[Security] Bump bootstrap from 4.1.2 to 4.5.0

[dependabot-preview[bot]]

Bumps bootstrap from 4.1.2 to 4.5.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects bootstrap and bootstrap-sass In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

Affected versions: >= 4.0.0 < 4.3.1

Release notes

Sourced from bootstrap's releases.

v4.5.0

Highlights

• New interaction utilities. Quickly set user-select with the new utilities and Sass map.
• New Reboot style for pointer cursors. We now include a role="button" selector in Reboot to set cursor: pointer on non-<button> element buttons.
• Examples are now downloadable. We've added a script to zip up and offer all our Examples as their own download from the docs.
• Saved ~5% from the compressed minified JS builds.
• Added guidance to our docs for how to work around our longstanding input group rounded corner bug.
• Redesigned docs homepage and navbar to increment us towards v5's new docs design.
• Deprecated bg-gradient-variant mixin as it's being removed in v5.
• Updated to jQuery v3.5.1, Jekyll v4, and dropped Node.js < 10 for development.

CSS

• #29413: Prevent vertical offset on progress bar in IE11
• #29745: Add display: flex on .breadcrumb-item
• #29819: Allow percentages in container widths
• #29857: Escape brackets
• #29946: Added new variable for padding on dropdown header
• #30004: Fixes disabled .btn cursor
• #30036: Added focus state to .btn-link
• #30043: Fix IE auto-size input-group to column
• #30049: Prevent grid with default cols from breaking when large pre is present by setting min-width: 0
• #30074: Use word-wrap in .text-break for IE and Edge compatibility
• #30166: Avoid border-radius functions returning negative values
• #30183: Remove unnecessary reduce motion when $enable-transition: false
• #30244: Fix centered modal scrolling issue
• #30262: Prevent link underline change from affecting some components
• #30361: Remove appearance from date inputs
• #30391: Prevent redundant transition: none in transition()` mixin
• #30497: Fix card list group borders & radii
• #30504: Fix spinner-grow animation in Safari
• #30515: Add .card-footer color
• #30555, #30512, #30480: Use box-shadow mixin for .form-select, .btn, and other form controls
• #30562: Added new interaction utilities for user-select and a new - role="button" in Reboot to set cursor: pointer.
• #30582: Delete unnecessary appearance: none from button.close
• #30594: Deprecate bg-gradient-variant mixin
• #30605, #30606: Grid now checks for for $grid-columns > 0
• #30609: Checks for an empty $grid-breakpoints map list to remove all breakpoints
• #30660: Prevent list group style leaks
• #30685: Disable auto-hiding scrollbar in IE and legacy Edge

JavaScript

• #29986: Close modal with keyboard=true & backdrop=static
• #29968: sanitizer.js: Add srcset in the allowed attributes
• #30381: Updated tab.js to address accessibility issue when using ul/li semantic
• #30383: ensure totype always return stringified null when null passed
• #30388: enable button toggle on label when checkbox is inside
• #30490: Switch to string constants to save ~5% on compressed file size

Commits

• 7a6da5e Dist
• 109ad5d Bump version to 4.5.0.
• 4a0ddb0 Wording fixes
• 0f26be5 Move the input groups validation workaround in docs.
• 842b0d2 Remove mention of build tools
• 32932d2 Grammar fixes
• 4a26e51 Include the newly added utilities/interactions.scss file
• 0f3eda8 Update devDependencies and gems.
• 30e7df6 Backport d59de33 from #30772
• f1827ce Avoid bad scrollbar replacement into width values
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by xhmikosr, a new releaser for bootstrap since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

[dependabot-preview[bot]]

Superseded by #113.