[Snyk] Upgrade bootstrap from 4.5.0 to 4.6.1

[snyk-bot]

Snyk has created this PR to upgrade bootstrap from 4.5.0 to 4.6.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-10-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Improper Certificate Validation SNYK-JS-NODESASS-1059081	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bootstrap

• 4.6.1 - 2021-10-28
  

  What's changed

  • Replace Sass division with multiplication and custom divide() function by @ mdo in #34571
  • Update RFS to v8.1.0 by @ XhmikosR in #34571
  • fix(forms): input-group and validation icons by @ ffoodd in #32968
  • Fix minor visual bug in Firefox caused by moz-focusring by @ kremit in #32821
  • Adjust SAFE_URL_PATTERN regex for use with test method of regexes by @ nikonthethird in #33153
  • Add sms in the SAFE_URL_PATTERN for sanitizer by @ XhmikosR in #35074
  • Adjust feedback icon position and padding for select.form-control by @ mdo in #33206
  • Carousel: use buttons, not links, for prev/next controls by @ patrickhlauke in #33165
  • v4: Sass docs for default variables by @ mdo in #33392
  • Handle complex expressions in add() & subtract() by @ ffoodd in #34047
  • More concise improvements for add() and subtract() by @ ffoodd in #34432
  • Remove aria-haspopup from dropdowns by @ patrickhlauke in #33624
  • Dropdown: support .dropdown-item wrapped in <li> tags by @ cpsievert in #33649
  • Update Node versions in JS tests (drop Node 10, add Node 16), update docs JS assets and add variables for vertical-align in spinners by @ XhmikosR in #33807
  • Replace Freenode with Libera IRC server by @ midzer #34050
  • Fix repetition in the Navbar docs description by @ coliff in #34208
  • Enable 0.x with negative margins in utilities by @ k-utsumi in #33593
  • Remove print thead rule by @ coliff in #34426
  • Fix prevented show event disabling modals with fade class from being displayed again by @ alpadev in #34087
  • Input group validation with custom-file input by @ ffoodd in #33239
  • Add eslint-plugin-qunit and tighten JS tests by @ XhmikosR in #32270
  • Update our tests to Node 16 and npm 8 by @ XhmikosR in #35142
  • Disabled link cleanup by @ patrickhlauke in #34924
  • Updated our devDependencies including terser; also enabled two passes for terser by @ XhmikosR

  Full changelog

  v4.6.0...v4.6.1

• 4.6.0 - 2021-01-19
• 4.5.3 - 2020-10-13
• 4.5.2 - 2020-08-06
• 4.5.1 - 2020-08-04
• 4.5.0 - 2020-05-12

from bootstrap GitHub release notes

Commit messages

Package name: bootstrap

• 043a03c Release v4.6.1 (#35272)
• ef6a418 images.md: remove zero-width space (#35234)
• 3f88326 Update devDependencies (#35271)
• 4133069 Update devDependencies and switch to Node.js 16/npm 8
• fc492ed terser: specify 2 passes as it offers slightly better compression
• fe73da9 JS: minor refactoring
• 4f0187c Revert "Bundlewatch: stop ignoring dependabot branches (#33192)" (#35069)
• 6d0fd8c Backport #35074
• 7b3a47e Update terser to v5.9.0.
• e482fbb fix(input-group): custom-file with validation (#33239)
• 8133c3e Fix capitalization after period in Markdown files (#35112)
• 44a01ec Update devDependencies (#35068)
• 8ebd6d9 Remove extra spaces in Markdown files (#35047)
• bdab948 Remove unneeded conditional
• af52795 Remove duplicate test.
• f6ff736 Change test description so that it's unique
• 77e0855 Merge duplicate test.
• ed62ab6 Remove commented out test
• d4e162f Skip tests if `attachShadow` is not present
• 551f37a tests: comply to the new rules
• 5391ecd Add eslint-plugin-qunit
• e202996 Update devDependencies
• cb55e38 Update CodeQL workflow (#34961)
• 08a550a Backport #34937

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs