Task #89544
closedBump bootstrap from 3.3.7 to 3.4.1 in /Build
0%
Description
Bumps [bootstrap](https://github.com/twbs/bootstrap) from 3.3.7 to 3.4.1.
<details>
<summary>Release notes</summary>
Sourced from [bootstrap's releases](https://github.com/twbs/bootstrap/releases).
- v3.4.1
- Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
- Handle bad selectors (`#`) in `data-target` for Dropdowns
- Clarified tooltip selector documentation
- Added support for NuGet contentFiles
- v3.4.0
- New: Added a `.row-no-gutters` class.
- New: Added docs searching via Algolia.
- Fixed: Resolved an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. See <https://snyk.io/vuln/npm:bootstrap:20160627> for details.
- Fixed: Added padding to `.navbar-fixed-*` on modal open
- Fixed: Removed the double border on `<abbr>` elements.
- Removed Gist creation in web-based Customizer since anonymous gists were disabled long ago by GitHub.
- Removed drag and drop support from Customizer since it didn't work anymore.
- Added a dropdown to the docs nav for newer and previous versions.
- Update the docs to use a new `baseurl`, `/docs/3.4/`, to version the v3.x documentation like we do with v4.
- Reorganized the v3 docs CSS to use Less.
- Switched to BrowserStack for tests.
- Updated links to always use https and fix broken URLs.
- Replaced ZeroClipboard with clipboard.js
</details>
<details>
<summary>Commits</summary>
- [`68b0d23`](https://github.com/twbs/bootstrap/commit/68b0d231a13201eb14acd3dc84e51543d16e5f7e) Dist
- [`2ccfa57`](https://github.com/twbs/bootstrap/commit/2ccfa57467c0e31ec2016d1be03c55184ce8a69d) handle # selector for dropdown
- [`a43077d`](https://github.com/twbs/bootstrap/commit/a43077d3c3b3ef9b2afc426a573b40daeff788fe) Bump version to 3.4.1.
- [`d821de2`](https://github.com/twbs/bootstrap/commit/d821de271297a74a8d6a309de1d4cd9113dd77ed) Backport sanitize docs from v4.
- [`5cd9ef4`](https://github.com/twbs/bootstrap/commit/5cd9ef47f60113212b7afcdfe8d8a4883376b464) Add wdm gem for Windows.
- [`d6b8501`](https://github.com/twbs/bootstrap/commit/d6b8501e4c2e20b6b50303c10c6a2d3ef2ac5c3b) ES5 fixes.
- [`2c8abb9`](https://github.com/twbs/bootstrap/commit/2c8abb9a4393addc5ffb39e649e09391c2fee701) Add sanitize for tooltips and popovers html content.
- [`d4129df`](https://github.com/twbs/bootstrap/commit/d4129dff60d4c0c1d4ce300a485086dfe4c79cf3) Bump year.
- [`0d64d6a`](https://github.com/twbs/bootstrap/commit/0d64d6aee646a5167d5b94217cdbd32888cf1218) less/modals.less: Add missing semicolon.
- [`48c5d7b`](https://github.com/twbs/bootstrap/commit/48c5d7b8e9f65c6339390469ef6fe18b5ee6b8c3) Use https.
- Additional commits viewable in [compare view](https://github.com/twbs/bootstrap/compare/v3.3.7...v3.4.1)
</details>
<details>
<summary>Maintainer changes</summary>
This version was pushed to npm by [xhmikosr](https://www.npmjs.com/~xhmikosr), a new releaser for bootstrap since your current version.
</details>
<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bootstrap&package-manager=npm_and_yarn&previous-version=3.3.7&new-version=3.4.1)](https://help.github.com/articles/configuring-automated-security-fixes)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TYPO3/TYPO3.CMS/network/alerts).
</details>
This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/201
Updated by Georg Ringer over 4 years ago
- Related to Bug #90496: yarn audit shows 56 vulns added