I have a client that is looking at the results of Retire.js (retirejs.github.io) for the GL Web Console.
Just for background info; client is running v4.3.7 however, I have setup a fresh install using the latest 5.2 release and RetireJS reports the same.
RetireJS is reporting that Bootstrap v3.4.1 is being used, which is EOL.
I’ve also noted that RetireJS appears to be using out-dated information as v4 is also EOL, and v5 is currently the only actively supported version.
Looking at the
app.js file, this detection is likely coming from
h.push([e.id,'/*!\n * Bootstrap v3.4.1 in the source.
I have advised the client that there are no known vulnerabilities with GL’s implementation of Bootstrap; however, they are still insisting on a remediation for the EOL library.
I have had a look at the Issues on GH and couldn’t see anything related to bumping the version of Bootstrap; is there any /official/ information related to this that I can pass over to try and calm their worries?