-based properties, to resolve named colors and attempt to provide initial inheritance support. (hoekz-wwt)
Updated Window's event handler properties (e.g. oncopy, ontouchstart, etc.) to reflect the latest list from the standard.
Fixed DOMParser-created documents to inherit their URL from the creating document.
Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.
Additionally:
Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.
23.2.0
This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.
There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.
23.1.0
Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)
Added the string-valued ARIA attribute-reflecting properties to Element.
Fixed history.pushState() and history.replaceState() to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.
Fixed the input.valueAsANumber setter to handle NaN correctly. (alexandertrefz)
Updated various dependencies, including cssstyle which contains several bug fixes.
23.0.1
Fixed the incorrect canvas peer dependency introduced in v23.0.0.
23.0.0
Node.js v18 is now the minimum supported version.
Updated various dependencies, including whatwg-url which integrates various additions to the URL and URLSearchParams objects.
22.1.0
Added crypto.randomUUID(). (jamesbvaughan)
Added DOMRect and DOMRectReadOnly.
Added AbortSignal.timeout().
Added abortSignal.throwIfAborted().
Added support for the submitter argument to the FormData constructor. (jenseng)
Improved getComputedStyle()'s results for color-based properties, to resolve named colors and attempt to provide initial inheritance support. (hoekz-wwt)
Updated Window's event handler properties (e.g. oncopy, ontouchstart, etc.) to reflect the latest list from the standard.
Fixed DOMParser-created documents to inherit their URL from the creating document.
dependabot[bot]
commented
2 weeks ago
Bumps the dev-dependencies group with 19 updates in the / directory:
6.0.37.0.26.2.16.5.22.11.62.11.85.2.35.3.32.4.33.1.50.26.02.12.03.6.33.7.121.1.024.1.010.4.1310.4.1911.0.012.0.26.7.37.1.24.2.05.0.05.5.05.6.02.7.22.9.07.0.28.1.11.57.11.77.413.2.014.2.15.76.05.92.04.11.15.0.4Updates
@braintree/sanitize-urlfrom 6.0.3 to 7.0.2Release notes
Sourced from
@braintree/sanitize-url's releases.Changelog
Sourced from
@braintree/sanitize-url's changelog.Commits
77837537.0.2062bd88Set release version in changelog3f96d15Merge pull request #71 from braintree/dependabot/npm_and_yarn/vite-4.5.36f474fcMerge pull request #73 from braintree/li-38822-fix284119efix: handle decode uri failure6c15df9fix: decodingURIComponent each sanitize round15926b6fix: add to chg log, remove unused importcf7dbb8fix: decode uri and sanitize whitespace1c0be2bli-38822 fix: handle whitespace escapesd4ff979chore(deps-dev): bump vite from 4.5.2 to 4.5.3Updates
@fortawesome/fontawesome-freefrom 6.2.1 to 6.5.2Release notes
Sourced from
@fortawesome/fontawesome-free's releases.Commits
c0f460dRelease 6.5.2 (#20179)a1232e3Delete case-sensitive faTshirt duplicate (#20073)dcdc48aUpdate contributing guidelines (#20028)deeea78Release 6.5.1 (#20031)2885a3cMove files out of the free directory8302f1cRelease 6.5.0 (#20016)f0c2583Release 6.4.2 (#19842)0698449Release 6.4.0 (#19631)d02961bRelease 6.3.0 (#19539)adb2273Typo fixed (#19467)Updates
@popperjs/corefrom 2.11.6 to 2.11.8Commits
9219508v2.11.85347b2fchore: [Popper] remove process.env (#2296)0654654v2.11.75029579fix: Use correct window to get the devicePixelRatio (#2229)2893e9afix: error with user-agent brand not being an array (#1968)Updates
bootstrapfrom 5.2.3 to 5.3.3Release notes
Sourced from bootstrap's releases.
... (truncated)
Commits
6e1f75fRelease v5.3.3 (#39524)3caef2bBuild(deps-dev): Bump terser from 5.27.1 to 5.27.2 (#39690)4abac9bBuild(deps-dev): Bump ip from 2.0.0 to 2.0.1 (#39691)c396a2aBuild(deps-dev): Bump sass from 1.70.0 to 1.71.0 (#39684)c9a8a40Build(deps-dev): Bump rollup from 4.9.6 to 4.12.0 (#39683)6aecb37Build(deps-dev): Bump eslint-plugin-html from 7.1.0 to 8.0.0 (#39672)4081168Build(deps-dev): Bump terser from 5.27.0 to 5.27.1 (#39682)4605d71Build(deps-dev): Bump postcss from 8.4.34 to 8.4.35 (#39673)08eeee3Build(deps-dev): Bump lockfile-lint from 4.12.1 to 4.13.1 (#39675)f92d635Build(deps-dev): Bump eslint-plugin-unicorn from 51.0.0 to 51.0.1 (#39676)Updates
dompurifyfrom 2.4.3 to 3.1.5Release notes
Sourced from dompurify's releases.
... (truncated)
Commits
6676133Merge pull request #964 from cure53/main16a46dechore: Preparing 3.1.5 release7cf4890chore: Experimentally removing the depth counter logic as we have better defe...bfeb9a9see #9617517e9cMerge pull request #960 from cure53/main3ddb7f2chore: Preparing 3.1.4 release4486f91test: Experimentally changed TEST_PROBE_ONLY to not cover 2.x1223487fix: Added MSIE number check fix to main as wella34860bMerge pull request #957 from Gigabyte5671/popover-api96bf0d4Merge pull request #956 from MortenHofft/patch-1Updates
isomorphic-dompurifyfrom 0.26.0 to 2.12.0Release notes
Sourced from isomorphic-dompurify's releases.
... (truncated)
Commits
dafb24eUpdated dependencies. Increased version.4bfd3bcMerge pull request #271 from kkomelin/dependabot/npm_and_yarn/dompurify-3.1.57f4ee0aBump dompurify from 3.1.4 to 3.1.5fa0afffMerge pull request #269 from kkomelin/dependabot/npm_and_yarn/jsdom-24.1.0a8ded3cBump jsdom from 24.0.0 to 24.1.0422a93dUpdated dependencies.fc2f1e0Merge pull request #268 from kkomelin/dependabot/npm_and_yarn/dompurify-3.1.4b312969---cf2d9f1Upgraded dependencies. Added some more meta-keywords. Increased version.5b7d3cfMerge pull request #267 from kkomelin/dependabot/npm_and_yarn/dompurify-3.1.3Updates
jqueryfrom 3.6.3 to 3.7.1Release notes
Sourced from jquery's releases.
Commits
f79d5f13.7.1399b201Release: revert change that broke releasef85d521Release: update authors763ade6Build: Generate the slim build ongrunt& runcompare_sizeon ita288838CSS: Make the reliableTrDimensions support test work with Bootstrap CSS (3.x ...87467a6Selector: Only attach the unload handler in IE & Edge Legacy3c18c1fBuild: Make sure*.cjs&*.mjsfiles use UNIX line endings as well72ae577Build: switch preferred email for timmywila370d7dBuild: Build: Bump actions/checkout from 3.5.2 to 3.5.34a29888Docs: Fix typos found by codespellUpdates
jsdomfrom 21.1.0 to 24.1.0Release notes
Sourced from jsdom's releases.
... (truncated)
Changelog
Sourced from jsdom's changelog.
... (truncated)
Commits
4555914Version 24.1.0a693107Fix elements with names from Object.prototype8738255Add regression test for comma selectora343932Implement the getSetCookie() method of Headersf2fa507Update URLs and fix grammar error7dc7ab9Fix getComputedStyle() not-implemented messagef5f2468Update dependencies and most dev dependenciesb32d82bFix wpt failure in overwritten-customElements-global.html2f8a730Version 24.0.0db0a4dcImplement the remaining types of numeric reflectionUpdates
autoprefixerfrom 10.4.13 to 10.4.19Release notes
Sourced from autoprefixer's releases.
Changelog
Sourced from autoprefixer's changelog.
Commits
8060e33Release 10.4.19 versionfe7bae4Remove end→flex-end warning5f6f362Update dependencies13a86dfMove to flat ESLint configb3e0579Update dependencies90dc18dRelease 10.4.18 version0af1be8Update dependencies1efe165Update c8 config80ff109Add Node.js 21 to CI5e5d193Automate release creationUpdates
copy-webpack-pluginfrom 11.0.0 to 12.0.2Release notes
Sourced from copy-webpack-plugin's releases.
Changelog
Sourced from copy-webpack-plugin's changelog.
Commits
64d67ecchore(release): 12.0.2a7379a9fix: improve perf (#764)7ee03c9build: set targets to node 18 in babel.config.js (#762)b4f5ec0chore(release): 12.0.155036abfix: improve perf (#760)f2a5db3chore(release): 12.0.0a5b7d06chore!: minimum supported Node.js version is18.12.0(#759)74a3666chore: update dependencies to latest version (#757)9d2ce6echore: update github action/setup-node (#754)40a5203chore: update dependencies to the latest version (#753)Updates
css-loaderfrom 6.7.3 to 7.1.2Release notes
Sourced from css-loader's releases.
... (truncated)
Changelog
Sourced from css-loader's changelog.
... (truncated)
Commits
d5ba44achore(release): 7.1.276757effix: keep order of@imports with thewebpackIgnorecomment (#1600)4b41689ci: use node v22 (#1596)2068222chore: update dependencies to latest version (#1595)e006f66refactor: useenvironmentto gettemplateLiteralvalue (#1591)5c717c9chore(release): 7.1.1d6c31a1fix: automatically rename classdefaultto_defaultwhen named export is ...b162e25chore(release): 7.1.015f793ddocs: update logic (#1587)9c165a4docs: update migration guide (#1586)Updates
html-loaderfrom 4.2.0 to 5.0.0Release notes
Sourced from html-loader's releases.
Changelog
Sourced from html-loader's changelog.
Commits
80ea21bchore(release): 5.0.0e06fa80docs: removeextract-loader(#505)c82cfeachore!: minimum supported Node.js version is18.12.0(#504)011ab04chore: update dependencies to latest version (#503)35d539dchore: update github action/setup-node (#501)f9bb807chore: update dependencies to the latest version (#500)e77b360chore: upgrade dependencies to the latest version (#497)73ca994chore: update github actions/checkout (#496)8ff402echore: update dependencies to the latest version (#495)b210e39chore: update dependencies to the latest version (#494)