search

snoopysecurity / dvws-node

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.
GNU General Public License v3.0
455 stars 179 forks source link

[Snyk] Upgrade bootstrap from 4.0.0 to 4.6.2 #42

Closed snoopysecurity closed 1 year ago

snoopysecurity commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade bootstrap from 4.0.0 to 4.6.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **16 versions** ahead of your current version. - The recommended version was released **10 months ago**, on 2022-07-19. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Cross-site Scripting (XSS)
[SNYK-JS-BOOTSTRAP-173700](https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit | Cross-site Scripting (XSS)
[SNYK-JS-BOOTSTRAP-73560](https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-73560) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit | Cross-site Scripting (XSS)
[npm:bootstrap:20180529](https://snyk.io/vuln/npm:bootstrap:20180529) | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: bootstrap
  • 4.6.2 - 2022-07-19

    Highlights

    • Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
    • We've replaced the deprecated color-adjust with print-color-adjust in our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, like bootstrap.min.css, you may still see the warning.
    • Tweaked the size of small and .small to compute to a whole pixel value (was 12.8px and now is 14px).
    • Improved accessibility around our dropdowns, color contrast, and role attributes.
    • Fixed some broken links to supporting documentation.
    • Updated dependencies across the board.

    What's Changed

    New Contributors

    Full Changelog: v4.6.1...v4.6.2

  • 4.6.1 - 2021-10-28
    Read more
  • 4.6.0 - 2021-01-19
  • 4.5.3 - 2020-10-13
  • 4.5.2 - 2020-08-06
  • 4.5.1 - 2020-08-04
  • 4.5.0 - 2020-05-12
  • 4.4.1 - 2019-11-28
  • 4.4.0 - 2019-11-26
  • 4.3.1 - 2019-02-13
  • 4.3.0 - 2019-02-11
  • 4.2.1 - 2018-12-21
  • 4.1.3 - 2018-07-24
  • 4.1.2 - 2018-07-12
  • 4.1.1 - 2018-04-30
  • 4.1.0 - 2018-04-09
  • 4.0.0 - 2018-01-18
from bootstrap GitHub release notes
Commit messages
Package name: bootstrap
  • e5643aa Release v4.6.2 (#36725)
  • 82a1f33 Docs: Capitalize Unicode (#36735)
  • 4954ea1 Add Fathom to v4 (#36727)
  • fdf1c37 Update devDependencies (#36724)
  • 35be9e7 Docs: update clipboard.js to v2.0.11
  • def158d Update devDependencies (#36522)
  • 6fd2030 v4: Improve accessible name of version dropdown in docs navbar (#36504)
  • d136302 v4 Docs: Update outdated ARIA/PF link, expand color contrast explanation in `accessibility.md` (#36492)
  • b4c994d Remove confusing unnecessary id/aria-labelledby for dropdown menus (#36491)
  • 4e951f8 Docs: fix some ARIA Authoring Practices Guides broken links (#36490)
  • 8274bf2 Fixing tabs' tests (#36485)
  • 4444f09 Add horizontal collapse support
  • 5968ef2 Fix closing HTML tag in navs docs (#36466)
  • 261b418 Update devDependencies
  • c043a75 Update GitHub actions
  • c1b42e3 build/change-version.js: remove the executable flag
  • 7d57d9a Dynamic tabs: use buttons rather than links (backport to v4) (#33163)
  • e4dc2e9 Doc: remove `role="group"` from some split drop* buttons (#36254)
  • 6a50084 Replace the deprecated `color-adjust` with `print-color-adjust` (#36283)
  • d9481ee _custom-forms.scss: fix order of attributes (#36231)
  • d36b1a4 Fix lint issues
  • 7613953 Update devDependencies
  • 0090af6 package.json: add GitHub Sponsors and reorder properties (#35451)
  • bae047f Move linkinator to GitHub Actions. (#35573)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/snyk-hunter/project/aa9eaf48-e582-4652-b7a0-94cdad3ea905?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/snyk-hunter/project/aa9eaf48-e582-4652-b7a0-94cdad3ea905/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/snyk-hunter/project/aa9eaf48-e582-4652-b7a0-94cdad3ea905/settings/integration?pkg=bootstrap&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)