Update dependency bootstrap to v4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bootstrap (source)	^3.3.7 → ^4.0.0

---

Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes

CVE-2024-6485 / GHSA-vxmc-5x29-h64v

More information

Details

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.

Severity

• CVSS Score: 6.4 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-6485
• https://github.com/twbs/bootstrap
• https://lists.debian.org/debian-lts-announce/2025/04/msg00020.html
• https://www.herodevs.com/vulnerability-directory/cve-2024-6485

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

twbs/bootstrap (bootstrap)

v4.0.0

Compare Source

Our first stable v4 release! 🎉

Highlights:

• Brand new examples and overhauls for existing ones.
• Additional border utilities have been added and the default border-color for them darkened from $gray-200 to $gray-300.
• Pagination focus styles now match button and input focus state.
• Added responsive .order-0 classes to reset column order.
• Improved examples of form validation documentation by adding tooltip examples and more.
• New documentation added for using our CSS variables to the Theming page.
• Improved consistent across browsers when printing.
• Sass map extends and docs
• New and improved print display utilities

Project board

For more details, visit #​25098.

---

Configuration

📅 Schedule: (in timezone US/Eastern)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

/opt/containerbase/tools/corepack/0.34.6/14.18.2/node_modules/corepack/dist/yarn.js:2
process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT??='1'
                                           ^^^

SyntaxError: Unexpected token '??='
    at wrapSafe (internal/modules/cjs/loader.js:1001:16)
    at Module._compile (internal/modules/cjs/loader.js:1049:27)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:790:12)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
    at internal/main/run_main_module.js:17:47