[Security] Bump bootstrap from 3.3.7 to 4.0.0

[dependabot-preview]

Bumps bootstrap from 3.3.7 to 4.0.0.

Release notes

Sourced from bootstrap's releases.

v4.0.0

Our first stable v4 release! 🎉

Highlights:

• Brand new examples and overhauls for existing ones.
• Additional border utilities have been added and the default border-color for them darkened from $gray-200 to $gray-300.
• Pagination focus styles now match button and input focus state.
• Added responsive .order-0 classes to reset column order.
• Improved examples of form validation documentation by adding tooltip examples and more.
• New documentation added for using our CSS variables to the Theming page.
• Improved consistent across browsers when printing.
• Sass map extends and docs
• New and improved print display utilities

Project board

For more details, visit twbs/bootstrap#25098.

v4.0.0-beta.3

Breaking changes

As mentioned in our Beta 2 release, we needed to make a few more breaking changes in Beta 3. We've summarized them here and in our migration docs—be sure to read them!

• Rewrote native and custom check controls. Both browser default and custom checkboxes and radios now have simpler markup after removing the <input> from the <label>. Now, all checkboxes and radios have a parent <div> and sibling <input> and <label> pair. This is essential for form validation and disabled inputs because we can use the input's state to style the label.

  In addition, custom checkbox and radio elements no longer have a .custom-control-indicator. This is generated from the new .custom-control-label.

• Input groups were rewritten with specific .input-group-{prepend|append} classes. The new approach allows us to support validation styles and messages within input groups, while also adding support for custom selects, custom file inputs, and multiple .form-controls.

• Responsive tables are once again parent classes to avoid accessiblity issues with changing a <table>'s display.

• Deleted the .col-form-legend class, consolidating it's styles into the .col-form-label class.

Read the Migration page for further details.

More highlights

In addition to the breaking changes, we've addressed a few more general issues that may impact your project.

• Restored cursor: pointer to non-disabled links, buttons, .close, navbar toggler, and pagination links.

• Added a new vertically centered modal option with .modal-dialog-centered.

• Added new dropleft and dropright variants for dropdowns in #23860.

• Our npm package no longer includes any files other than our source and dist JavaScript and CSS files. If you previously relied on our running our scripts via the node_modules folder, you'll need to update your build tools.

• Print styles have moved to bottom of the import stack to properly override styles.

For more details on this release's changes, take a look at the Beta 3 ship list issue, as well as the Beta 3 project.

... (truncated)

Commits

• 09ae92a descriptive docs variable naming (#24521)
• de754fd fixes #24642
• ccc95d0 Reduce custom file z-index (#24633)
• b942dac Merge branch 'v4-dev' of https://github.com/twbs/bootstrap into v4-dev
• b42a38b dist
• 26dc17b Popover - call content once if it's a function. (#24690)
• 79d6b57 Escape ID in Util.getSelectorFromElement (#24700)
• fc9967e Fix test failure with jQuery 1.9.1 (#24706)
• 83fd91c Update to babel beta 5
• 4bacf8d Update devDependencies.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If you'd like to skip this version, you can just close this PR. If you have any feedback just mention @dependabot in the comments below.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

[coveralls]

Coverage decreased (-0.4%) to 95.823% when pulling fe1ddff on dependabot/npm_and_yarn/bootstrap-4.0.0 into bdb057a on master.

[dependabot-preview]

A newer version of bootstrap exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The Sonatype OSS Index.

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected versions: ["<= 3.3.7"]