deps: update dependency bootstrap to v5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
bootstrap (source)	^4.6.1 -> ^5.0.0

GitHub Vulnerability Alerts

CVE-2024-6531

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

---

Release Notes

twbs/bootstrap (bootstrap)

v5.0.0

Compare Source

Highlights

#​32155: Updated make-col() mixin to generate equal columns when no size is specified
#​32763: Added new color-scheme() mixin
#​33389: Dropdown menus now have option become clickable
#​33453: Added new docs footer
#​33548: Offcanvas header components are now vertically aligned
#​33549: Added offcanvas-top modifier
#​33634: Added support for .dropdown-items wrapped in <li>s
#​33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #​32763: Add color-scheme mixin
• #​33389: Dropdown — Add option to make the dropdown menu clickable
• #​33549: Add offcanvas-top modifier

🎨 CSS

• #​32155: Add equal column mixin
• #​32763: Add color-scheme mixin
• #​33292: Make accordion icon rotation more natural
• #​33411: Fix validation feedback icon in select multiple
• #​33478: Make .nav-link color consistent when using buttons
• #​33482: Dropdown — Apply positioning only when Popper is not used
• #​33548: Vertically align offcanvas header components
• #​33549: Add offcanvas-top modifier
• #​33550: Spinner alignment changes
• #​33598: Hide validation icons from multiple selects
• #​33600: Have $form-check-input-border's default derive from $black
• #​33607: Reduce color-scheme complexity
• #​33642: use :read-only css selector instead [readonly] for consistency
• #​33658: fix: use list-group variable instead of alert
• #​33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #​32439: Decouple BackDrop from modal
• #​33245: Decouple Modal's scrollbar functionality
• #​33249: Simplify Modal Config
• #​33250: Simplify ScrollSpy config
• #​33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #​33389: Dropdown — Add option to make the dropdown menu clickable
• #​33429: Remove element event listeners through base component
• #​33451: Add missing things in hide method of dropdown
• #​33456: Use our isDisabled util on dropdown
• #​33466: Refactor dropdown's hide functionality
• #​33479: Fix dropdown escape propagation
• #​33496: Use cached noop function
• #​33497: Use template literals instead of concatenation
• #​33499: Fix wrong carousel transformation, direction to order
• #​33545: Use the backdrop util in offcanvas, enforcing consistency
• #​33586: Tab.js: Fixes on click handling
• #​33589: refactor: make static selectMenuItem method private
• #​33612: tests: fix random BrowserStack failures in scrollbar
• #​33626: Fix v5 regressions in tab dropdown functionality
• #​33634: Dropdown: support .dropdown-item wrapped in <li> tags
• #​33638: Fix toggle between modals example
• #​33643: fix: clicking an item in navbar dropdown should not collapse the dropdown in firefox
• #​33666: Modal.js: fix test for scrollbar
• #​33677: Offcanvas.js: If scroll is allowed, should allow focus on other elements
• #​33684: Don't change the value for altBoundary option
• #​33706: Scrollbar: respect the initial body overflow value

📖 Docs

• #​33446: Make offcanvas example fully static
• #​33453: Add new docs footer
• #​33521: The spacing margin side identifiers 's' and 'e' may be intuitive for …
• #​33522: Clarify docs accordion example
• #​33543: Update parcel.md
• #​33553: Add example: Panels stay open
• #​33567: Fixed wrong method name _getInstance
• #​33571: footer: fix rel=noopener attribute
• #​33583: docs: update clipboard.js to v2.0.8
• #​33597: Docs: Fix wrong dark attribute in Table - Vertical Alignment
• #​33632: Correct the heading for the States section
• #​33638: Fix toggle between modals example
• #​33664: Docs: fix W3C validation errors in list-group example
• #​33668: Update anchor.js to v4.3.1.
• #​33669: Change from preventOverflow to detectOverflow in boundary option
• #​33675: Fix typo
• #​33676: Fix Grid System docs
• #​33685: docs: fix the default value of Popper's boundary option
• #​33687: Fixes #​33686 typo in RTL docs
• #​33690: Add Bootstrap Icons to alerts docs
• #​33726: Replace modal and scrollspy placeholder content
• #​33733: Tooltip/Popover — Minor doc updates
• #​33735: Clarify boundary option description
• #​33772: Improve overall new examples' accessibility
• #​33782: Add new team members to the Teams page
• #​33786: Docs: adding intro about web accessibility
• #​33797: Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls
• #​33810: Tweak toast docs
• #​33829: Update migration guide for some v5 changes
• #​33832: Fix doc typo and Bootstrap Icons link
• #​33833: refactor(docs): Added form file input variables
• #​33834: Rewrite migration guide

Examples

• #​33097: Update RTL examples
• #​33759: fix: change margin breakpoints for bootstrap logo on double header
• #​33681: Fixes signup form in Heroes example
• #​33569: Improve responsiveness of Features examples

🌎 Accessibility

• #​33772: Improve overall new examples' accessibility
• #​33810: Tweak toast docs

🏭 Tests

• #​33578: Remove unnecessary data-bs-backdrop="static" from modal tests
• #​33612: tests: fix random BrowserStack failures in scrollbar
• #​33666: Modal.js: fix test for scrollbar
• #​33734: Add missing test for clicking select option in a dropdown

🧰 Misc

• #​33720: JS tests: add Node.js 16

📦 Dependencies

• Updated numerous devDependencies https://github.com/twbs/bootstrap/pulls?q=is%3Apr+is%3Aclosed+label%3Adependencies+project%3Atwbs%2Fbootstrap%2F27

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.