[Security] Bump bootstrap from 3.4.1 to 5.0.2

[dependabot-preview]

Bumps bootstrap from 3.4.1 to 5.0.2. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects bootstrap In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. This is similar to CVE-2018-14042.

Affected versions: < 4.1.2

Release notes

Sourced from bootstrap's releases.

v5.0.2

🚀 Features

• #34052: Automatically select an item in the dropdown when using arrow keys

🎨 CSS

• #33621: Allow individual grid classes to override .row-cols
• #34008: Fix x-paddings for select (with floating label, and in Firefox)
• #34026: Set the correct color for popover header bottom border
• #34034: Add missing transition to .form-select
• #34044: Fix wrong comment text for tooltip
• #34047: Handle complex expressions in add() & subtract()
• #34048: Decouple --bs-table-bg and --bs-table-accent-bg
• #34062: Document how to make utilities responsive using the API
• #34124: fix(dropdowns): RTL for .dropdown-menu-*
• #34161: fix(forms): unitless line-height for floating labels
• #34223: docs(style): fix display of nested <ul><li>
• #34245: Replace / division with multiplication and custom divide() function
• #34255: Don't set auto margin on offcanvas close
• #34281: Fix lingering Sass math
• #34283: Update the divide() function and RFS
• #34332: Fix another Sass division

☕️ JavaScript

• #33276: Add getOrCreateInstance method in base-component
• #33371: Popover & Tooltip: Allow dispose/hide methods usage through jQueryIntreface
• #33608: Utils: add getNextActiveElement helper function
• #33845: Fix handling of transitionend events dispatched by nested elements
• #33928: Reset inside a Dialog does not work if data-dismiss="modal" is set
• #33947: Refactor scrollbar.js to be used as a Class
• #33948: Add tests for scrollbar.js & better handling if a style property doesn't exist
• #33960: fix isVisible false positives from deep nesting or alternate means
• #33982: Don't add empty content holder when there is no content available
• #34014: Fix backdrop "Cannot read property 'removeChild' of null" when removed from body
• #34052: Automatically select an item in the dropdown when using arrow keys
• #34070: Fix test of #34014
• #34071: Change element.parentNode.removeChild(element) to element.remove()
• #34085: Fix prevented show event disables modals with fade class from being displayed again
• #34092: Backdrop: Fix stale body by removing unnecessary default
• #34158: Register only one DOMContentLoaded event listener in onDOMContentLoaded
• #34266: Fix carousel buttons
• #34307: fix(carousel): arrow keys break animation if carousel sliding

📖 Docs

• #33724: Nav-tabs documentation example: Adjust example to querySelectorAll
• #33749: add Bootstrap 5 Simplified Chinese translation
• #34009: Drop BlinkMacSystemFont in docs

... (truncated)

Commits

• 688bce4 Release v5.0.2 (#34276)
• 16d5041 Fix another Sass division (#34332)
• 4927388 Register only one DOMContentLoaded event listener in onDOMContentLoaded (...
• 56b0004 Bump sass from 1.32.13 to 1.35.1 (#34285)
• c11c3a7 Update rfs to v9.0.4.
• ed13d01 Update the divide() function
• 290b9ee fix(carousel): arrow keys break animation if carousel sliding (#34307)
• 8be957b Bump @​babel/preset-env from 7.14.5 to 7.14.7 (#34326)
• 0fa84e8 build/vnu-jar.js: clean up ignores (#34279)
• 58a3731 Bump rollup from 2.52.1 to 2.52.2 (#34325)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)