The version of Bootstrap being used is 3.3.7 which has reported XSS vulnerabilities and is coming up in our internal vulernability scans. The fix is supposed to come in the 3.4.0 release, but that seems to have stalled for whatever reason. May need to look at patching it specifically for DRF or do a full upgrade to Bootstrap 4.

DRF bootstrap.min.js:
https://github.com/encode/django-rest-framework/blob/b63099084f471fe3cd477fc5a5aa90cc97fca827/rest_framework/static/rest_framework/js/bootstrap.min.js

Issue report:
twbs/bootstrap#20184

Patch:
twbs/bootstrap#23687

3.4.0 release ticket:
twbs/bootstrap#25679