native dark theme initial checkin

14 files changed, 152 insertions, 9 deletions

diff --git a/vendor/twbs/bootstrap/.github/workflows/browserstack.yml b/vendor/twbs/bootstrap/.github/workflows/browserstack.yml
index 425c56684..9a2fc91e5 100644
--- a/vendor/twbs/bootstrap/.github/workflows/browserstack.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/browserstack.yml
@@ -6,7 +6,10 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   browserstack:
@@ -17,6 +20,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/bundlewatch.yml b/vendor/twbs/bootstrap/.github/workflows/bundlewatch.yml
index d1a174784..2add86c49 100644
--- a/vendor/twbs/bootstrap/.github/workflows/bundlewatch.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/bundlewatch.yml
@@ -9,7 +9,10 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   bundlewatch:
@@ -18,6 +21,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/calibreapp-image-actions.yml b/vendor/twbs/bootstrap/.github/workflows/calibreapp-image-actions.yml
index e23f5626e..21df1f626 100644
--- a/vendor/twbs/bootstrap/.github/workflows/calibreapp-image-actions.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/calibreapp-image-actions.yml
@@ -17,6 +17,8 @@ jobs:
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Compress Images
         uses: calibreapp/image-actions@1.1.0
diff --git a/vendor/twbs/bootstrap/.github/workflows/codeql.yml b/vendor/twbs/bootstrap/.github/workflows/codeql.yml
index 70be0563c..98aa891c4 100644
--- a/vendor/twbs/bootstrap/.github/workflows/codeql.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/codeql.yml
@@ -7,7 +7,6 @@ on:
       - v4-dev
       - "!dependabot/**"
   pull_request:
-    # The branches below must be a subset of the branches above
     branches:
       - main
       - v4-dev
@@ -28,11 +27,20 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v2
         with:
+          config-file: ./.github/codeql/codeql-config.yml
           languages: "javascript"
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:javascript"
diff --git a/vendor/twbs/bootstrap/.github/workflows/cspell.yml b/vendor/twbs/bootstrap/.github/workflows/cspell.yml
index 3751ad339..1d946981c 100644
--- a/vendor/twbs/bootstrap/.github/workflows/cspell.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/cspell.yml
@@ -9,15 +9,23 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+
+permissions:
+  contents: read
 
 jobs:
   cspell:
+    permissions:
+      # allow streetsidesoftware/cspell-action to fetch files for commits and PRs
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
 
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Run cspell
         uses: streetsidesoftware/cspell-action@v2
diff --git a/vendor/twbs/bootstrap/.github/workflows/css.yml b/vendor/twbs/bootstrap/.github/workflows/css.yml
index 857a5672c..6bfde50af 100644
--- a/vendor/twbs/bootstrap/.github/workflows/css.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/css.yml
@@ -9,7 +9,10 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   css:
@@ -18,6 +21,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/docs.yml b/vendor/twbs/bootstrap/.github/workflows/docs.yml
index f33413eb4..bdeae6043 100644
--- a/vendor/twbs/bootstrap/.github/workflows/docs.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/docs.yml
@@ -9,7 +9,10 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   docs:
@@ -18,6 +21,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/issue-close-require.yml b/vendor/twbs/bootstrap/.github/workflows/issue-close-require.yml
index b251cd75e..b5000d8b4 100644
--- a/vendor/twbs/bootstrap/.github/workflows/issue-close-require.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/issue-close-require.yml
@@ -4,8 +4,15 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   issue-close-require:
+    permissions:
+      # allow actions-cool/issues-helper to update issues and PRs
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     if: github.repository == 'twbs/bootstrap'
     steps:
diff --git a/vendor/twbs/bootstrap/.github/workflows/issue-labeled.yml b/vendor/twbs/bootstrap/.github/workflows/issue-labeled.yml
index fac58493b..584879dd8 100644
--- a/vendor/twbs/bootstrap/.github/workflows/issue-labeled.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/issue-labeled.yml
@@ -4,8 +4,15 @@ on:
   issues:
     types: [labeled]
 
+permissions:
+  contents: read
+
 jobs:
   issue-labeled:
+    permissions:
+      # allow actions-cool/issues-helper to update issues and PRs
+      issues: write
+      pull-requests: write
     if: github.repository == 'twbs/bootstrap'
     runs-on: ubuntu-latest
     steps:
diff --git a/vendor/twbs/bootstrap/.github/workflows/js.yml b/vendor/twbs/bootstrap/.github/workflows/js.yml
index 82616c574..a8994b6cc 100644
--- a/vendor/twbs/bootstrap/.github/workflows/js.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/js.yml
@@ -9,16 +9,25 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   run:
+    permissions:
+      # allow coverallsapp/github-action to create new checks issues and fetch code
+      checks: write
+      contents: read
     name: JS Tests
     runs-on: ubuntu-latest
 
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/lint.yml b/vendor/twbs/bootstrap/.github/workflows/lint.yml
index 816694ec2..51ee18999 100644
--- a/vendor/twbs/bootstrap/.github/workflows/lint.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/lint.yml
@@ -9,7 +9,10 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   lint:
@@ -18,6 +21,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/node-sass.yml b/vendor/twbs/bootstrap/.github/workflows/node-sass.yml
index 465cee485..dc687ca46 100644
--- a/vendor/twbs/bootstrap/.github/workflows/node-sass.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/node-sass.yml
@@ -9,7 +9,10 @@ on:
 
 env:
   FORCE_COLOR: 2
-  NODE: 16
+  NODE: 18
+
+permissions:
+  contents: read
 
 jobs:
   css:
@@ -18,6 +21,8 @@ jobs:
     steps:
       - name: Clone repository
         uses: actions/checkout@v3
+        with:
+          persist-credentials: false
 
       - name: Set up Node.js
         uses: actions/setup-node@v3
diff --git a/vendor/twbs/bootstrap/.github/workflows/release-notes.yml b/vendor/twbs/bootstrap/.github/workflows/release-notes.yml
index bbd0a2448..f620dd31d 100644
--- a/vendor/twbs/bootstrap/.github/workflows/release-notes.yml
+++ b/vendor/twbs/bootstrap/.github/workflows/release-notes.yml
@@ -6,8 +6,15 @@ on:
       - main
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   update_release_draft:
+    permissions:
+      # allow release-drafter/release-drafter to create GitHub releases and add labels to PRs
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     if: github.repository == 'twbs/bootstrap'
     steps:
diff --git a/vendor/twbs/bootstrap/.github/workflows/scorecards.yml b/vendor/twbs/bootstrap/.github/workflows/scorecards.yml
new file mode 100644
index 000000000..01977ac1c
--- /dev/null
+++ b/vendor/twbs/bootstrap/.github/workflows/scorecards.yml
@@ -0,0 +1,65 @@
+name: Scorecards supply-chain security
+
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: "16 10 * * 6"
+  workflow_dispatch:
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Used to receive a badge.
+      id-token: write
+      # Needs for private repositories.
+      contents: read
+      actions: read
+
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+
+      - name: Run analysis
+        uses: ossf/scorecard-action@v2.1.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) Read-only PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_READ_TOKEN }}
+
+          # Publish the results for public repositories to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories, `publish_results` will automatically be set to `false`, regardless
+          # of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: Upload to code-scanning
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: results.sarif