Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency bootstrap-select to ~1.13.0 [SECURITY] #498

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency bootstrap-select to ~1.13.0 [SECURITY] #498

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 27, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
bootstrap-select (source) ~1.12.1 -> ~1.13.0 age adoption passing confidence

GitHub Vulnerability Alerts

GHSA-9r7h-6639-v5mw

Versions of bootstrap-select prior to 1.13.6 are vulnerable to Cross-Site Scripting (XSS). The package does not escape title values on <option> tags. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 1.13.6 or later.

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

Release Notes

snapappointments/bootstrap-select (bootstrap-select)

v1.13.6

Compare Source

Bug Fixes
  • #​1321: remove extra files from bower release
  • #​1665: performance improvements
  • #​1832: use on and trigger event handlers instead of click and change shorthand
  • #​2078: Elements in an input group below a selectpicker have a higher z-index, causing them to appear above the opened menu
  • #​2150: Live search discards the first typed character
  • #​2163: Cannot read property 'top' of undefined (ensure container exists)
  • #​2166: Sub options display separately instead of as 1 list
  • #​2187: move bulk of logic into a setTimeout for faster page load
  • #​2189: Empty select refresh error "Cannot read property 'classList' of undefined"
  • #​2198: "Cannot read property '0' of undefined" when dropupAuto is false and the select is at the bottom of the page
  • #​2199: Escaped tags parsed as non-escaped in title and data-content
  • #​2202: always update menu size after updates to live search
  • #​2206: Map file for minified js version does not work correctly
  • #​2210: An extra divider is added if an optgroup is the last visible element and there are hidden options after it
  • #​2217: The bottom divider of an optgroup disappears when searching and one of the options in the optgroup is hidden
Security
  • #​2199: Fixed an XSS vulnerability with data-content, data-subtext, and title options. Implemented a new HTML sanitizer for data-content.

v1.13.5

Compare Source

Bug Fixes
  • #​2160: Selects with a title option throw an error in the render function

v1.13.4

Compare Source

Bug Fixes
  • #​1710: When listening for keydown event on .bs-searchbox, ensure it is a child of .bootstrap-select
  • #​1943: Option dropdownAlignRight auto doesn't work
  • #​2034: Uncaught TypeError: Cannot read property '0' of undefined
  • #​2082: button vertical alignment
  • #​2105: Dynamically added picker causes resize JS error
  • #​2118: Memory leak: getPlacement resize & scroll
  • #​2140: data-hidden broken in v1.13.0
  • #​2151: This plugins broken when the version of IE below 10
Documentation
  • #​2125: add styleBase option to documentation
New Features

v1.13.3

Compare Source

Bug Fixes
  • #​1425: Don't render checkMark (tickIcon) if showTick is false or the select is not multiple
  • #​1828: Select not working on mobile
  • #​2045: 'auto' width not working
  • #​2086: Cannot read property 'display' of undefined
  • #​2092: Cannot read property 'className' of undefined
  • #​2101: Extra tick mark when using livesearch in Bootstrap 4

v1.13.2

Compare Source

Bug Fixes
  • #​1999: selected styling removed from previous option in a multiselect
  • #​2024: Arrow down key doesn't scroll the view to the top when virtualScroll is disabled
  • #​2027: data-max-options="1" not removing selected class
  • #​2029: LiveSearch and "Select All" selects too many options
  • #​2033: Dividers broken on bootstrap 4
  • #​2035: Selectbox with live search throwing error when UP/DOWN key is pressed
  • #​2038: Select / Deselect All buttons are modifying disabled options
  • #​2044: When data-container is set, first click resets scroll position
  • #​2045: 'auto' width not working
  • #​2047: Optgroup labels are escaped
  • #​2058: Menu hight is not properly calculated when using data-size and styling the options' height
  • #​2079: Subtext is difficult to read on active options
New Features
  • #​1972: add option to manually specify Bootstrap's version
  • #​2036: Add support for Bootstrap dropdown's display property added in v4.1.0

v1.13.1

Compare Source

Bug Fixes
  • #​1342: Bootstrap select doesn't send field data on form submit (set form attribute on select element to fix)
  • #​2402: In Internet Explorer, with liveSearchPlaceholder enabled, can't select option while searchBox is focused. Also, selected option doesn't get scrolled to when opening menu
  • #​2464: title attribute does not work in 1.13.17 (Safari)
  • #​2469: Shift-Tab key not working in 1.13.17
  • #​2474: With multiple selects, cannot select options with keyboard after using mouse to select options
  • #​2483: Dropdown with unselectable index 0 will not scroll to top on arrow_down with last index selected
  • #​2491: remove placeholder/title option when destroying selectpicker

v1.13.0

Compare Source

Bug Fixes
  • #​2060: form control sizing classes not working
  • fix sass variable syntax
  • #​2062: popper error when bootstrap-select is in a navbar
  • #​1913: &nbsp; causing formatting errors on MacOS
  • #​2061: unnecessary caret code with Bootstrap 4
  • #​2065: .empty() method is not working
  • #​2063: New-lines in options cause formatting issues with title attribute (if multiple options selected)
  • #​2064: Purely numeric data-subtext breaks live search
  • #​2066: Button padding when using data-width="fit" is incorrect
  • #​2067: input group addons not displaying properly
  • #​2077: selectAll performance in Edge is abysmal
  • #​2074: show-menu-arrow not displaying properly
  • #​2068: Bootstrap 4 validation pseudo classes not being applied properly when new options are appended dynamically
  • #​2070: popover-title is not popover-header in Bootstrap 4
  • #​2075: liveSearch with data-content not working
  • #​2072: Button text breaks to the next line when using form-control as styleBase (Bootstrap 4)
  • #​2069: Placeholder text is unreadable on darker buttons (btn-primary, btn-success, etc.)
  • #​1691: XSS vulnerability in option title
New Features
  • #​1404, #​1697: changed.bs.select now passes through previousValue as the third parameter (instead of the previous value of the option, which was redundant). This is the value of the select prior to being changed.
  • update jQuery range to make v1.9.1 the minimum (and exclude version 4)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants