Project

General

Profile

Actions

Task #89544

closed

Bump bootstrap from 3.3.7 to 3.4.1 in /Build

Added by Forger Service about 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2019-10-30
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Bumps [bootstrap](https://github.com/twbs/bootstrap) from 3.3.7 to 3.4.1.
<details>
<summary>Release notes</summary>

Sourced from [bootstrap's releases](https://github.com/twbs/bootstrap/releases).

  1. v3.4.1
  • Security: Fixed an XSS vulnerability (CVE-2019-8331) in our tooltip and popover plugins by implementing a new HTML sanitizer
  • Handle bad selectors (`#`) in `data-target` for Dropdowns
  • Clarified tooltip selector documentation
  • Added support for NuGet contentFiles
  1. v3.4.0
    - New: Added a `.row-no-gutters` class.
    - New: Added docs searching via Algolia.
    - Fixed: Resolved an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal, and Tab components. See <https://snyk.io/vuln/npm:bootstrap:20160627> for details.
    - Fixed: Added padding to `.navbar-fixed-*` on modal open
    - Fixed: Removed the double border on `<abbr>` elements.
    - Removed Gist creation in web-based Customizer since anonymous gists were disabled long ago by GitHub.
    - Removed drag and drop support from Customizer since it didn't work anymore.
    - Added a dropdown to the docs nav for newer and previous versions.
    - Update the docs to use a new `baseurl`, `/docs/3.4/`, to version the v3.x documentation like we do with v4.
    - Reorganized the v3 docs CSS to use Less.
    - Switched to BrowserStack for tests.
    - Updated links to always use https and fix broken URLs.
    - Replaced ZeroClipboard with clipboard.js

</details>
<details>
<summary>Commits</summary>

- [`68b0d23`](https://github.com/twbs/bootstrap/commit/68b0d231a13201eb14acd3dc84e51543d16e5f7e) Dist
- [`2ccfa57`](https://github.com/twbs/bootstrap/commit/2ccfa57467c0e31ec2016d1be03c55184ce8a69d) handle # selector for dropdown
- [`a43077d`](https://github.com/twbs/bootstrap/commit/a43077d3c3b3ef9b2afc426a573b40daeff788fe) Bump version to 3.4.1.
- [`d821de2`](https://github.com/twbs/bootstrap/commit/d821de271297a74a8d6a309de1d4cd9113dd77ed) Backport sanitize docs from v4.
- [`5cd9ef4`](https://github.com/twbs/bootstrap/commit/5cd9ef47f60113212b7afcdfe8d8a4883376b464) Add wdm gem for Windows.
- [`d6b8501`](https://github.com/twbs/bootstrap/commit/d6b8501e4c2e20b6b50303c10c6a2d3ef2ac5c3b) ES5 fixes.
- [`2c8abb9`](https://github.com/twbs/bootstrap/commit/2c8abb9a4393addc5ffb39e649e09391c2fee701) Add sanitize for tooltips and popovers html content.
- [`d4129df`](https://github.com/twbs/bootstrap/commit/d4129dff60d4c0c1d4ce300a485086dfe4c79cf3) Bump year.
- [`0d64d6a`](https://github.com/twbs/bootstrap/commit/0d64d6aee646a5167d5b94217cdbd32888cf1218) less/modals.less: Add missing semicolon.
- [`48c5d7b`](https://github.com/twbs/bootstrap/commit/48c5d7b8e9f65c6339390469ef6fe18b5ee6b8c3) Use https.
- Additional commits viewable in [compare view](https://github.com/twbs/bootstrap/compare/v3.3.7...v3.4.1)
</details>
<details>
<summary>Maintainer changes</summary>

This version was pushed to npm by [xhmikosr](https://www.npmjs.com/~xhmikosr), a new releaser for bootstrap since your current version.
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bootstrap&package-manager=npm_and_yarn&previous-version=3.3.7&new-version=3.4.1)](https://help.github.com/articles/configuring-automated-security-fixes)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)


<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/TYPO3/TYPO3.CMS/network/alerts).

</details>

This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/201


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #90496: yarn audit shows 56 vulnsClosed2020-02-22

Actions
Actions #1

Updated by Georg Ringer over 4 years ago

  • Status changed from New to Closed

fixed with #90496

Actions #2

Updated by Georg Ringer over 4 years ago

  • Related to Bug #90496: yarn audit shows 56 vulns added
Actions

Also available in: Atom PDF