Snyk has created this PR to upgrade bootstrap from 4.1.1 to 4.4.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 7 versions ahead of your current version.
The recommended version was released 5 months ago, on 2019-11-28.
Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.
New responsive .row-cols classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.
New escape-svg() function for simplifying our embedded background-image SVGs for forms and more.
New add() and subtract() functions for avoiding errors and zero values from CSS's built in calc feature.
New make-col-auto() mixin to make our .col-auto class available with custom HTML.
Fixed an issue with Microsoft Edge not picking up :disabled styles by moving selectors to [disabled].
Deprecated:bg-variant(), nav-divider(), and form-control-focus() mixins are now deprecated as they're going away in v5.
Updated our spacing and alignment for modal footer elements like buttons to automatically wrap when space is constrained.
More flexible form control validation styles thanks to fewer chained selectors. Also updated the :invalid validation icon to be an alert instead of an × to avoid confusion with browser functionality for clearing the form field value.
Fixed a couple dozen CSS and JS bugs.
Moved to GitHub Actions for CI/CD! Expect more updates to our CI setup over time here while Actions evolves.
Updated documentation to fix links and typos, improved landmarks for secondary navigation, and a new security doc for guidelines on reporting potential vulnerabilities.
New: Added .stretched-link utility to make any anchor the size of it's nearest position: relative parent, perfect for entirely clickable cards!
New: Added .text-break utility for applying word-break: break-word
New: Added .rounded-sm and .rounded-lg for small and large border-radius.
New: Added .modal-dialog-scrollable modifier class for scrolling content within a modal.
New: Added responsive .list-group-horizontal modifier classes for displaying list groups as a horizontal row.
Improved: Reduced our compiled CSS by using null for variables that by default inherit their values from other elements (e.g., $headings-color was inherit and is now null until you modifier it in your custom CSS).
Improved: Badge focus styles now match their background-color like our buttons.
Fixed: Silenced bad selectors in our JS plugins for the href HTML attribute to avoid JavaScript errors. Please try to use valid selectors or the data-target HTML attribute/target option where available.
Fixed: Reverted v4.2.1's change to the breakpoint and grid container Sass maps that blocked folks from upgrading when modifying those default variables.
Fixed: Restored white-space: nowrap to .dropdown-toggle (before v4.2.1 it was on all .btns) so carets don't wrap to new lines.
Deprecated:img-retina, invisible, float, and size mixins are now deprecated and will be removed in v5.
Fixed: Removed the :not(:root) selector from our svg Reboot styles, resolving an issue that caused all inline SVGs ignore vertical-align styles via single class due to higher specificity.
Fixed: Moved the browserslist config from our package.json to a separate file to avoid unintended inherited browser settings across npm projects.
Fixed: Buttons in custom file inputs are once again clickable when focused.
Improved: Bootstrap's plugins can now be imported separately in any contexts because they are now UMD ready.
Improved:.form-controls now have a fixed height to compensate for differences in computed height across different types. This also fixes some IE alignment issues.
Improved: Added Noto Color Emoji to our system font stack for better rendering in Linux OSes.
Snyk has created this PR to upgrade bootstrap from 4.1.1 to 4.4.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
npm:bootstrap:20180529
SNYK-JS-BOOTSTRAP-73560
SNYK-JS-BOOTSTRAP-173700
Release notes
Package name: bootstrap
Highlights
Here's what you need to know about v4.4.0. Remember that with every minor and major release of Bootstrap, we ship a new URL for our hosted docs to ensure URLs continue to work.- New responsive containers! Over a year in the making, fluid up to a particular breakpoint, available for all responsive tiers.
.row-cols
classes for quickly specifying the number of columns across breakpoints. This one is huge for those of you who have asked for responsive card decks.escape-svg()
function for simplifying our embeddedbackground-image
SVGs for forms and more.add()
andsubtract()
functions for avoiding errors and zero values from CSS's built incalc
feature.make-col-auto()
mixin to make our.col-auto
class available with custom HTML.:disabled
styles by moving selectors to[disabled]
.bg-variant()
,nav-divider()
, andform-control-focus()
mixins are now deprecated as they're going away in v5.:invalid
validation icon to be an alert instead of an×
to avoid confusion with browser functionality for clearing the form field value.Links
Highlights
.stretched-link
utility to make any anchor the size of it's nearestposition: relative
parent, perfect for entirely clickable cards!.text-break
utility for applyingword-break: break-word
.rounded-sm
and.rounded-lg
for small and largeborder-radius
..modal-dialog-scrollable
modifier class for scrolling content within a modal..list-group-horizontal
modifier classes for displaying list groups as a horizontal row.null
for variables that by default inherit their values from other elements (e.g.,$headings-color
wasinherit
and is nownull
until you modifier it in your custom CSS).background-color
like our buttons.href
HTML attribute to avoid JavaScript errors. Please try to use valid selectors or thedata-target
HTML attribute/target
option where available.white-space: nowrap
to.dropdown-toggle
(before v4.2.1 it was on all.btn
s) so carets don't wrap to new lines.img-retina
,invisible
,float
, andsize
mixins are now deprecated and will be removed in v5.Links
Bump to v4.2.1 to republish package on npm. See v4.2.0 release notes for changes introduced in v4.2.
:not(:root)
selector from oursvg
Reboot styles, resolving an issue that caused all inline SVGs ignorevertical-align
styles via single class due to higher specificity.package.json
to a separate file to avoid unintended inherited browser settings across npm projects..form-control
s now have a fixedheight
to compensate for differences in computed height across differenttype
s. This also fixes some IE alignment issues.Noto Color Emoji
to our system font stack for better rendering in Linux OSes.Checkout the v4.1.2 ship list and GitHub project for the full details.
Commit messages
Package name: bootstrap
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs