Bootstrap 3 deprecation #266
Comments
|
Ow. Unfortunately I'm no frontend developer and wasn't the one responsible for the bootstrap integration. @ogarcia are you still around? Would you consider upgrading the project to a newer version of bootstrap please? If not I might as well get rid of it and aim for something simpler. |
|
The fact that bootstrap 3 is deprecated (and removed from the distributions) does not influence the functioning of supysonic since it is embedded and therefore one thing will always be included with the other. That said it is not good to stay in bootstrap 3 forever because it is assumed that newer versions are always better. I keep an eye on everything and try to make the migration. What I can't tell you is how long it will take me because it's been a while since I made the code and I have to review the whole thing. Update: I have been now checking over and the change is very big. I will keep you informed. |
Bootstrap 3 is vendored in on this repository, but the one for Debian packaging actually removes it to replace it by a dependency on a bootstrap package. So if Bootstrap 3 is removed from Debian, Supysonic will have a broken dependency and will be forced to also be removed from the Debian packages. Don't feel obligated to do the upgrade if you consider this is more work than you can handle. I pinged you because you added BS3, it would be nice if someone knowledgeable on the matter could do the upgrade but I'm in no way pressuring you into it. If you tell me you won't be able to do it that's fine by me, I'll find another solution. |
Wow, I was completely unaware that Debian people did that. In that case yes, if Debian deprecates Bootstrap 3 then it is possible that it also deprecates supysonic.
No, don't worry, I've actually started to look at how it can be done, it just might take me a few iterations to get it all right. I'll let you know. |
Yeah, Debian typically tries not to vendor anything for security reasons (amongst other things). That said, if push comes to shove, I'd probably just vendor the bootstrap.js file instead of having to remove the entire supysonic package. It's not 'clean' but it wouldn't be the end of the world. That or I would patch out the web UI. In any case, thanks for looking into this, using Bootstrap 5 would be really easier on my end 😄 |
|
I am now having some fun with this and finally I think the migration is not complicated, a bit tedious because the change is so big, but it is done well. It is possible that either today at the end of the day or tomorrow I will have something visible, it is looking like this:
|
|
@baldurmen and @spl0k you can try the changes in #267 which I think fixes this bug and leaves everything ready to go. 😊 |
JFTR, there are open CVEs for bootstrap 3 (and 4), whose fixes are not publicly available: https://security-tracker.debian.org/tracker/CVE-2024-6484 Embedding a copy of foo means embedding its security issues and (lack of) support. And over all, thanks for your work! |
|
Looks like you had a bit of fun. Looks fine to me, it's merged! Thank you for your quick reaction and your work on this, it's greatly appreciated :) |
Hello!
It seems bootstrap 3 is deprecated and this means it probably won't be in the next Debian release...
Bootstrap v5 apparently isn't a drop-in replacement, so migrating to it would require some work (I haven't really looked...).
Happy to run some tests if you need me to!
https://getbootstrap.com/docs/5.3/migration/
The text was updated successfully, but these errors were encountered: