Release notes
*Sourced from [bootstrap's releases](https://github.com/twbs/bootstrap/releases).*
> ## v3.4.1
> * **Security:** Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
> * Handle bad selectors (`#`) in `data-target` for Dropdowns
> * Clarified tooltip selector documentation
> * Added support for NuGet contentFiles
>
> ## v3.4.0
> - **New:** Added a `.row-no-gutters` class.
> - **New:** Added docs searching via Algolia.
> - **Fixed:** Resolved an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. See for details.
> - **Fixed:** Added padding to `.navbar-fixed-*` on modal open
> - **Fixed:** Removed the double border on `` elements.
> - Removed Gist creation in web-based Customizer since anonymous gists were disabled long ago by GitHub.
> - Removed drag and drop support from Customizer since it didn't work anymore.
> - Added a dropdown to the docs nav for newer and previous versions.
> - Update the docs to use a new `baseurl`, `/docs/3.4/`, to version the v3.x documentation like we do with v4.
> - Reorganized the v3 docs CSS to use Less.
> - Switched to BrowserStack for tests.
> - Updated links to always use https and fix broken URLs.
> - Replaced ZeroClipboard with clipboard.js
>
> ## v3.3.7
> Release announcement blog post: https://blog.getbootstrap.com/2016/07/25/bootstrap-3-3-7-released/
>
> ### JavaScript
> - [#19192](https://github-redirect.dependabot.com/twbs/bootstrap/issues/19192) Fix keyboard navigation for toggle buttons (checkbox, radio, single toggle) following a mouse click
> - [#19659](https://github-redirect.dependabot.com/twbs/bootstrap/issues/19659): Clear tooltip's `$element` to prevent leaking memory
> - [#20019](https://github-redirect.dependabot.com/twbs/bootstrap/issues/20019): Avoid calling `jQuery('#')` since it's a syntax error in jQuery 3
> - [#20259](https://github-redirect.dependabot.com/twbs/bootstrap/issues/20259): Backport jQuery-related JS unit test fixes from v4
> - [#20278](https://github-redirect.dependabot.com/twbs/bootstrap/issues/20278): button.js: Set disabled property in addition to disabled attribute, for jQuery 3 compatibility
> - [#20313](https://github-redirect.dependabot.com/twbs/bootstrap/issues/20313): Avoid using `$.offset()` on SVGs since it gives incorrect results in jQuery 3
> - [#20338](https://github-redirect.dependabot.com/twbs/bootstrap/issues/20338): Update jQuery version check and jQuery dependency version range to allow jQuery 3
>
> ### CSS
>
> No significant changes.
>
> ### Accessibility
> - [#19704](https://github-redirect.dependabot.com/twbs/bootstrap/issues/19704): Add `aria-label` and callout about labeling pagination components
>
> ### Docs
> - [#19263](https://github-redirect.dependabot.com/twbs/bootstrap/issues/19263) Bump html5shiv to v3.7.3
> - [#19273](https://github-redirect.dependabot.com/twbs/bootstrap/issues/19273) Port v4 browser support table format to v3
> - [#19893](https://github-redirect.dependabot.com/twbs/bootstrap/issues/19893): Update jQuery to v1.12.4
> - Numerous Wall of Browser Bugs updates
Commits
- [`68b0d23`](https://github.com/twbs/bootstrap/commit/68b0d231a13201eb14acd3dc84e51543d16e5f7e) Dist
- [`2ccfa57`](https://github.com/twbs/bootstrap/commit/2ccfa57467c0e31ec2016d1be03c55184ce8a69d) handle # selector for dropdown
- [`a43077d`](https://github.com/twbs/bootstrap/commit/a43077d3c3b3ef9b2afc426a573b40daeff788fe) Bump version to 3.4.1.
- [`d821de2`](https://github.com/twbs/bootstrap/commit/d821de271297a74a8d6a309de1d4cd9113dd77ed) Backport sanitize docs from v4.
- [`5cd9ef4`](https://github.com/twbs/bootstrap/commit/5cd9ef47f60113212b7afcdfe8d8a4883376b464) Add wdm gem for Windows.
- [`d6b8501`](https://github.com/twbs/bootstrap/commit/d6b8501e4c2e20b6b50303c10c6a2d3ef2ac5c3b) ES5 fixes.
- [`2c8abb9`](https://github.com/twbs/bootstrap/commit/2c8abb9a4393addc5ffb39e649e09391c2fee701) Add sanitize for tooltips and popovers html content.
- [`d4129df`](https://github.com/twbs/bootstrap/commit/d4129dff60d4c0c1d4ce300a485086dfe4c79cf3) Bump year.
- [`0d64d6a`](https://github.com/twbs/bootstrap/commit/0d64d6aee646a5167d5b94217cdbd32888cf1218) less/modals.less: Add missing semicolon.
- [`48c5d7b`](https://github.com/twbs/bootstrap/commit/48c5d7b8e9f65c6339390469ef6fe18b5ee6b8c3) Use https.
- Additional commits viewable in [compare view](https://github.com/twbs/bootstrap/compare/v3.3.6...v3.4.1)
Maintainer changes
This version was pushed to npm by [xhmikosr](https://www.npmjs.com/~xhmikosr), a new releaser for bootstrap since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/smmorneau/tour-of-heroes/network/alerts).
Bumps bootstrap from 3.3.6 to 3.4.1.
Release notes
*Sourced from [bootstrap's releases](https://github.com/twbs/bootstrap/releases).* > ## v3.4.1 > * **Security:** Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer > * Handle bad selectors (`#`) in `data-target` for Dropdowns > * Clarified tooltip selector documentation > * Added support for NuGet contentFiles > > ## v3.4.0 > - **New:** Added a `.row-no-gutters` class. > - **New:** Added docs searching via Algolia. > - **Fixed:** Resolved an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. SeeCommits
- [`68b0d23`](https://github.com/twbs/bootstrap/commit/68b0d231a13201eb14acd3dc84e51543d16e5f7e) Dist - [`2ccfa57`](https://github.com/twbs/bootstrap/commit/2ccfa57467c0e31ec2016d1be03c55184ce8a69d) handle # selector for dropdown - [`a43077d`](https://github.com/twbs/bootstrap/commit/a43077d3c3b3ef9b2afc426a573b40daeff788fe) Bump version to 3.4.1. - [`d821de2`](https://github.com/twbs/bootstrap/commit/d821de271297a74a8d6a309de1d4cd9113dd77ed) Backport sanitize docs from v4. - [`5cd9ef4`](https://github.com/twbs/bootstrap/commit/5cd9ef47f60113212b7afcdfe8d8a4883376b464) Add wdm gem for Windows. - [`d6b8501`](https://github.com/twbs/bootstrap/commit/d6b8501e4c2e20b6b50303c10c6a2d3ef2ac5c3b) ES5 fixes. - [`2c8abb9`](https://github.com/twbs/bootstrap/commit/2c8abb9a4393addc5ffb39e649e09391c2fee701) Add sanitize for tooltips and popovers html content. - [`d4129df`](https://github.com/twbs/bootstrap/commit/d4129dff60d4c0c1d4ce300a485086dfe4c79cf3) Bump year. - [`0d64d6a`](https://github.com/twbs/bootstrap/commit/0d64d6aee646a5167d5b94217cdbd32888cf1218) less/modals.less: Add missing semicolon. - [`48c5d7b`](https://github.com/twbs/bootstrap/commit/48c5d7b8e9f65c6339390469ef6fe18b5ee6b8c3) Use https. - Additional commits viewable in [compare view](https://github.com/twbs/bootstrap/compare/v3.3.6...v3.4.1)Maintainer changes
This version was pushed to npm by [xhmikosr](https://www.npmjs.com/~xhmikosr), a new releaser for bootstrap since your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/smmorneau/tour-of-heroes/network/alerts).