[Security] Bump twitter-bootstrap-rails from 2.2.8 to 3.2.2

[dependabot-preview]

Bumps twitter-bootstrap-rails from 2.2.8 to 3.2.2. This update includes security fixes.

Vulnerabilities fixed

Sourced from The Ruby Advisory Database.

Reflective XSS Vulnerability in twitter-bootstrap-rails
The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a
reflected cross-site scripting (XSS) attack. This flaw exists because the
bootstrap_flash helper method does not validate input when handling flash
messages before returning it to users. This may allow a context-dependent
attacker to create a specially crafted request that would execute arbitrary
script code in a user's browser session within the trust relationship between
their browser and the server.

Patched versions: >= 3.2.0
Unaffected versions: none

Changelog

Sourced from twitter-bootstrap-rails's changelog.

• Version 0.0.5 deprecated
• Asset files updated to latest and removed version numbers
• Implemented Less::Rails Railtie to use with LESS
• Fixed railtie to only initialize Less when installed
• New branch for the static version of Bootstrap (w/o Less) - check static branch
• Added path to support heroku deploy
• Rake precompile issue fixed
• Updated asset files to 1.4.0
• Updated dependency less-rails (now requires 2.1.0)
• Added generators
• Fixed generators
• Fixed class name conflicts from (bootstrap.js.coffee)
• Fixed jquery-rails gem version dependency
• Updated asset files
• Added new generators (install, layout and themed)
• Compatibility to Rails 3.2
• Transitioning to 2.0
• Released gem v.2.0rc0
• Added Haml and Slim support
• Added Responsive layout support
• Fixes and release 2.0.0
• Updated to v2.0.1, versioned v2.0.1.0
• Released gem v.2.0.3
• Released gem v.2.0.4
• Released gem v.2.0.5
• Added SimpleForm support
• Added FontAwesome support
• Released gem v.2.0.6
• Released gem v.2.0.7
• Released gem v.2.0.8
• Released gem v.2.0.9 (Bootstrap 2.0.4 and FontAwesome 2.0 support)
• Released gem v.2.1.0 (JRuby support)
• Released gem v.2.1.1 (minor fixes)
• Flash block message helper added
• Released gem v.2.1.2 (minor fixes and updated to Twitter Bootstrap 2.1.0)
• Released gem v.2.1.3 (minor fixes and updated to Twitter Bootstrap 2.1.1)
• Released gem v.2.1.4 (minor fixes)
• Released gem v.2.1.5 (minor fixes, install generator detects JavaScript template engine, updated to Twitter Bootstrap 2.2.1)
• Released gem v.2.1.6 (minor fixes)
• Added static stylesheets support
• Released gem v.2.1.8 and updated to Twitter Bootstrap 2.2.2
• Released gem v.2.1.9
• Released gem v.2.2.0 (Font Awesome 3)
• Released gem v.2.2.1 (minor fixes and updates)
• Released gem v.2.2.2 (Bootstrap 2.3.0)
• Released gem v.2.2.3 (Minor fixes)
• Released gem v.2.2.4 (Minor fixes)
• Released gem v.2.2.5 (Bootstrap 2.3.1)
• Released gem v.2.2.6
... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.