[Security] Bump bootstrap from 3.4.1 to 4.1.2

Bumps bootstrap from 3.4.1 to 4.1.2. This update includes security fixes.

Vulnerabilities fixed

*Sourced from The GitHub Security Advisory Database.* > **Moderate severity vulnerability that affects bootstrap** > In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042. > > Affected versions: < 4.1.2

Release notes

*Sourced from [bootstrap's releases](https://github.com/twbs/bootstrap/releases).* > ## v4.1.2 > - Fixed an XSS vulnerability in tooltip, collapse, and scrollspy plugins > - Improved how we query elements in our JavaScript plugins > - Inline SVGs now have the same vertical alignment as images > - Fixed issues with double transitions on carousels > - Added Edge and IE10-11 fallbacks to our floating labels example > - Various improvements to form controls, including disabled states on file inputs and unified focus styles for selects > > Checkout the [v4.1.2 ship list](https://github-redirect.dependabot.com/twbs/bootstrap/issues/26423) and [GitHub project](https://github.com/twbs/bootstrap/projects/14) for the full details. > > ## v4.1.1 > **Our first patch release for Bootstrap 4!** Here's a quick rundown of some of the changes: > > - Added validation styles for file inputs > - Improved printing of dark tables > - Suppressed that `text-hide` deprecation notice by default > - Cleaned up some JS globals and improve coverage > - Bumped dependencies, namely Jekyll > - Fixed docs issue with incorrect name for our monospace font utility > > Checkout the [v4.1.1 ship list](https://github-redirect.dependabot.com/twbs/bootstrap/issues/25971) and [GitHub project](https://github.com/twbs/bootstrap/projects/13) for the full details. > > ## v4.1.0 > - Added new custom range form control. > - Added new `.carousel-fade` modifier to switch carousel from horizontal sliding to crossfade. > - Added new `.dropdown-item-text` for plaintext dropdown items. > - Added new `.flex-fill`, `.flex-grow-*`, and `.flex-shrink-*` utilities. > - Added new `.table-borderless` variant for tables. > - Added new `.text-monospace` utility. > - Added new `.text-body` (default body color), `.text-black-50` (50% opacity black), and `.text-white-50` (50% opacity white) utilities. > - Added new `.shadow-*` utilities for quickly adding `box-shadow`s. > - Added ability to disable Popper's positioning in dropdowns. > - Fixed longstanding issue with Chrome incorrectly rendering cards across CSS columns. > - Deprecated `.text-hide`—you'll see a warning during compilation—as it's a dated and undocumented feature. > - Fixed up Dashboard and Offcanvas examples across Firefox and IE. > - Breadcrumbs can now use non-string values as dividers. > - Updated our Theming docs to confirm you _cannot_ use CSS variables in media queries (sorry folks!). > > Be sure to look at the [ship list](https://github-redirect.dependabot.com/twbs/bootstrap/issues/25375) and [project board](https://github.com/twbs/bootstrap/projects/5) for more details on all our fixes. > > ## v4.0.0 > Our first stable v4 release! 🎉 > > ### Highlights: > - Brand new examples and overhauls for existing ones. > - Additional border utilities have been added and the default `border-color` for them darkened from `$gray-200` to `$gray-300`. > - Pagination focus styles now match button and input focus state. > - Added responsive `.order-0` classes to reset column order. > - Improved examples of form validation documentation by adding tooltip examples and more. > - New documentation added for using our CSS variables to the [Theming page](https://getbootstrap.com/docs/4.0/getting-started/theming/). > ... (truncated)

Commits

- [`1f46337`](https://github.com/twbs/bootstrap/commit/1f46337a89ed21c94a7c37bc0c0e14a71fef7d97) Update README.md - [`c4ccfbe`](https://github.com/twbs/bootstrap/commit/c4ccfbe04e888f3623d74963ba72d2320da0785a) Ship v4.1.2 - [`a49f5ca`](https://github.com/twbs/bootstrap/commit/a49f5cab6fb2e106113e5ab59fdcecc7f9349301) Clean up npm scripts a bit more. - [`6589408`](https://github.com/twbs/bootstrap/commit/6589408a4b91c0f58fa4ac1508d69e3e9e4345e1) Update scripts. - [`de7bef8`](https://github.com/twbs/bootstrap/commit/de7bef881e9431df4b75cd08968351f4fa1ffaa0) update card columns docs to make copy more accurate - [`5a11ba5`](https://github.com/twbs/bootstrap/commit/5a11ba5d6b5e07ff4f0bb241171d1a1752c1c375) clarify docs dev and add 4.0 link - [`aedd700`](https://github.com/twbs/bootstrap/commit/aedd7007682ef39feefce2aea1e4ddba5637cf04) change dist to only affect main since docs css isn't distributed - [`4518288`](https://github.com/twbs/bootstrap/commit/4518288c7ceb92aa8f1b61a383bc75d6c90017d1) Move copy tasks back to css-main and js-compile so docs-github task runs prop... - [`159aebc`](https://github.com/twbs/bootstrap/commit/159aebc27461553e2ad9ff26a3922eff2d392a34) Update watch scripts to properly copy JS files - [`01f568d`](https://github.com/twbs/bootstrap/commit/01f568d9a5c60b3bd7c85c409247e117dd11df9f) fixes [#26637](https://github-redirect.dependabot.com/twbs/bootstrap/issues/26637) - Additional commits viewable in [compare view](https://github.com/twbs/bootstrap/compare/v3.4.1...v4.1.2)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

publiclab / leaflet-blurred-location-display

[Security] Bump bootstrap from 3.4.1 to 4.1.2 #74