For a while dependabot has been complaining that we need to upgrade to bootstrap 5.0.0 to avoid a cross-site-scripting vulnerability. As this is an almost entirely static website we are at low risk for XSS, but should still solve this.