Bootstrap 4.5.0 represents an evolution of the popular front-end framework, building upon the solid foundation laid by version 4.4.1. Both versions aim to ease the development of responsive, mobile-first web projects, but key differences lie in their development dependencies and the tooling used to build and test the library. A move to newer versions of key dependencies are visible like eslint updated to 7.0.0, jquery at ^3.5.1, rollup at ^2.9.1, and terser at ^4.6.13. Testing is also enhanced with karma at ^5.0.5 and the addition of linkinator indicating a stronger focus on link integrity.
Developers upgrading from 4.4.1 will find an updated development workflow, potentially leveraging the newer features and optimizations in the updated tools but with limited breaking changes that impact the end result. The update likely contains bug fixes and performance improvements achieved through the updated build pipeline and testing infrastructure. The peer dependencies are unchanged between versions, with jquery and popper.js remaining vital external requirements for most bootstrap components. While both versions offer the familiar Bootstrap experience, the 4.5.0 release demonstrates a commitment to staying current with modern web development practices and tooling, leading to a more reliable and maintainable framework for developers.
All the vulnerabilities related to the version 4.5.0 of the package
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
