diff --git a/app/assets/javascripts/commons/bootstrap.js b/app/assets/javascripts/commons/bootstrap.js
index fba30aea9ae3d5bf0059fe96ce6693c994e05ef5..e5e1cbb1e62a4746c61f62b611d0839abd61e031 100644
--- a/app/assets/javascripts/commons/bootstrap.js
+++ b/app/assets/javascripts/commons/bootstrap.js
@@ -16,3 +16,63 @@ $.fn.extend({
       .removeClass('disabled');
   },
 });
+
+/*
+ Starting with bootstrap 4.3.1, bootstrap sanitizes html used for tooltips / popovers.
+ This extends the default whitelists with more elements / attributes:
+ https://getbootstrap.com/docs/4.3/getting-started/javascript/#sanitizer
+ */
+const whitelist = $.fn.tooltip.Constructor.Default.whiteList;
+
+const inputAttributes = ['value', 'type'];
+
+const dataAttributes = [
+  'data-toggle',
+  'data-placement',
+  'data-container',
+  'data-title',
+  'data-class',
+  'data-clipboard-text',
+  'data-placement',
+];
+
+// Whitelisting data attributes
+whitelist['*'] = [
+  ...whitelist['*'],
+  ...dataAttributes,
+  'title',
+  'width height',
+  'abbr',
+  'datetime',
+  'name',
+  'width',
+  'height',
+];
+
+// Whitelist missing elements:
+whitelist.label = ['for'];
+whitelist.button = [...inputAttributes];
+whitelist.input = [...inputAttributes];
+
+whitelist.tt = [];
+whitelist.samp = [];
+whitelist.kbd = [];
+whitelist.var = [];
+whitelist.dfn = [];
+whitelist.cite = [];
+whitelist.big = [];
+whitelist.address = [];
+whitelist.dl = [];
+whitelist.dt = [];
+whitelist.dd = [];
+whitelist.abbr = [];
+whitelist.acronym = [];
+whitelist.blockquote = [];
+whitelist.del = [];
+whitelist.ins = [];
+whitelist['gl-emoji'] = [];
+
+// Whitelisting SVG tags and attributes
+whitelist.svg = ['viewBox'];
+whitelist.use = ['xlink:href'];
+whitelist.path = ['d'];
diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss
index efebbd124d0f605599856bfda1a98ec45c793194..5d4c84c494d1f3adc519e7a4a7ad525ad40a15e3 100644
--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -711,3 +711,11 @@ $mr-version-controls-height: 56px;
 Compare Branches
 */
 $compare-branches-sticky-header-height: 68px;
+
+/**
+ Bootstrap 4.2.0 introduced new icons for validating forms.
+ Our design system does not use those, so we are disabling them for now:
+ - Docs: https://getbootstrap.com/docs/4.3/components/forms/#server-side
+ - Issue: https://gitlab.com/gitlab-org/design.gitlab.com/issues/242
+ */
+$enable-validation-icons: false;
diff --git a/app/assets/stylesheets/framework/variables_overrides.scss b/app/assets/stylesheets/framework/variables_overrides.scss
index efcc437bd7fb5cfdcdd85080960204c647bc620d..fb4d3f23cd92482005cdabd92ced16c1358ddcd5 100644
--- a/app/assets/stylesheets/framework/variables_overrides.scss
+++ b/app/assets/stylesheets/framework/variables_overrides.scss
@@ -9,7 +9,6 @@ $input-border-color: $gray-200;
 $input-color: $gl-text-color;
 $font-family-sans-serif: $regular-font;
 $font-family-monospace: $monospace-font;
-$input-line-height: 20px;
 $btn-line-height: 20px;
 $table-accent-bg: $gray-light;
 $card-border-color: $border-color;
diff --git a/package.json b/package.json
index f0f819fdb7475ae68f0dbf6c501ca2a4b2803f37..ff6be94b9e27c926f6f4ffef2d164930148d86df 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
     "@babel/plugin-syntax-dynamic-import": "^7.2.0",
     "@babel/plugin-syntax-import-meta": "^7.2.0",
     "@babel/preset-env": "^7.3.1",
-    "@gitlab/csslab": "^1.8.0",
+    "@gitlab/csslab": "^1.9.0",
     "@gitlab/svgs": "^1.54.0",
     "@gitlab/ui": "^3.0.0",
     "apollo-boost": "^0.3.1",
@@ -40,7 +40,7 @@
     "autosize": "^4.0.0",
     "axios": "^0.17.1",
     "babel-loader": "^8.0.5",
-    "bootstrap": "4.1.3",
+    "bootstrap": "4.3.1",
     "brace-expansion": "^1.1.8",
     "cache-loader": "^2.0.1",
     "chart.js": "2.7.2",
@@ -91,7 +91,7 @@
     "monaco-editor-webpack-plugin": "^1.7.0",
     "mousetrap": "^1.4.6",
     "pikaday": "^1.6.1",
-    "popper.js": "^1.14.3",
+    "popper.js": "^1.14.7",
     "prismjs": "^1.6.0",
     "prosemirror-markdown": "^1.3.0",
     "prosemirror-model": "^1.6.4",
diff --git a/yarn.lock b/yarn.lock
index 4a7443c0bd840dfdebca01d707341aa356c2a86c..fad1aceee484b089e40e69a2b54bb4781d722ec8 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -638,12 +638,12 @@
     lodash "^4.17.11"
     to-fast-properties "^2.0.0"
 
-"@gitlab/csslab@^1.8.0":
-  version "1.8.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/csslab/-/csslab-1.8.0.tgz#54a2457fdc80f006665f0e578a5532780954ccfa"
-  integrity sha512-RZylRElufH1kwsBQlIDaVcrcXMyD5IEGrU6ABUd8W3LG8/F9jJ4Y3Ys7EPTpK/qFJyx86AutTtFGRxRNlMx85w==
+"@gitlab/csslab@^1.9.0":
+  version "1.9.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/csslab/-/csslab-1.9.0.tgz#22fca5b1a30cbd9ca46fc6f9485ecbaba4dc300c"
+  integrity sha512-Zjayzokm7E2wgxUR/pxIMocdiBB5XHt2PEemdzD8qD+aQmMpMxSyIEMQk5Jq0Wgv+Rd5WXTolTw3kmb9l8ZeJg==
   dependencies:
-    bootstrap "4.1.3"
+    bootstrap "^4.1.3"
 
 "@gitlab/eslint-config@^1.4.0":
   version "1.4.0"
@@ -1681,10 +1681,10 @@ bootstrap-vue@^2.0.0-rc.11:
     popper.js "^1.12.9"
     vue-functional-data-merge "^2.0.5"
 
-bootstrap@4.1.3, bootstrap@^4.1.1:
-  version "4.1.3"
-  resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-4.1.3.tgz#0eb371af2c8448e8c210411d0cb824a6409a12be"
-  integrity sha512-rDFIzgXcof0jDyjNosjv4Sno77X4KuPeFxG2XZZv1/Kc8DRVGVADdoQyyOVDwPqL36DDmtCQbrpMCqvpPLJQ0w==
+bootstrap@4.3.1, bootstrap@^4.1.1, bootstrap@^4.1.3:
+  version "4.3.1"
+  resolved "https://registry.yarnpkg.com/bootstrap/-/bootstrap-4.3.1.tgz#280ca8f610504d99d7b6b4bfc4b68cec601704ac"
+  integrity sha512-rXqOmH1VilAt2DyPzluTi2blhk17bO7ef+zLLPlWvG494pDxcM234pJ8wTc/6R40UWizAIIMgxjvxZg5kmsbag==
 
 boxen@^1.2.1:
   version "1.3.0"
@@ -8121,10 +8121,10 @@ pofile@^1:
   resolved "https://registry.yarnpkg.com/pofile/-/pofile-1.0.11.tgz#35aff58c17491d127a07336d5522ebc9df57c954"
   integrity sha512-Vy9eH1dRD9wHjYt/QqXcTz+RnX/zg53xK+KljFSX30PvdDMb2z+c6uDUeblUGqqJgz3QFsdlA0IJvHziPmWtQg==
 
-popper.js@^1.12.9, popper.js@^1.14.3:
-  version "1.14.3"
-  resolved "https://registry.yarnpkg.com/popper.js/-/popper.js-1.14.3.tgz#1438f98d046acf7b4d78cd502bf418ac64d4f095"
-  integrity sha1-FDj5jQRqz3tNeM1QK/QYrGTU8JU=
+popper.js@^1.12.9, popper.js@^1.14.7:
+  version "1.14.7"
+  resolved "https://registry.yarnpkg.com/popper.js/-/popper.js-1.14.7.tgz#e31ec06cfac6a97a53280c3e55e4e0c860e7738e"
+  integrity sha512-4q1hNvoUre/8srWsH7hnoSJ5xVmIL4qgz+s4qf2TnJIMyZFUFMGH+9vE7mXynAlHSZ/NdTmmow86muD0myUkVQ==
 
 portfinder@^1.0.9:
   version "1.0.13"