Update Bootstrap to v5 #872
Comments
|
I don't think it'd be trivial to move from Bootstrap 3 to Bootstrap 5 given that there are various breaking changes between the two. We've also made many changes ourselves to the Bootstrap 3 CSS. That said, I agree that we should move away from the Bootstrap 3 JavaScript plugins. We use several of those plugins, but mostly in simple ways. One benefit of moving away from those plugins is that we wouldn't have to use jQuery, which is a big part of our bundle size. In other words, I think we should continue using Bootstrap 3 CSS with our adjustments to it. Maybe one day we move away from Bootstrap entirely, but I don't see much reason to move from Bootstrap 3 CSS to Bootstrap 5 CSS. In terms of moving away from Bootstrap 3 JavaScript plugins, in cases where the plugin is doing something simple, I think we could write our own JavaScript. For example, we could write our own modal logic pretty easily. In other cases, there are alternative packages that we could use. I've wanted to replace our uses of the Bootstrap popover plugin with Floating UI, which we already use for tooltips. We could probably also replace the dropdown plugin with Floating UI. Does this seem like a reasonable strategy? If so, I'll rename this issue to "Replace Bootstrap plugins". It'd be useful to get a sense of priority. Neither GitHub nor npm flag Bootstrap 3 as a security vulnerability. Bootstrap 3 is not the only package we use that's out-of-date or not maintained. Could you link to some of the security issues you've seen? For what it's worth, we are in good (or at least plentiful) company. The most popular version of Bootstrap on npm is Bootstrap 3.4.1, with over 2M downloads in the last 7 days. |
We use Bootstrap 3 which reached EOL four years ago.
It looks like we mostly just use the CSS parts, so maybe don't need to upgrade, but v3 currently gets flagged as a security issue with automated vulnerability detection systems.
The text was updated successfully, but these errors were encountered: