[Snyk] Upgrade bulma from 0.4.4 to 0.9.4

[dmh34]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade bulma from 0.4.4 to 0.9.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 21 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2022-05-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-MIXINDEEP-450212	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHES-2434290	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MERGEDEEP-1070277	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434283	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Denial of Service (DoS) SNYK-JS-AXIOS-174505	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-HAPIHOEK-548452	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Insufficiently Protected Credentials SNYK-JS-AUTH0JS-565004	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Command Injection SNYK-JS-LODASHES-2434284	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHES-2434285	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Arbitrary Code Execution SNYK-JS-ESLINTUTILS-460220	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-1540541	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Prototype Pollution SNYK-JS-SETVALUE-1540541	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-SETVALUE-450213	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Arbitrary File Write SNYK-JS-TAR-1579152	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Information Exposure SNYK-JS-NODEFETCH-2342118	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Command Injection SNYK-JS-NODENOTIFIER-1035794	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Timing Attack SNYK-JS-ELLIPTIC-511941	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	537/1000 Why? Proof of Concept exploit, CVSS 8.6	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	537/1000 Why? Proof of Concept exploit, CVSS 8.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bulma

• 0.9.4 - 2022-05-08
  

  New features

  • Responsive buttons: the size of a button will change for each breakpoint (Fix #1572)
  • @ mixin between: takes 2 breakpoint values, outputs a media query for the range between these 2 values
  • $breakpoints Sass map: a map of named breakpoints and their type (from, until or both)
  • @ mixin breakpoint: uses the new $breakpoints Sass map to output a media query

  Improvements

  • Add missing variables for content customization
  • Fix #683 Modal - example javascript toggle
  • Fix #3461 Bulma logo with wordmark in SVG
  • Fix #3383 'Variables' sections on docs page (#3513)
  • Fixes #3510 The navbar overlaps with sidebars in "Fullheight hero with navbar" (#3516)
  • Setup Cypress testing (#3436)

  Bugfix

  • Replace disabled attr on pagination anchor elements with is-disabled
  • #3500 Fix hidden disabled buttons on iOS 15.4 (#3521)
  • #3076 Fix Table headers centered aligned in Safari
• 0.9.3 - 2021-06-18
  

  New features

  • New is-underlined class for underlined text and links
  • New auto value for margin and padding helper classes

  Improvements

  • New $section-padding-desktop Sass variable
  • New $hero-body-padding-tablet Sass variable
  • New $shadow Sass variable (used for .box, .card, .dropdown and .panel)
  • Add is-normal size modifiers to .file and .content
  • New %reset placeholder

  Bugfix

  • #3362 Fix slash divide
• 0.9.2 - 2021-01-26
  

  Breaking change

  To fix duplicate imports, all Sass placeholders have moved from the utilities/mixins file to its own utilities/extends file.

  The Sass placeholders are:

  • %control
  • %unselectable
  • %arrow
  • %block
  • %delete
  • %loader
  • %overlay

  If you were importing them directly from utilities/mixins, you'll need to import utilities/extends instead.
  If you were importing utilities/_all or even bulma.sass directly, no change is required.

  New features

  • Fix #1583 New is-ghost button that behaves / looks like a regular link
  • New icon-text component, to combine an icon with text on its side

  Bug fixes

  • #3005 Fix column offsets in RTL
  • Fix #3145 Dropdown content is bounded by a parent card
  • Fix #3089 Sub columns of a variable columns have weird gap
  • Fix #2937 Add width: unset for narrow columns
  • #3208 Fix #3163 Do not override is-rounded with button-small
  • #3216 Removed duplicate mixins imports, created a single extends file
  • #3216 Removed all references to the .sass file extension have been removed, since they're unnecessary when there's no ambiguity between a .sass file or a .scss file

  Improvements

  • Fix #3012 Add $media-* variables, set to !default
  • Fix #2797 Import dependencies individually for each component
  • Remove list style from pagination list
• 0.9.1 - 2020-09-28
  

  New features

  • #3047 Flexbox helpers
  • #3085 Add is-clickable helper
  • #3086 Allow each component to have its own colors and default to global ones
  • New variables $navbar-colors, $button-colors, $notification-colors, $progress-colors, $table-colors, $tag-colors, $file-colors, $textarea-colors, $select-colors, $form-colors, $label-colors and $hero-colors

  Improvements

  • #2630 Fixes #2598 -> Add $card-radius variable
  • Add $card-overflow variable
  • #2540 Fixes #2539 -> Fix indeterminate progress styling in IE11
  • #3057 Make the default text color of $code listings more accessible
  • #3088 Adds not allowed cursor to missing inputs
  • #3101 Add $modal-breakpoint variable for modal breakpoint
  • #3107 Add optgroup to generic.sass
• 0.9.0 - 2020-06-07
  

  Deprecation warning

  The base/helpers.sass file is deprecated. It has moved into its own /helpers folder. If you were importing base/helpers.sass or base/_all.sass, please import sass/helpers/_all.sass now.
  If you were simply importing the whole of Bulma with @ import "~/bulma/bulma.sass" or similar, you won't have to change anything, and everything will work as before.

  The list component is also deprecated: the components/list.sass file has been deleted. It was never officialy supported as it was too similar to panel component. Use that one instead.

  RTL support

  Bulma now has RTL support.

  By setting the Sass flag $rtl to true, you can create an RTL version of Bulma, thanks to 4 new Sass mixins:

  • =ltr
  • =rtl
  • =ltr-property($property, $spacing, $right: true)
  • =ltr-position($spacing, $right: true)

  The Bulma package now also comes with a bulma-rtl.css and bulma-rtl.min.css file to be used straight away.

  Spacing helpers

  Bulma now has spacing helpers: https://bulma.io/documentation/helpers/spacing-helpers/

  Bulma provides margin m* and padding p* helpers in all directions:

  • *t for top
  • *r for right
  • *b for bottom
  • *l for left
  • *x horizontally for both left and right
  • *y vertically for both top and bottom

  You need to combine a margin/padding prefix with a direciton suffix. For example:

  • for a margin-top, use mt-*
  • for a padding-bottom, use pb-*
  • for both margin-left and margin-right, use mx-*

  Each of these property-direction combinations needs to be appended with one of 6 value suffixes

  This release also includes the following helpers:

  • light and dark color helpers
  • light and dark background color helpers

  Improvements

  • #2925 Center table cell content vertically with is-vcentered

  Bug fixes

  • #2955 Fix issue when there's only one is-toggle tag
• 0.8.2 - 2020-04-11
  

  This is a minor release. See 0.8.1 release notes for additional information.

  Bug fixes

  • Fix #2885 -> Revert $input-color: $text-strong
• 0.8.1 - 2020-03-23
  

  Improvements

  • #2709 Add light colors to the notification element
  • #2740 Fixes #2739 -> Add variables size for layout hero
  • Fix #2741 -> Create bulmaRgba() function to support inherit value
  • #2756 Add $button-text-decoration variable

  Bug fixes

  • #2664 Fixes #2671 -> Add $panel-colors variable
• 0.8.0 - 2019-10-18
  Read more
• 0.7.5 - 2019-05-18
  Read more
• 0.7.4 - 2019-02-08
• 0.7.3 - 2019-02-07
• 0.7.2 - 2018-10-12
• 0.7.1 - 2018-04-18
• 0.7.0 - 2018-04-13
• 0.6.2 - 2018-01-10
• 0.6.1 - 2017-11-06
• 0.6.0 - 2017-10-10
• 0.5.3 - 2017-09-18
• 0.5.2 - 2017-09-11
• 0.5.1 - 2017-08-07
• 0.5.0 - 2017-07-29
• 0.4.4 - 2017-07-24

from bulma GitHub release notes

Commit messages

Package name: bulma

• 3e00a8e Build 0.9.4
• ab8745e Update changelog
• d4b62a2 Fix #3076
• 0ce0841 Setup cypress (#3436)
• 895b77b Remove useless if in js example
• da784b2 Given names to the 2 'Variable' sections
• c2db8a0 3500 fix ios bug (#3521)
• 8ed9842 Remove useless console.log() from Modal example
• 86ab4a4 Backers May 2022
• a170216 Update May 2022
• cb2666d Fixes #3510 (#3516)
• 8f13d7c Fixes #3383 ('Variables' sections on docs page) (#3513)
• e674d87 Fixing typo
• e5ee280 Update April 2022
• da2c942 Update March 2022
• 1547baf Adding '@ angular-bulma' to related projects in
• 30d69aa Fix links
• d773f4d Add responsive button sizes (#3484)
• 80e0396 Fix sponsor item
• 3644777 Update February 2022
• 5db192e Add love sorting
• 4f78a94 Typo fix (#3481)
• c2697bf Typo: Missing "and"
• 94a9fc4 Display the result of using text transformers

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs