[Snyk] Upgrade bootstrap from 5.3.2 to 5.3.3

[Sarrac3873]

Snyk has created this PR to upgrade bootstrap from 5.3.2 to 5.3.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released on 8 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	410	No Known Exploit
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	410	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	410	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	410	Proof of Concept
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	410	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	410	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	410	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	410	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	410	No Known Exploit
	Open Redirect SNYK-JS-EXPRESS-6474509	410	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	410	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	410	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	410	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	410	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	410	No Known Exploit

Release notes

Package name: bootstrap

• 5.3.3 - 2024-02-20
  

  Highlights

  • Fixed a breaking change introduced with color modes where it was required to manually import variables-dark.scss when building Bootstrap with Sass. Now, _variables.scss will automatically import _variables-dark.scss. If you were already importing _variables-dark.scss manually, you should keep doing it as it won't break anything and will be the way to go in v6.
  • Fixed a regression in the selector engine that wasn't able to handle multiple IDs anymore.

  Color modes

  • Badges now use the .text-bg-* text utilities to be certain that the text is always readable (especially when the customized colors are different in light and dark modes).
  • Fixed our color-modes.js script to handle the case where the OS is set to light mode and the auto color mode is used on the website. If you copied the script from our docs, you should apply this change to your own script.
  • Fixed color schemes description in the color modes documentation to show that color-scheme() only accept light and dark values as parameters.

  Miscellaneous

  • Allowed <dl>, <dt> and <dd> in the sanitizer.
  • Dropped evenly items distribution for modal and offcanvas headers.
  • Fixed the accordion CSS selectors to avoid inheritance issues when nesting accordions.
  • Fixed the focus box-shadow for the validation stated form controls.
  • Fixed the focus ring on focused checked buttons.
  • Fixed the product example mobile navbar toggler.
  • Changed the RTL processing of carousel control icons.

  ---

  🎨 CSS

  • #37508: Use child combinators to avoid inheriting parent accordion's flush styles
  • #38719: Fix focus box-shadow for validation stated form-controls
  • #38884: fix border-radius on radio-switch
  • #39294: Tests: update navbar in visual modal test
  • #39373: refactor css: modal and offcanvas header spacing
  • #39380: Fix Sass compilation breaking change in v5.3
  • #39387: docs: fix typo
  • #39411: Optimize the accordion icon
  • #39497: Fix a typo
  • #39536: Changed RTL processing of carousel control icons
  • #39560: Drop --bs-accordion-btn-focus-border-color and deprecate $accordion-button-focus-border-color
  • #39595: CSS: Fix the focus ring on focused checked buttons

  ☕️ JavaScript

  • #39201: Selector Engine: fix multiple IDs
  • #39224: Fix edge case in color-mode.js
  • #39376: Allow dl, dt and dd in sanitizer

  📖 Docs

  • #39200: Typo Fix
  • #39214: Doc: use .text-bg-{color} for all badges
  • #39246: Docs: fix for example code blocks have unnecessary 30px right-margin
  • #39249: Doc: consistent rendering of 'Heads up!' callouts
  • #39281: Fix getOrCreateInstance() doc example
  • #39293: Update background.md
  • #39304: Doc: add expanded accordion explanation
  • #39320: Drop .table-light from table foot example
  • #39340: Doc: add dispose() to Offcanvas methods
  • #39378: Docs: fix sentence in modal
  • #39417: Fix color schemes description in Sass customization documentation
  • #39418: Docs: change vite config path import in vite guide
  • #39435: Docs: add shift-color() usage example in sass customization page
  • #39458: Docs: enhance .card-img-* description
  • #39503: Minor image compression improvements
  • #39519: Docs: use consistent HTML elements in Utilities -> Background page
  • #39520: Docs: drop unused .theme-icon class
  • #39528: docs: clean up example.html
  • #39537: Docs: fix desc around deprecated Sass mixins for alerts and list groups
  • #39539: Update links on get-started page
  • #39592: Update vite.md
  • #39604: Fix typo in 'media-breakpoint-between' in migration docs
  • #39617: Docs: add missing comma in native font stack code source in Content -> Reboot
  • #39663: updated table to be responsive

  🛠 Examples

  • #39657: Fix product example mobile navbar toggler
  • #39585: Docs: Add missing type="button" to Cheatsheet nav buttons

  🏭 Tests

  • #39294: Tests: update navbar in visual modal test

  🧰 Misc

  • #39096: CI: stop running coveralls in forks
  • #39501: CI: switch to Node.js 20

  📦 Dependencies

  • Updated numerous devDependencies
• 5.3.2 - 2023-09-14
  

  Highlights

  • Passing a percentage unit to the global abs() is deprecated since Dart Sass v1.65.0. It resulted in a deprecation warning when compiling Bootstrap with Dart Sass. This has been fixed internally by changing the values passed to the divide() function. The divide() function has not been fixed itself so that we can keep supporting node-sass cross-compatibility. In v6, this won't be an issue as we plan to drop support for node-sass.
  • Using multiple ids in a collapse target wasn't working anymore and has been fixed.

  Color modes

  • Increased color contrast of form range track background in light and dark modes.
  • Fixed table state rendering for color modes with a focus on the striped table in dark mode to increase color contrast.
  • Allow <mark> color customization for color modes.

  Docs

  • Added alternative CDNs section in Getting started -> Download.
  • Added Discord and Bootstrap subreddit links in README and Getting started -> Introduction:
    • Discord maintained by the community
    • Bootstrap subreddit

  ---

  🎨 CSS

  • #38816: Use box-shadow CSS variables shadow utilities
  • #38955: Fix radios looking like ellipse on responsive mode
  • #38976: Use box-shadow CSS vars instead of Sass vars in assets and variables
  • #39030: Fix dart-sass deprecation warning
  • #39033: Color mode: fix table state rendering
  • #39095: Make form range track background more contrasted
  • #39119: New Sass var $btn-link-focus-shadow-rgb to allow customization
  • #39141: New Sass variable to handle <mark> dark mode bg color

  ☕️ JavaScript

  • #38989: Collapse: Fix multiple ids calls
  • #39046: Dropdown: reuse variable

  📖 Docs

  • #38873: Discord reddit bootstrap
  • #38970: docs: add BootstrapVueNext to docs
  • #38977: Docs: Add missing form elements in focusable elements
  • #38978: Docs: Fix popover template role error
  • #38995: introduction: drop details element
  • #39037: Further improve image compression with oxipng and the latest jpegoptim
  • #39054: Docs: Remove incorrect mention of .left- and .right- utilities from migration guide
  • #39060: Migration: add back v5.0.0 heading
  • #39145: Docs: add warning callout to add a workaround when jsDelivr is not available
  • #39177: Fix: make theme selector tick icon visible when active in examples layout
  • #39179: download: Reword CDN paragraph

  🛠 Examples

  • #38994: examples: update 3rd-party packages
  • #39086: Correct grammar error in examples/starter-template

  🌎 Accessibility

  • #38978: Docs: Fix popover template role error
  • #39095: Make form range track background more contrasted

  🧰 Misc

  • #38983: Improve change-version script
  • #38984: Convert build scripts to ESM
  • #39021: CI: update permissions for calibreapp-image-actions.yml

  📦 Dependencies

  • Updated numerous devDependencies

from bootstrap GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs