Use new version format #4
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
| The composer.json in 8.0.x and 7.x is generated automatically. You have to adjust the build script in https://github.com/drupal-composer/drupal-security-advisories/blob/master/build/build-composer-json.php#L62 |
| It seems like we'd need to first implement a toSemVar function in https://github.com/drupal-composer/drupal-parse-composer/blob/master/src/VersionFactory.php And then pull in that new version of the VersionFactory, and call toSemVar in build-composer-json.php to get the new-style version string. Does that sound right to you? Can you think of any way to accelerate that, given that the drupal-composer packagist is already deprecated? |
| Resolved in #5 |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
Most composer installations to this point have used https://packagist.drupal-composer.org, which used a version format like this:
"drupal/search_api": "8.1.0-alpha14"However, packagist.drupal-composer.org is now deprecated in favor of packages.drupal.org. packages.drupal.org recommends a new version format:
"drupal/search_api": "1.0.0-alpha14"This is problematic for projects using drupal-security-advisories (DSA) that want to switch to packages.drupal.org, because DSA will detect these new version strings as security vulnerabilities.