Skip to content

Upgrade Bootstrap from version 3.3.5 to version 3.4.1

Tyler Williams requested to merge 11965-bootstrap-security-patches into master

Why is this change being made?

Closes: https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/11965 by upgrading Bootstrap from 3.3.5 to 3.4.1 to mitigate security vulnerabilities.

It looks like we don't manage our Bootstrap dependency through yarn in a cohesive way, and have mostly been vendoring that dependency.

As such, it looks like we have also been directly modifying Bootstrap in the past, and requiring partials directly in other Sass files, which introduced a few breaks into Webpack.

I haven't resolved that bigger issue, but I was able to put in some bandaid patches on specific bugs that had broken. Fortunately, as we've moved away from Bootstrap to our own design system and custom CSS, we've come to rely less on Bootstrap anyway, so the key pages are looking pretty much fine here.

QA

Walk through the regression checks for any major breaks.

I've already done this myself, but the upgrade between these minor versions had some bigger changes (initially, it broke all our table borders). I'd appreciate a second set of eyes to catch anything else, since the changes are potentially far-reaching.

Author Checklist

  • Provided a concise title for the MR
  • Added a description to this MR explaining the reasons for the proposed change, per say-why-not-just-what
    • Copy/paste the Slack conversation to document it for later, or upload screenshots. Verify that no confidential data is added.
  • Assign reviewers for this change to the correct DRI(s)
    • If the DRI for the page/s being updated isn’t immediately clear, then assign it to one of the people listed in the "Maintained by" section in on the page being edited.
    • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in #mr-buddies.
  • If the changes affect team members, or warrant an announcement in another way, please consider posting an update in #whats-happening-at-gitlab linking to this MR.
    • If this is a change that directly impacts the majority of global team members, it should be a candidate for #company-fyi. Please work with internal communications and check the handbook for examples.

Closes #11965

Edited by Tyler Williams

Merge request reports