yiisoft/yii2-bootstrap4

[bscheshirwork]

What steps will reproduce the problem?

So... We have "new" bootstrap... And separated extensions for it.

This package use yiisoft/yii2-bootstrap in dependences

composer show --tree

2amigos/yii2-usuario dev-master Highly customizable and extensible user management, authentication, and authorization Yii2 extension
├──2amigos/yii2-selectize-widget ^1.1
│  ├──bower-asset/selectize ~0.12.0
│  │  ├──bower-asset/jquery >=1.7.0
│  │  ├──bower-asset/microplugin dev-0.0.x|0.0.x
│  │  └──bower-asset/sifter dev-0.5.x|0.5.x
│  ├──yiisoft/yii2 ~2.0.0
│  │  ├──bower-asset/inputmask ~3.2.2 | ~3.3.5
│  │  │  └──bower-asset/jquery >=1.7
│  │  ├──bower-asset/jquery 3.2.*@stable | 3.1.*@stable | 2.2.*@stable | 2.1.*@stable | 1.11.*@stable | 1.12.*@stable
│  │  ├──bower-asset/punycode 1.3.*
│  │  ├──bower-asset/yii2-pjax ~2.0.1
│  │  │  └──bower-asset/jquery >=1.8
│  │  ├──cebe/markdown ~1.0.0 | ~1.1.0 | ~1.2.0
│  │  │  ├──lib-pcre *
│  │  │  └──php >=5.4.0
│  │  ├──ext-ctype *
│  │  ├──ext-mbstring *
│  │  ├──ezyang/htmlpurifier ~4.6
│  │  │  └──php >=5.2
│  │  ├──lib-pcre *
│  │  ├──php >=5.4.0
│  │  └──yiisoft/yii2-composer ~2.0.4
│  │     └──composer-plugin-api ^1.0
│  └──yiisoft/yii2-bootstrap ~2.0.0
│     ├──bower-asset/bootstrap 3.3.* | 3.2.* | 3.1.*
│     │  └──bower-asset/jquery >=1.9.1,<4.0
│     └──yiisoft/yii2 ~2.0.6
│        ├──bower-asset/inputmask ~3.2.2 | ~3.3.5
│        │  └──bower-asset/jquery >=1.7
│        ├──bower-asset/jquery 3.2.*@stable | 3.1.*@stable | 2.2.*@stable | 2.1.*@stable | 1.11.*@stable | 1.12.*@stable
│        ├──bower-asset/punycode 1.3.*
│        ├──bower-asset/yii2-pjax ~2.0.1
│        │  └──bower-asset/jquery >=1.8
│        ├──cebe/markdown ~1.0.0 | ~1.1.0 | ~1.2.0
│        │  ├──lib-pcre *
│        │  └──php >=5.4.0
│        ├──ext-ctype *
│        ├──ext-mbstring *
│        ├──ezyang/htmlpurifier ~4.6
│        │  └──php >=5.2
│        ├──lib-pcre *
│        ├──php >=5.4.0
│        └──yiisoft/yii2-composer ~2.0.4
│           └──composer-plugin-api ^1.0
├──php >=5.5
├──yiisoft/yii2-authclient ^2.1
│  └──yiisoft/yii2-httpclient ~2.0.5
│     └──yiisoft/yii2 ~2.0.13
│        ├──bower-asset/inputmask ~3.2.2 | ~3.3.5
│        │  └──bower-asset/jquery >=1.7
│        ├──bower-asset/jquery 3.2.*@stable | 3.1.*@stable | 2.2.*@stable | 2.1.*@stable | 1.11.*@stable | 1.12.*@stable
│        ├──bower-asset/punycode 1.3.*
│        ├──bower-asset/yii2-pjax ~2.0.1
│        │  └──bower-asset/jquery >=1.8
│        ├──cebe/markdown ~1.0.0 | ~1.1.0 | ~1.2.0
│        │  ├──lib-pcre *
│        │  └──php >=5.4.0
│        ├──ext-ctype *
│        ├──ext-mbstring *
│        ├──ezyang/htmlpurifier ~4.6
│        │  └──php >=5.2
│        ├──lib-pcre *
│        ├──php >=5.4.0
│        └──yiisoft/yii2-composer ~2.0.4
│           └──composer-plugin-api ^1.0
├──yiisoft/yii2-bootstrap ^2.0
│  ├──bower-asset/bootstrap 3.3.* | 3.2.* | 3.1.*
│  │  └──bower-asset/jquery >=1.9.1,<4.0
│  └──yiisoft/yii2 ~2.0.6
│     ├──bower-asset/inputmask ~3.2.2 | ~3.3.5
│     │  └──bower-asset/jquery >=1.7
│     ├──bower-asset/jquery 3.2.*@stable | 3.1.*@stable | 2.2.*@stable | 2.1.*@stable | 1.11.*@stable | 1.12.*@stable
│     ├──bower-asset/punycode 1.3.*
│     ├──bower-asset/yii2-pjax ~2.0.1
│     │  └──bower-asset/jquery >=1.8
│     ├──cebe/markdown ~1.0.0 | ~1.1.0 | ~1.2.0
│     │  ├──lib-pcre *
│     │  └──php >=5.4.0
│     ├──ext-ctype *
│     ├──ext-mbstring *
│     ├──ezyang/htmlpurifier ~4.6
│     │  └──php >=5.2
│     ├──lib-pcre *
│     ├──php >=5.4.0
│     └──yiisoft/yii2-composer ~2.0.4
│        └──composer-plugin-api ^1.0
├──yiisoft/yii2-httpclient ^2.0
│  └──yiisoft/yii2 ~2.0.13
│     ├──bower-asset/inputmask ~3.2.2 | ~3.3.5
│     │  └──bower-asset/jquery >=1.7
│     ├──bower-asset/jquery 3.2.*@stable | 3.1.*@stable | 2.2.*@stable | 2.1.*@stable | 1.11.*@stable | 1.12.*@stable
│     ├──bower-asset/punycode 1.3.*
│     ├──bower-asset/yii2-pjax ~2.0.1
│     │  └──bower-asset/jquery >=1.8
│     ├──cebe/markdown ~1.0.0 | ~1.1.0 | ~1.2.0
│     │  ├──lib-pcre *
│     │  └──php >=5.4.0
│     ├──ext-ctype *
│     ├──ext-mbstring *
│     ├──ezyang/htmlpurifier ~4.6
│     │  └──php >=5.2
│     ├──lib-pcre *
│     ├──php >=5.4.0
│     └──yiisoft/yii2-composer ~2.0.4
│        └──composer-plugin-api ^1.0
└──yiisoft/yii2-swiftmailer ^2.0
   ├──swiftmailer/swiftmailer ~6.0
   │  ├──egulias/email-validator ~2.0
   │  │  ├──doctrine/lexer ^1.0.1
   │  │  │  └──php >=5.3.2
   │  │  └──php >= 5.5
   │  └──php >=7.0.0
   └──yiisoft/yii2 >=2.0.4
      ├──bower-asset/inputmask ~3.2.2 | ~3.3.5
      │  └──bower-asset/jquery >=1.7
      ├──bower-asset/jquery 3.2.*@stable | 3.1.*@stable | 2.2.*@stable | 2.1.*@stable | 1.11.*@stable | 1.12.*@stable
      ├──bower-asset/punycode 1.3.*
      ├──bower-asset/yii2-pjax ~2.0.1
      │  └──bower-asset/jquery >=1.8
      ├──cebe/markdown ~1.0.0 | ~1.1.0 | ~1.2.0
      │  ├──lib-pcre *
      │  └──php >=5.4.0
      ├──ext-ctype *
      ├──ext-mbstring *
      ├──ezyang/htmlpurifier ~4.6
      │  └──php >=5.2
      ├──lib-pcre *
      ├──php >=5.4.0
      └──yiisoft/yii2-composer ~2.0.4
         └──composer-plugin-api ^1.0

What is the expected result?

the new major version within support bootstrap4 throw yiisoft/yii2-bootstrap4

What do you get instead?

not implemented

[maxxer]

I'd be glad to support b4, but I still don't know the best way to do that.

I see others have made custom repos, but that would mean duplicating code. I think the best would be to make overrides for the view, possibly automatically.

Hints/help welcome

[maxxer]

Kartik seems to have implemented a module param to conditionally show different layout/js/css for BS3 or BS4

http://demos.krajee.com/grid#bs-info

[tonydspaniard]

I think we should remove all dependencies like selectize widget. I am also not happy with bs.

I am more about creating a different repository for views only. They should not be part of the module. I found them a problem to the library when wanting to scale.

[bscheshirwork]

I think we should remove all dependencies like selectize widget

This widget also can be replace by Kartik's Select2. (And look like so strange use selectize only for one page). We can add options to pick 3-part-widgets on this case?

[tonydspaniard]

I think is better to remove it entirely TBH

I'll propose something when having a bit of time.

[qav-gabriela-castro]

Hi guys, do you have any prevision when this will be release?

[tonydspaniard]

@qav-gabriela-castro I am trying to organize my time in order to properly give good feedback and/or implementations. I think the dependencies on widgets and/or external components is a mistake as we do allow the overriding of views.

[YiiRocks]

Is there anything planned soon?
I would like to help, but since I see some bigger changes involved I am unable to start. If any direction would be started, people will be able to jump in.

[tonydspaniard]

@maxxer I think the best way is:

• To remove entirely 2amigos/yii2-selectize-widget and not include any other external dependencies as people can override their views and add the widgets they wish.
• Update Actions to support autocomplete calls with different response formatters for different widgets.
• Keep current versioning for b3

About bootstrap 4

I have been checking the solution from kartik and doesn't make sense for us:

Configure a parameter
You need to install one of yiisoft/yii2-bootstrap or yiisoft/yii2-bootstrap4 extensions manually

I think the best solution would be to create a new branch bs4 and then use different versioned tags.

Other approaches welcome.

[TylerByte666]

Not too sure who'll be the hero, but I hope you are all okay!

Until we can support Bootstrap 4.2.1, we can't go into production with this awesome tool 😿
CVE-2018-14042

[TonisOrmisson]

This CVE is also fixed for Bootstrap >=3.4.0
https://nvd.nist.gov/vuln/detail/CVE-2018-14042

[paskuale75]

...so what would the ideal solution be?

[maxxer]

If anyone has proposals I'm open for discussion/merge, unfortunately I don't have time to work on it and the original author either (I suppose)

[paskuale75]

can't this code be a start ?

[TylerByte666]

@TonisOrmisson I saw that, but was able to do a POC on our DEV with Bootstrap 3.4.1. It is also by no means the only CVE. OWASP report reveals the same.
@paskuale75 That seems the way so far I am going to try burn the midnight oil on this one. Thanks for the starting point mate...
@maxxer Thanks for all your help, you guys are the 💣

[paskuale75]

@TylerByte666 I did very little, and it would be great if you can get this extension with the version 4 bootstrap option, good job 😅

[TonisOrmisson]

@maxxer @tonydspaniard Can we start to initialize the bs4 version somehow. I suggest you create a bs4-branch and maybe then @lhfi code can be merged as start and then other also have a branch to submit their contributions?

[maxxer]

#437 has been created by @lhfi.

I'm ok in merging but I'm wondering how will it work for versions. Can composer handle i.e. 1.5.0 for bs3 and 1.5.0-bs4?

[TonisOrmisson]

We have a number of commits in the main branch untagged so I would not worry about tag numbers on bs4 at this point. I would simply make a start with creating a new branch eg bs4 and then one could refer to that as dev-bs4

[maxxer]

Branch created!

[paskuale75]

Please update docs for use bs4 version, thanks all

[Christian97-WCdP]

I have updated page by page for the display of bs4 but it still looks bad, it must be changed by hand then

[lhfi]

I have updated page by page for the display of bs4 but it still looks bad, it must be changed by hand then

You cannot mix and match BS3 and BS4. If you have any BS3 widgets on the page, (e.g. you didn't update the menu bar in your layout, or there is another widget using BS3 like notifications, alerts etc ) then it breaks BS4 completely and the layout looks terrible.

[Christian97-WCdP]

I have updated page by page for the display of bs4 but it still looks bad, it must be changed by hand then

You cannot mix and match BS3 and BS4. If you have any BS3 widgets on the page, (e.g. you didn't update the menu bar in your layout, or there is another widget using BS3 like notifications, alerts etc ) then it breaks BS4 completely and the layout looks terrible.

Yes I know but better than having the dezoomated pages is, but I still haven't found an optimal solution