Bump bootstrap from 4.6.2 to 5.0.0

[dependabot]

Bumps bootstrap from 4.6.2 to 5.0.0.

Release notes

Sourced from bootstrap's releases.

v5.0.0

Highlights

#32155: Updated make-col() mixin to generate equal columns when no size is specified #32763: Added new color-scheme() mixin #33389: Dropdown menus now have option become clickable #33453: Added new docs footer #33548: Offcanvas header components are now vertically aligned #33549: Added offcanvas-top modifier #33634: Added support for .dropdown-items wrapped in <li>s #33626: Fix v5 regressions in tab dropdown functionality

🚀 Features

• #32763: Add color-scheme mixin
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33549: Add offcanvas-top modifier

🎨 CSS

• #32155: Add equal column mixin
• #32763: Add color-scheme mixin
• #33292: Make accordion icon rotation more natural
• #33411: Fix validation feedback icon in select multiple
• #33478: Make .nav-link color consistent when using buttons
• #33482: Dropdown — Apply positioning only when Popper is not used
• #33548: Vertically align offcanvas header components
• #33549: Add offcanvas-top modifier
• #33550: Spinner alignment changes
• #33598: Hide validation icons from multiple selects
• #33600: Have $form-check-input-border's default derive from $black
• #33607: Reduce color-scheme complexity
• #33642: use :read-only css selector instead [readonly] for consistency
• #33658: fix: use list-group variable instead of alert
• #33736: accordion: fix border-top on Firefox

☕️ JavaScript

• #32439: Decouple BackDrop from modal
• #33245: Decouple Modal's scrollbar functionality
• #33249: Simplify Modal Config
• #33250: Simplify ScrollSpy config
• #33310: fix: make EventHandler better handle mouseenter/mouseleave events
• #33389: Dropdown — Add option to make the dropdown menu clickable
• #33429: Remove element event listeners through base component
• #33451: Add missing things in hide method of dropdown
• #33456: Use our isDisabled util on dropdown
• #33466: Refactor dropdown's hide functionality
• #33479: Fix dropdown escape propagation
• #33496: Use cached noop function

... (truncated)

Commits

• bf09367 Release v5.0.0 (#33647)
• 48ae5a7 Rewrite migration guide (#33834)
• f086572 refactor(docs): Added form file input variables (#33833)
• 1a54286 Fix doc typo and Bootstrap Icons link (#33832)
• e2df73f Update migration guide for some v5 changes (#33829)
• 1e6356a Neutralise more words from placeholder text (#33731)
• 6633845 Bump eslint-config-xo from 0.35.0 to 0.36.0 (#33646)
• cb38744 Tweak toast docs (#33810)
• c2ff225 Bump rollup from 2.46.0 to 2.47.0 (#33818)
• c090ea2 Bump @​babel/preset-env from 7.14.0 to 7.14.1 (#33819)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[amotl]

I am hesitant merging this without manual verification that nothing goes south. Maybe you can have a quick look, @msbt? Please don't put in too many efforts fixing this, we can easily keep using Bootstrap 4, and this project's maintenance is offically on a hiatus.

[amotl]

@dependabot recreate

[msbt]

@amotl I went down the rabbithole to see what happens when we upgrade bootstrap and node (#863). Updating bootstrap and removing node-sass without updating the sass and sass-loader packages wasn't promising. It seems to have worked when updating both (also, bootstrap 5.3 instead of 5.0), the only caveat is pinning the sass module to a specific version ("sass": "1.77.6",, see ¹ and ²), due to many deprecation warnings, which don't appear in that version.

Is there any reason why dependabot was going with bootstrap 5.0 and not the latest, 5.3?

So after my local changes and removing node-sass via #863 I don't see any warnings and the gui looks as usual - as far as I can tell. Should I commit the changes and you can also give it a go?

Footnotes

1. https://github.com/twbs/bootstrap/issues/40621#issuecomment-2359914180 ↩

2. https://github.com/twbs/bootstrap/issues/40849#issuecomment-2419614620 ↩

[amotl]

Wow. Thanks. Yes, please submit your updates. According to your evaluations, I think we could consider merging them. Will you use a separate PR, eventually including individual commits from both this one (GH-852), and the other (GH-863)?

We can still integrate them individually for separation of concerns, and then rebase your branch afterwards. However, for the time in flight/review, your PR would resemble an integration branch where everything should work well after modernizing those few bits? That would be well appreciated.

/cc @kneth

[amotl]

Update: This patch is incomplete. That other one intends to implement the update successfully. Thanks again, @msbt.

• Remove node-sass, bump node to 22.10, bootstrap 5.3 and sass to 1.77.6 #864

[amotl]

Superseded by GH-864, closing.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.