Compare commits

...

13 Commits

Author SHA1 Message Date
Bardi Harborow c82919e897 Remove link to translation associated with supply chain attack
This commit removes a link from our documentation to a Mandarin Chinese (Simplified) translation of our documentation which is hosted on a sub-domain of the `bootcss.com` domain previously involved in the `polyfill.io` supply chain attack.
2025-12-27 11:19:55 -08:00
dependabot[bot] 4449c7465e Build(deps): Bump the github-actions group across 1 directory with 4 updates (#41961)
Bumps the github-actions group with 4 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action), [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action), [actions-cool/issues-helper](https://github.com/actions-cool/issues-helper) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `github/codeql-action` from 4.31.7 to 4.31.9
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/cf1bb45a277cb3c205638b2cd5c984db1c46a412...5d4e8d1aca955e8d8589aabd499c5cae939e33c7)

Updates `streetsidesoftware/cspell-action` from 8.0.0 to 8.1.1
- [Release notes](https://github.com/streetsidesoftware/cspell-action/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/streetsidesoftware/cspell-action/compare/3294df585d3d639e30f3bc019cb11940b9866e95...e5a858a18b7e0b56e0342b1dcad796308b7341a2)

Updates `actions-cool/issues-helper` from 3.7.3 to 3.7.4
- [Release notes](https://github.com/actions-cool/issues-helper/releases)
- [Changelog](https://github.com/actions-cool/issues-helper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions-cool/issues-helper/compare/3809910bc12872edc9b8132f122069ac16cd16ee...d1d51fccf39469b5458203b1369060db0ff0c0db)

Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: streetsidesoftware/cspell-action
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions-cool/issues-helper
  dependency-version: 3.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-20 15:02:08 +01:00
Julien Déramond 93920fe842 Remove volar-service-emmet version override
This error came from @astrojs/check version 0.9.5. More context at withastro/astro#14544.
2025-12-20 14:56:39 +01:00
Julien Déramond 02d8ed85e4 Bump dependencies
- @astrojs/check                ^0.9.5  →    ^0.9.6
- @astrojs/markdown-remark      ^6.3.9  →   ^6.3.10
- @astrojs/mdx                 ^4.3.12  →   ^4.3.13
- astro                        ^5.16.0  →   ^5.16.6
- autoprefixer                ^10.4.22  →  ^10.4.23
- find-unused-sass-variables    ^6.1.0  →    ^6.1.1
- jasmine                      ^5.12.0  →   ^5.13.0
- prettier                      ^3.6.2  →    ^3.7.4
- rollup                       ^4.53.3  →   ^4.54.0
- sass-true                    ^10.0.0  →   ^10.1.0
- stylelint                   ^16.26.0  →  ^16.26.1
- zod                          ^4.1.13  →    ^4.2.1
2025-12-20 14:50:51 +01:00
dependabot[bot] e170268b3c Build(deps): Bump the github-actions group across 1 directory with 4 updates (#41912)
Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node), [github/codeql-action](https://github.com/github/codeql-action) and [actions-cool/issues-helper](https://github.com/actions-cool/issues-helper).


Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8)

Updates `actions/setup-node` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/2028fbc5c25fe9cf00d9f06a71cc4710d4507903...395ad3262231945c25e8478fd5baf05154b1d79f)

Updates `github/codeql-action` from 4.31.5 to 4.31.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/fdbfb4d2750291e159f0156def62b853c2798ca2...cf1bb45a277cb3c205638b2cd5c984db1c46a412)

Updates `actions-cool/issues-helper` from 3.7.2 to 3.7.3
- [Release notes](https://github.com/actions-cool/issues-helper/releases)
- [Changelog](https://github.com/actions-cool/issues-helper/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions-cool/issues-helper/compare/9861779a695cf1898bd984c727f685f351cfc372...3809910bc12872edc9b8132f122069ac16cd16ee)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions-cool/issues-helper
  dependency-version: 3.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-09 20:51:17 +01:00
Mark Otto e9cd061528 Add incident response plan documentation (#41905)
This document outlines the incident response plan for Bootstrap maintainers, detailing procedures for managing security and operational incidents, roles, responsibilities, and communication protocols.
2025-12-03 09:18:05 -08:00
Julien Déramond f29a71b1cf Build(deps-dev): Bump dependencies
- vnu-jar  25.11.20  →  25.11.25
- zod       ^4.1.12  →   ^4.1.13
2025-11-25 18:30:11 +01:00
dependabot[bot] 481bf7ece2 Build(deps): Bump the github-actions group with 2 updates (#41886)
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 5.0.1 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/93cb6efe18208431cddfb8368fd83d5badbf9bfd...1af3b93b6815bc44a9784bd300feb67ff0d1eeb3)

Updates `github/codeql-action` from 4.31.3 to 4.31.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/014f16e7ab1402f30e7c3329d33797e7948572db...fdbfb4d2750291e159f0156def62b853c2798ca2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-25 18:28:06 +01:00
Julien Déramond c577685708 Build(deps): Bump dependencies
- @astrojs/mdx   ^4.3.11  →   ^4.3.12
- astro          ^5.15.9  →   ^5.16.0
- rollup         ^4.53.2  →   ^4.53.3
- sass-true       ^9.0.0  →   ^10.0.0
- stylelint     ^16.25.0  →  ^16.26.0
- vnu-jar       25.11.17  →  25.11.20
2025-11-22 08:42:05 +01:00
Julien Déramond 61b0bab5c2 Build(deps-dev): Bump dependencies
- @astrojs/markdown-remark   ^6.3.8  →   ^6.3.9
- @astrojs/mdx              ^4.3.10  →  ^4.3.11
- astro                     ^5.15.8  →  ^5.15.9
2025-11-18 18:41:50 +01:00
dependabot[bot] 05fc0c7f37 Build(deps): Bump the github-actions group with 3 updates (#41878)
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [github/codeql-action](https://github.com/github/codeql-action) and [coverallsapp/github-action](https://github.com/coverallsapp/github-action).


Updates `actions/checkout` from 5.0.0 to 5.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...93cb6efe18208431cddfb8368fd83d5badbf9bfd)

Updates `github/codeql-action` from 4.31.2 to 4.31.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...014f16e7ab1402f30e7c3329d33797e7948572db)

Updates `coverallsapp/github-action` from 2.3.6 to 2.3.7
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/648a8eb78e6d50909eff900e4ec85cab4524a45b...5cbfd81b66ca5d10c19b062c04de0199c215fb6e)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: coverallsapp/github-action
  dependency-version: 2.3.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-11-18 18:39:20 +01:00
Julien Déramond c9e83a12b5 Build(deps-dev): Bump vnu-jar from 25.11.8 to 25.11.17 2025-11-17 18:27:33 +01:00
Julien Déramond 6f4d51f6ea Build(deps-dev): Bump dependencies
- astro   ^5.15.6  →  ^5.15.8
- globby  ^15.0.0  →  ^16.0.0
2025-11-15 18:02:18 +01:00
20 changed files with 996 additions and 697 deletions
+162
View File
@@ -0,0 +1,162 @@
# Incident response plan
This document describes how the Bootstrap maintainers respond to and manage security or operational incidents affecting the project, its website, or its distributed releases. This plan is public to promote transparency and community trust. Operational details (e.g., private contacts, credentials, or internal coordination tools) are maintained separately in the maintainers private documentation.
---
## 1. Purpose & Scope
This plan defines how Bootstrap maintainers will:
- Identify, triage, and manage security or integrity incidents affecting project code, releases, or infrastructure.
- Communicate with the community and downstream consumers during and after an incident.
- Record lessons learned and update processes to reduce future risk.
It applies to:
- The Bootstrap source code, documentation, and build pipelines.
- Release artifacts (npm, CDN, GitHub releases).
- The main website ([https://getbootstrap.com](https://getbootstrap.com)).
- Any official Bootstrap GitHub organization infrastructure.
It does **not** cover unrelated third-party forks or integrations.
---
## 2. Definitions
- **Incident**: Any event that could compromise the confidentiality, integrity, or availability of Bootstrap code, releases, or users. Examples include:
- A discovered security vulnerability.
- A compromised GitHub account or CI/CD token.
- A malicious dependency or injected code in a release.
- Website defacement or unauthorized modification of documentation.
- Leaked secrets related to the project infrastructure.
- **Incident Commander (IC)**: The maintainer responsible for coordinating the overall response.
---
## 3. Roles & Responsibilities
| Role | Responsibilities |
|------|-------------------|
| **Incident Commander (IC)** | Coordinate the response, assign tasks, ensure timely communication. |
| **Security Maintainers** | Triage reported vulnerabilities, assess impact, create fixes, handle embargoes. |
| **Infrastructure Lead** | Manage CI/CD, website, and release infrastructure. |
| **Communications Lead** | Manage public announcements, blog posts, and social updates. |
| **Contributors & Community** | Promptly report suspected security issues and follow responsible disclosure guidelines. |
In practice, Bootstraps core team fulfills these roles collectively, assigning an IC on a per-incident basis.
---
## 4. Incident workflow
### 4.1 Detection & Reporting
- All security issues should be **privately reported** via the contact method in [`SECURITY.md`](../SECURITY.md) or through GitHubs Security Advisory mechanism.
- Maintainers also monitor:
- Automated dependency scanners (e.g., Dependabot, npm audit).
- GitHub notifications and vulnerability alerts.
- Community channels for suspicious activity.
### 4.2 Initial triage
Upon receiving a report:
1. A maintainer acknowledges receipt within 3 business days (or sooner, when possible).
Bootstrap is maintained by a small volunteer team; response times may vary slightly outside normal working hours.
2. The IC assesses severity and impact:
- **Critical:** immediate compromise of release infrastructure or code integrity.
- **High:** exploitable vulnerability in distributed assets.
- **Medium:** minor vulnerability or low-likelihood attack vector.
- **Low:** informational, no direct risk.
3. If confirmed as an incident, the IC opens a private coordination channel for maintainers and begins containment.
### 4.3 Containment & Eradication
- Revoke or rotate any affected credentials.
- Disable compromised infrastructure or build pipelines if necessary.
- Patch affected branches or dependencies.
- Verify integrity of artifacts and releases.
### 4.4 Communication
- Keep the reporting party informed (when applicable).
- For major incidents, the Communications Lead drafts a public advisory describing:
- What happened
- What was impacted
- How users can verify or mitigate
- What actions were taken
- Communications occur after containment to avoid amplifying risk.
Public disclosures are posted via:
- GitHub Security Advisory if appropriate
- [blog.getbootstrap.com/](https://blog.getbootstrap.com/)
- [Bootstrap GitHub discussions](https://github.com/orgs/twbs/discussions)
- [@getbootstrap](https://x.com/getbootstrap) on X (formerly Twitter) for critical security notices.
### 4.5 Recovery
- Validate all systems and releases are secure.
- Resume normal operations.
- Tag patched releases and notify affected users.
### 4.6 Post-incident review
Within two weeks after resolution:
- Conduct an internal debrief.
- Record:
- Root cause
- What worked / what didnt
- Remediation steps
- Documentation or automation updates needed
- Summarize lessons learned in the private maintainers wiki (with optional public summary if appropriate).
---
## 5. Severity levels & Response targets
| Severity | Example | Target response (volunteer team) |
|-----------|----------|----------------------------------|
| **Critical** | Compromised release, stolen signing keys | Acknowledge ≤ 24h (best effort), containment ≤ 48h, fix ideally ≤ 14d |
| **High** | Vulnerability enabling arbitrary code execution | Acknowledge ≤ 3 business days, fix ideally ≤ 1421d |
| **Medium** | XSS or content injection on docs site | Acknowledge ≤ 5 business days, fix in next release cycle |
| **Low** | Minor issue with limited risk | Acknowledge ≤ 7 business days, fix as scheduled |
**Note:** Timelines represent good-faith targets for a small volunteer core team, not hard SLAs. The maintainers will always prioritize public safety and transparency, even if timing varies.
---
## 6. Public disclosure principles
Bootstrap follows a responsible disclosure approach:
- Work privately with reporters and affected parties before publishing details.
- Never name reporters without consent.
- Coordinate embargo periods with downstream consumers when needed.
- Publish advisories only after patches or mitigations are available.
---
## 7. Communication Channels
| Purpose | Channel |
|----------|----------|
| Private reporting | Email address in [`SECURITY.md`](./SECURITY.md) or GitHub advisory form |
| General updates | [blog.getbootstrap.com/](https://blog.getbootstrap.com/) blog |
| Security advisories | GitHub Security Advisory dashboard |
| Social alerts | [@getbootstrap](https://x.com/getbootstrap) |
| GitHub discussion alerts | [github.com/orgs/twbs/discussions](https://github.com/orgs/twbs/discussions) |
---
## 8. Plan Maintenance
This plan is reviewed at least annually or after any major incident. Changes are approved by the Core Team and recorded in Git history.
---
_The Bootstrap maintainers are committed to transparency, user trust, and continuous improvement in our security and response practices._
+2 -2
View File
@@ -22,12 +22,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: "${{ env.NODE }}"
cache: npm
+2 -2
View File
@@ -20,12 +20,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: "${{ env.NODE }}"
cache: npm
@@ -22,7 +22,7 @@ jobs:
pull-requests: write
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
+4 -4
View File
@@ -24,21 +24,21 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Initialize CodeQL
uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
config-file: ./.github/codeql/codeql-config.yml
languages: "javascript"
queries: +security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
category: "/language:javascript"
+2 -2
View File
@@ -23,12 +23,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Run cspell
uses: streetsidesoftware/cspell-action@3294df585d3d639e30f3bc019cb11940b9866e95 # v8.0.0
uses: streetsidesoftware/cspell-action@e5a858a18b7e0b56e0342b1dcad796308b7341a2 # v8.1.1
with:
config: ".cspell.json"
files: "**/*.{md,mdx}"
+2 -2
View File
@@ -20,12 +20,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: "${{ env.NODE }}"
cache: npm
+2 -2
View File
@@ -20,12 +20,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: "${{ env.NODE }}"
cache: npm
+1 -1
View File
@@ -17,7 +17,7 @@ jobs:
if: github.repository == 'twbs/bootstrap'
steps:
- name: awaiting reply
uses: actions-cool/issues-helper@9861779a695cf1898bd984c727f685f351cfc372 # v3.7.2
uses: actions-cool/issues-helper@d1d51fccf39469b5458203b1369060db0ff0c0db # v3.7.4
with:
actions: "close-issues"
labels: "awaiting-reply"
+1 -1
View File
@@ -18,7 +18,7 @@ jobs:
steps:
- name: awaiting reply
if: github.event.label.name == 'needs-example'
uses: actions-cool/issues-helper@9861779a695cf1898bd984c727f685f351cfc372 # v3.7.2
uses: actions-cool/issues-helper@d1d51fccf39469b5458203b1369060db0ff0c0db # v3.7.4
with:
actions: "create-comment"
token: ${{ secrets.GITHUB_TOKEN }}
+3 -3
View File
@@ -25,12 +25,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: ${{ env.NODE }}
cache: npm
@@ -45,7 +45,7 @@ jobs:
run: npm run js-test
- name: Run Coveralls
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b # v2.3.6
uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7
if: ${{ !github.event.repository.fork }}
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
+2 -2
View File
@@ -20,12 +20,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: "${{ env.NODE }}"
cache: npm
+2 -2
View File
@@ -20,12 +20,12 @@ jobs:
steps:
- name: Clone repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Set up Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: "${{ env.NODE }}"
+1 -1
View File
@@ -14,7 +14,7 @@ jobs:
env:
GITHUB_REF_NAME: ${{ github.ref_name }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
+3 -3
View File
@@ -34,7 +34,7 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
@@ -64,7 +64,7 @@ jobs:
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
# format to the repository Actions tab.
- name: "Upload artifact"
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: SARIF file
path: results.sarif
@@ -73,6 +73,6 @@ jobs:
# Upload the results to GitHub's code scanning dashboard (optional).
# Commenting out will disable upload of results to your repo's Code Scanning dashboard
- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
with:
sarif_file: results.sarif
+784 -639
View File
File diff suppressed because it is too large Load Diff
+15 -18
View File
@@ -84,7 +84,7 @@
"docs-serve": "npm run astro-dev",
"docs-serve-only": "npx sirv-cli _site --port 9001",
"lockfile-lint": "lockfile-lint --allowed-hosts npm --allowed-schemes https: --empty-hostname false --type npm --path package-lock.json",
"update-deps": "ncu -u -x @docsearch/js,eslint,eslint-config-xo,eslint-plugin-unicorn,karma-browserstack-launcher,karma-rollup-preprocessor,sass",
"update-deps": "ncu -u -x @docsearch/js,eslint,eslint-config-xo,eslint-plugin-unicorn,karma-browserstack-launcher,karma-rollup-preprocessor,sass,vnu-jar",
"release": "npm-run-all dist release-sri docs-build release-zip*",
"release-sri": "node build/generate-sri.mjs",
"release-version": "node build/change-version.mjs",
@@ -108,9 +108,9 @@
"@popperjs/core": "^2.11.8"
},
"devDependencies": {
"@astrojs/check": "^0.9.5",
"@astrojs/markdown-remark": "^6.3.8",
"@astrojs/mdx": "^4.3.10",
"@astrojs/check": "^0.9.6",
"@astrojs/markdown-remark": "^6.3.10",
"@astrojs/mdx": "^4.3.13",
"@astrojs/prism": "^3.3.0",
"@astrojs/sitemap": "^3.6.0",
"@babel/cli": "^7.28.3",
@@ -126,9 +126,9 @@
"@types/js-yaml": "^4.0.9",
"@types/mime": "^4.0.0",
"@types/prismjs": "^1.26.5",
"astro": "^5.15.6",
"astro": "^5.16.6",
"astro-auto-import": "^0.4.5",
"autoprefixer": "^10.4.22",
"autoprefixer": "^10.4.23",
"bundlewatch": "^0.4.1",
"clean-css-cli": "^5.6.3",
"clipboard": "^2.0.11",
@@ -139,14 +139,14 @@
"eslint-plugin-import": "^2.32.0",
"eslint-plugin-markdown": "^5.1.0",
"eslint-plugin-unicorn": "56.0.1",
"find-unused-sass-variables": "^6.1.0",
"find-unused-sass-variables": "^6.1.1",
"github-slugger": "^2.0.0",
"globby": "^15.0.0",
"globby": "^16.0.0",
"hammer-simulator": "0.0.1",
"htmlparser2": "^10.0.0",
"image-size": "^2.0.2",
"ip": "^2.0.1",
"jasmine": "^5.12.0",
"jasmine": "^5.13.0",
"jquery": "^3.7.1",
"js-yaml": "^4.1.1",
"karma": "^6.4.4",
@@ -164,23 +164,23 @@
"npm-run-all2": "^8.0.4",
"postcss": "^8.5.6",
"postcss-cli": "^11.0.1",
"prettier": "^3.6.2",
"prettier": "^3.7.4",
"prettier-plugin-astro": "^0.14.1",
"rehype-autolink-headings": "^7.1.0",
"remark": "^15.0.1",
"remark-html": "^16.0.1",
"rollup": "^4.53.2",
"rollup": "^4.54.0",
"rollup-plugin-istanbul": "^5.0.0",
"rtlcss": "^4.3.0",
"sass": "1.78.0",
"sass-true": "^9.0.0",
"sass-true": "^10.1.0",
"shelljs": "^0.10.0",
"stylelint": "^16.25.0",
"stylelint": "^16.26.1",
"stylelint-config-twbs-bootstrap": "^16.1.0",
"terser": "^5.44.1",
"unist-util-visit": "^5.0.0",
"vnu-jar": "25.11.8",
"zod": "^4.1.12"
"vnu-jar": "25.11.25",
"zod": "^4.2.1"
},
"files": [
"dist/{css,js}/*.{css,js,map}",
@@ -206,8 +206,5 @@
"peerDependencies": {
"@popperjs/core": "^2.11.8"
}
},
"overrides": {
"volar-service-emmet": "0.0.63"
}
}
+3 -3
View File
@@ -11,11 +11,11 @@
--#{$prefix}table-bg: #{$background};
--#{$prefix}table-border-color: #{$table-border-color};
--#{$prefix}table-striped-bg: #{$striped-bg};
--#{$prefix}table-striped-color: #{color-contrast($striped-bg)};
--#{$prefix}table-striped-color: #{color-contrast($striped-bg)}; // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
--#{$prefix}table-active-bg: #{$active-bg};
--#{$prefix}table-active-color: #{color-contrast($active-bg)};
--#{$prefix}table-active-color: #{color-contrast($active-bg)}; // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
--#{$prefix}table-hover-bg: #{$hover-bg};
--#{$prefix}table-hover-color: #{color-contrast($hover-bg)};
--#{$prefix}table-hover-color: #{color-contrast($hover-bg)}; // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
color: var(--#{$prefix}table-color);
border-color: var(--#{$prefix}table-border-color);
-5
View File
@@ -3,11 +3,6 @@
description: Bootstrap 5 繁體中文手冊
url: https://bootstrap5.hexschool.com/
- name: Simplified Chinese
code: zh-CN
description: Bootstrap 5 中文文档
url: https://v5.bootcss.com/
- name: Japanese
code: ja
description: Bootstrap 5 日本語リファレンス
+4 -4
View File
@@ -12,8 +12,8 @@ $bd-callout-variants: info, warning, danger !default;
--bd-purple: #{$bd-purple};
--bd-violet: #{$bd-violet};
--bd-accent: #{$bd-accent};
--bd-violet-rgb: #{to-rgb($bd-violet)};
--bd-accent-rgb: #{to-rgb($bd-accent)};
--bd-violet-rgb: #{to-rgb($bd-violet)}; // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
--bd-accent-rgb: #{to-rgb($bd-accent)}; // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
--bd-pink-rgb: #{to-rgb($pink-500)};
--bd-teal-rgb: #{to-rgb($teal-500)};
--bd-violet-bg: var(--bd-violet);
@@ -25,10 +25,10 @@ $bd-callout-variants: info, warning, danger !default;
}
@include color-mode(dark, true) {
--bd-violet: #{mix($bd-violet, $white, 75%)};
--bd-violet: #{mix($bd-violet, $white, 75%)}; // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
--bd-violet-bg: #{$bd-violet};
--bd-toc-color: var(--#{$prefix}emphasis-color);
--bd-sidebar-link-bg: rgba(#{to-rgb(mix($bd-violet, $black, 75%))}, .5);
--bd-sidebar-link-bg: rgba(#{to-rgb(mix($bd-violet, $black, 75%))}, .5); // stylelint-disable-line scss/dollar-variable-no-missing-interpolation
--bd-callout-link: #{to-rgb($blue-300)};
--bd-callout-code-color: #{$pink-300};
--bd-pre-bg: #{adjust-color($gray-900, $lightness: -2.5%)}; // stylelint-disable-line scss/at-function-named-arguments