Verified Commit 99d3dd4c authored by xjm's avatar xjm
Browse files

Issue #3198340 by alexpott, xjm, cilefen, Mile23, mmjvb, catch, longwave, mfb,...

Issue #3198340 by alexpott, xjm, cilefen, Mile23, mmjvb, catch, longwave, mfb, Mixologic, effulgentsia, larowlan, Warped, quietone, greg.1.anderson: Strict constraints in drupal/core-recommended make it harder for Composer-managed sites to apply their own security updates when a core update is not available
parent 03301fb9
......@@ -41,7 +41,7 @@ public function getPackage() {
// If there is no 'source' record, then this is a path repository
// or something else that we do not want to include.
if (isset($package['source']) && !in_array($package['name'], $remove_list)) {
$composer['require'][$package['name']] = $package['version'];
$composer['require'][$package['name']] = '~' . $package['version'];
}
}
return $composer;
......@@ -56,7 +56,7 @@ protected function initialPackageMetadata() {
return [
"name" => "drupal/core-recommended",
"type" => "metapackage",
"description" => "Locked core dependencies; require this project INSTEAD OF drupal/core.",
"description" => "Core and its dependencies with known-compatible minor versions. Require this project INSTEAD OF drupal/core.",
"license" => "GPL-2.0-or-later",
"conflict" => [
"webflo/drupal-core-strict" => "*",
......
{
"name": "drupal/core-recommended",
"type": "metapackage",
"description": "Locked core dependencies; require this project INSTEAD OF drupal/core.",
"description": "Core and its dependencies with known-compatible minor versions. Require this project INSTEAD OF drupal/core.",
"license": "GPL-2.0-or-later",
"conflict": {
"webflo/drupal-core-strict": "*"
},
"require": {
"drupal/core": "9.4.x-dev",
"asm89/stack-cors": "1.3.0",
"composer/semver": "3.3.2",
"doctrine/annotations": "1.13.2",
"doctrine/lexer": "1.2.3",
"doctrine/reflection": "1.2.3",
"egulias/email-validator": "3.2",
"guzzlehttp/guzzle": "6.5.7",
"guzzlehttp/promises": "1.5.1",
"guzzlehttp/psr7": "1.8.5",
"laminas/laminas-diactoros": "2.11.0",
"laminas/laminas-escaper": "2.9.0",
"laminas/laminas-feed": "2.17.0",
"laminas/laminas-stdlib": "3.7.1",
"masterminds/html5": "2.7.5",
"pear/archive_tar": "1.4.14",
"pear/console_getopt": "v1.4.3",
"pear/pear-core-minimal": "v1.10.11",
"pear/pear_exception": "v1.0.2",
"psr/cache": "1.0.1",
"psr/container": "1.1.1",
"psr/http-factory": "1.0.1",
"psr/http-message": "1.0.1",
"psr/log": "1.1.4",
"ralouphie/getallheaders": "3.0.3",
"stack/builder": "v1.0.6",
"symfony-cmf/routing": "2.3.4",
"symfony/console": "v4.4.42",
"symfony/debug": "v4.4.41",
"symfony/dependency-injection": "v4.4.42",
"symfony/deprecation-contracts": "v2.5.1",
"symfony/error-handler": "v4.4.41",
"symfony/event-dispatcher": "v4.4.42",
"symfony/event-dispatcher-contracts": "v1.1.12",
"symfony/http-client-contracts": "v2.5.1",
"symfony/http-foundation": "v4.4.42",
"symfony/http-kernel": "v4.4.42",
"symfony/mime": "v5.4.9",
"symfony/polyfill-ctype": "v1.25.0",
"symfony/polyfill-iconv": "v1.25.0",
"symfony/polyfill-intl-idn": "v1.25.0",
"symfony/polyfill-intl-normalizer": "v1.25.0",
"symfony/polyfill-mbstring": "v1.25.0",
"symfony/polyfill-php80": "v1.25.0",
"symfony/process": "v4.4.41",
"symfony/psr-http-message-bridge": "v2.1.2",
"symfony/routing": "v4.4.41",
"symfony/serializer": "v4.4.42",
"symfony/service-contracts": "v2.5.1",
"symfony/translation": "v4.4.41",
"symfony/translation-contracts": "v2.5.1",
"symfony/validator": "v4.4.41",
"symfony/var-dumper": "v5.4.9",
"symfony/yaml": "v4.4.37",
"twig/twig": "v2.15.1",
"typo3/phar-stream-wrapper": "v3.1.7"
"asm89/stack-cors": "~1.3.0",
"composer/semver": "~3.3.2",
"doctrine/annotations": "~1.13.2",
"doctrine/lexer": "~1.2.3",
"doctrine/reflection": "~1.2.3",
"egulias/email-validator": "~3.2",
"guzzlehttp/guzzle": "~6.5.7",
"guzzlehttp/promises": "~1.5.1",
"guzzlehttp/psr7": "~1.8.5",
"laminas/laminas-diactoros": "~2.11.0",
"laminas/laminas-escaper": "~2.9.0",
"laminas/laminas-feed": "~2.17.0",
"laminas/laminas-stdlib": "~3.7.1",
"masterminds/html5": "~2.7.5",
"pear/archive_tar": "~1.4.14",
"pear/console_getopt": "~v1.4.3",
"pear/pear-core-minimal": "~v1.10.11",
"pear/pear_exception": "~v1.0.2",
"psr/cache": "~1.0.1",
"psr/container": "~1.1.1",
"psr/http-factory": "~1.0.1",
"psr/http-message": "~1.0.1",
"psr/log": "~1.1.4",
"ralouphie/getallheaders": "~3.0.3",
"stack/builder": "~v1.0.6",
"symfony-cmf/routing": "~2.3.4",
"symfony/console": "~v4.4.42",
"symfony/debug": "~v4.4.41",
"symfony/dependency-injection": "~v4.4.42",
"symfony/deprecation-contracts": "~v2.5.1",
"symfony/error-handler": "~v4.4.41",
"symfony/event-dispatcher": "~v4.4.42",
"symfony/event-dispatcher-contracts": "~v1.1.12",
"symfony/http-client-contracts": "~v2.5.1",
"symfony/http-foundation": "~v4.4.42",
"symfony/http-kernel": "~v4.4.42",
"symfony/mime": "~v5.4.9",
"symfony/polyfill-ctype": "~v1.25.0",
"symfony/polyfill-iconv": "~v1.25.0",
"symfony/polyfill-intl-idn": "~v1.25.0",
"symfony/polyfill-intl-normalizer": "~v1.25.0",
"symfony/polyfill-mbstring": "~v1.25.0",
"symfony/polyfill-php80": "~v1.25.0",
"symfony/process": "~v4.4.41",
"symfony/psr-http-message-bridge": "~v2.1.2",
"symfony/routing": "~v4.4.41",
"symfony/serializer": "~v4.4.42",
"symfony/service-contracts": "~v2.5.1",
"symfony/translation": "~v4.4.41",
"symfony/translation-contracts": "~v2.5.1",
"symfony/validator": "~v4.4.41",
"symfony/var-dumper": "~v5.4.9",
"symfony/yaml": "~v4.4.37",
"twig/twig": "~v2.15.1",
"typo3/phar-stream-wrapper": "~v3.1.7"
}
}
......@@ -25,13 +25,13 @@ public function builderTestData() {
[
'name' => 'drupal/core-recommended',
'type' => 'metapackage',
'description' => 'Locked core dependencies; require this project INSTEAD OF drupal/core.',
'description' => 'Core and its dependencies with known-compatible minor versions. Require this project INSTEAD OF drupal/core.',
'license' => 'GPL-2.0-or-later',
'require' =>
[
'drupal/core' => Composer::drupalVersionBranch(),
'symfony/polyfill-ctype' => 'v1.12.0',
'symfony/yaml' => 'v3.4.32',
'symfony/polyfill-ctype' => '~v1.12.0',
'symfony/yaml' => '~v3.4.32',
],
'conflict' =>
[
......
......@@ -53,6 +53,9 @@ public function testComposerLockHash() {
* @dataProvider providerTestComposerJson
*/
public function testComposerTilde($path) {
if (preg_match('#composer/Metapackage/CoreRecommended/composer.json$#', $path)) {
$this->markTestSkipped("$path has tilde");
}
$content = json_decode(file_get_contents($path), TRUE);
$composer_keys = array_intersect(['require', 'require-dev'], array_keys($content));
if (empty($composer_keys)) {
......@@ -79,7 +82,7 @@ public function providerTestComposerJson() {
$data = [];
$composer_json_finder = $this->getComposerJsonFinder(realpath(__DIR__ . '/../../../../'));
foreach ($composer_json_finder->getIterator() as $composer_json) {
$data[] = [$composer_json->getPathname()];
$data[$composer_json->getPathname()] = [$composer_json->getPathname()];
}
return $data;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment