Bootstrap 4.5.2 is a minor patch release in the Bootstrap 4 series, building upon the preceding version 4.5.1. Both versions share the same core description: a popular front-end framework designed for building responsive, mobile-first web projects. They maintain identical dependencies and peer dependencies, using tools like jQuery and Popper.js. For developers, minimal changes between versions typically involve bug fixes, performance improvements, and potentially very minor feature additions.
When choosing between the two, developers should prioritize the latest version (4.5.2) to benefit from any fixes and enhancements made since 4.5.1, offering increased stability and a better development experience. The "devDependencies" in both versions are identical, so there are definitely no new features or components. The uncompressed size difference of ~1.5KB is negligible and also the file count and all other meta data looks very similar. Unless there is a specific compatibility issue with a third-party library, upgrading to 4.5.2 is advisable. For new projects, always use the latest version.
All the vulnerabilities related to the version 4.5.2 of the package
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.
