[Snyk] Upgrade bootstrap from 3.4.1 to 5.3.8

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade bootstrap from 3.4.1 to 5.3.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 55 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	130	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	130	Proof of Concept
	Cross-site Scripting SNYK-JS-BOOTSTRAP-7444617	130	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	130	No Known Exploit
	Always-Incorrect Control Flow Implementation SNYK-JS-HTTPPROXYMIDDLEWARE-9691387	130	No Known Exploit
	Improper Check for Unusual or Exceptional Conditions SNYK-JS-HTTPPROXYMIDDLEWARE-9691389	130	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	130	No Known Exploit
	Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729	130	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	130	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	130	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-10176066	130	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	130	Proof of Concept

Release notes

Package name: bootstrap

• 5.3.8 - 2025-08-26
  

  What's Changed

  • Streamline release prep script by @ mdo in #41539
  • Docs: restore local dev port to 9001 by @ chalin in #41545
  • Docs: use Example shortcode instead of divs with only .bd-example class by @ julien-deramond in #41556
  • Docs: fix scss autorecompile in dev mode by @ MaxLardenois in #41574
  • Fix color-contrast() function for WCAG 2.1 compliance by @ julien-deramond in #41585
  • OSSF Scorecard by @ mdo in #41571
  • Workflows: Use SHA-1 for third-party actions by @ julien-deramond in #41595
  • Docs: unminify downloadable example HTML files by @ julien-deramond in #41637
  • Docs: Add tooltips to buttons when <Example> is used, not just <Code> by @ louismaximepiton in #41582
  • Set cursor pointer on input search cancel button by @ mdo in #41639
  • CSS: Prevent spinner distortion in flex containers with multiline content by @ julien-deramond in #41654
  • Migrate MyGet script to GH actions by @ supergibbs in #41583
  • Revert "Attempt to return focus explicitly to dropdown trigger" by @ mdo in #41668
  • docs: Minor range example code optimization by @ coliff in #41665
  • Remove Themes from docs by @ mdo in #41671
  • Release v5.3.8 by @ mdo in #41669

  Dependencies

  • Build(deps-dev): Bump the development-dependencies group with 3 updates by @ julien-deramond in #41540
  • Build(deps-dev): Bump the development-dependencies group with 2 updates by @ julien-deramond in #41544
  • Build(deps-dev): Bump stylelint-config-twbs-bootstrap from 16.0.0 to 16.1.0 by @ julien-deramond in #41546
  • Build(deps-dev): Bump the development-dependencies group with 5 updates by @ julien-deramond in #41552
  • Build(deps-dev): Bump the development-dependencies group with 4 updates by @ julien-deramond in #41560
  • Build(deps-dev): Bump the development-dependencies group with 3 updates by @ julien-deramond in #41566
  • Build(deps): Bump actions/upload-artifact from 4.6.1 to 4.6.2 by @ dependabot[bot] in #41594
  • Build(deps-dev): Bump the development-dependencies group with 4 updates by @ julien-deramond in #41599
  • Build(deps-dev): Bump the development-dependencies group with 2 updates by @ julien-deramond in #41609
  • Build(deps): Bump github/codeql-action from 3.29.2 to 3.29.3 by @ dependabot[bot] in #41611
  • Build(deps): Bump streetsidesoftware/cspell-action from 7.1.1 to 7.1.2 by @ dependabot[bot] in #41610
  • Build(deps-dev): Bump the development-dependencies group with 4 updates by @ julien-deramond in #41621
  • Build(deps): Bump streetsidesoftware/cspell-action from 7.1.2 to 7.2.0 by @ dependabot[bot] in #41625
  • Build(deps): Bump actions-cool/issues-helper from 3.6.0 to 3.6.2 by @ dependabot[bot] in #41623
  • Build(deps): Bump github/codeql-action from 3.29.3 to 3.29.4 by @ dependabot[bot] in #41624
  • Build(deps-dev): Bump the development-dependencies group across 1 directory with 3 updates by @ dependabot[bot] in #41626
  • Build(deps): Bump github/codeql-action from 3.29.4 to 3.29.5 by @ dependabot[bot] in #41640
  • Build(deps): Bump tmp from 0.2.3 to 0.2.4 by @ dependabot[bot] in #41649
  • Build(deps): Bump github/codeql-action from 3.29.7 to 3.29.8 by @ dependabot[bot] in #41657
  • Build(deps): Bump actions/checkout from 4.2.2 to 5.0.0 by @ dependabot[bot] in #41655
  • Build(deps): Bump github/codeql-action from 3.29.8 to 3.29.10 by @ dependabot[bot] in #41664

  New Contributors

  • @ chalin made their first contribution in #41545

  Full Changelog: v5.3.7...v5.3.8

• 5.3.7 - 2025-06-17
  

  📚 Documentation

  • Fixed broken "View on GitHub" URLs
  • Corrected HTML <head> content generated by the "Download examples" button
  • Refined sanitizer documentation for clarity and completeness
  • Improved accessibility in the "On this page" table of contents and section heading anchor links
  • Relocated ads to the right sidebar to minimize content reflow
  • Added a new section on the Download page for the Intelissence extension
  • Clarified the "Via JavaScript" usage example for Accordion Collapse
  • Made internal documentation improvements to support future maintenance (no visible user impact)
  • Mention CDN integrity and crossorigin attributes in introduction page
  • Enhance floating labels placeholder usage description
  • Add example of showing dynamic range value with output

  🎨 Sass

  • Consolidated multiple 'none' values in the box-shadow Sass mixin for cleaner output

  🤖 JavaScript

  • Fixed popover and tooltip behavior with a trigger: "hover click" configuration

  🤝 Contributions

  • Added recommended VSCode extensions and settings configuration to the repository
• 5.3.6 - 2025-05-05
  

  Highlights

  • Ported the docs from Hugo to Astro for our own sanity!
  • Added usage docs for Accordion JavaScript
  • Prevent .visually-hidden overflowing children to become focusable
  • Limit .card-group selectors to immediate children to fix some inheritance issues

  Changes

  • docs: update readme to include bun install by @ Electroid in #41277
  • Docs: fix specification for getInstance by @ fulldecent in #41297
  • Mention npm install and npm run dist in CONTRIBUTING.md by @ mdo in #41340
  • docs: add Sass deprecations notice in docs by @ MaxLardenois in #41283
  • docs: Better indicate include options in sass setup. by @ Kelketek in #41143
  • docs: add 'skeleton loaders' to loading placeholders description by @ MohamadSalman11 in #41177
  • Update offcanvas.md To Mention Adding data-bs-target for Close Buttons in Offcanvas Components by @ ASchoe311 in #41325
  • Limit selectors in .card-group to immediate children to fix border-radius bug by @ mscdex in #41298
  • Docs: add Border radius section for Input group by @ TommasoAllegretti in #40776
  • Docs: use 'i.e.' instead of 'e.g.' in Floating Labels example description by @ julien-deramond in #41364
  • Docs: move Cheatsheet RTL example to the RTL category by @ julien-deramond in #41282
  • Doc: fix blockquote mismatch by @ viniciusvts in #41295
  • Removed broken translation links by @ MasterPuffin in #41359
  • Docs: migration from Hugo to Astro by @ julien-deramond in #41251
  • Update devDependencies by @ julien-deramond in #41383
  • Bump image-size from 1.0.2 to 2.0.2 by @ julien-deramond in #41384
  • Add switch attribute to docs for switch checkbox by @ mdo in #41396
  • Add private comment to BaseComponent Class by @ MohamadSalman11 in #41254
  • Alternate for #41142, disabled list group items by @ mdo in #41397
  • Docs: add Usage section with JavaScript guide for Accordion component by @ TommasoAllegretti in #40768
  • Attempt to return focus explicitly to dropdown trigger by @ mdo in #41365
  • Fix typos and code indentation in Forms > Checks and radios by @ julien-deramond in #41399
  • chore: Spell check .md and .mdx files. by @ Jason3S in #41398
  • Remove files configuration from .cspell.json by @ julien-deramond in #41400
  • Docs: Remove unneeded Twitter/X metatags (as it uses Open Graph for title/description and image) by @ coliff in #41408
  • Move _isShown() method to private section by @ MohamadSalman11 in #41220
  • Removed line break between // Private comment and method by @ MohamadSalman11 in #41218
  • remove link to sunset resource on accessibility.mdx by @ crgrafton in #41418
  • docs(pagination): put current page on link element for a11y by @ MarkoOleksiyenko in #41154
  • Update devDependencies and regenerate package-lock.json by @ julien-deramond in #41425
  • Prevent .visually-hidden overflowing children to become focusable by @ ffoodd in #41286
  • Add docs release prep script by @ mdo in #41435
  • Release v5.3.6 by @ mdo in #41406

  New Contributors

  • @ Electroid made their first contribution in #41277
  • @ MaxLardenois made their first contribution in #41283
  • @ Kelketek made their first contribution in #41143
  • @ ASchoe311 made their first contribution in #41325
  • @ mscdex made their first contribution in #41298
  • @ viniciusvts made their first contribution in #41295
  • @ MasterPuffin made their first contribution in #41359
  • @ Jason3S made their first contribution in #41398
  • @ crgrafton made their first contribution in #41418

  Full Changelog: v5.3.5...v5.3.6

• 5.3.5 - 2025-04-04
  

  Hot fix for a regression from upstream in Autoprefixer.

  What's Changed

  • Fix floating labels rendering on Firefox by @ julien-deramond in #41347
  • Bump to v5.3.5 by @ mdo in #41348

  Full Changelog: v5.3.4...v5.3.5

• 5.3.4 - 2025-04-03
  

  Changes

  • #40888: Dependabot: switch to grouped updates

  🚀 Features

  • #41299: Typo fixed
  • #41187: Docs: mention removal of util.js in migration guide