Skip to content
Snippets Groups Projects

If the site is on an insecure version of an old minor and there is a secure version of that old minor available, the update status report should link that release

If the site is on an insecure version of an old minor and there is a secure version of that old minor available, the update status report should link that release
issue/drupal-2990476:2990476-if-the-site into 11.x
6 open threads
Open
quietonerequested to merge
issue/drupal-2990476:2990476-if-the-site into 11.x
6 open threads

Closes #2990476

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
core/modules/update/tests/src/Functional/UpdateTestBase.php
110 110 * The type of update message expected.
111 111 * @param string $update_element_css_locator
112 112 * The CSS locator for the page element that contains the security updates.
113 * @param string $recommended_security_release
114 * The recommended security release.
113 115 */
114 protected function assertSecurityUpdates($project_path_part, array $expected_security_releases, $expected_update_message_type, $update_element_css_locator) {
116 protected function assertSecurityUpdates($project_path_part, array $expected_security_releases, $expected_update_message_type, $update_element_css_locator, string $recommended_security_release) {
  • Derek Wright
    Derek Wright @dww
    Developer

    I'm probably missing something, but I've looked through the test-only changes in this MR 3 times and I don't see why we've added this final parameter and updated all the providers, since it doesn't look like we do anything with this string. :sweat_smile: There's no new assertion about it at all in this method (assertSecurityUpdates()).

  • quietone
    quietone @quietone
    Author Maintainer

    Ah, thank you. I put this in but never finished adding the assertion for the new text. That has been added now.

  • Please register or sign in to reply
  • Derek Wright
    Derek Wright @dww started a thread on the diff
    • core/modules/update/tests/src/Functional/UpdateSemverTestSecurityAvailabilityTrait.php
    165 175 'expected_security_releases' => ['1.2'],
    166 176 'expected_update_message_type' => static::UPDATE_AVAILABLE,
    167 177 'fixture' => 'sec.8.1.2',
    178 'recommended_security_release' => '',
    • Comment on lines 171 to +178
      Derek Wright
      Derek Wright @dww
      Developer

      Out of scope for this issue, but I have to ask while I'm looking at all this test coverage so closely... :laughing:

      If "All releases for minor 0 are secure" is true, and the site is on minor 0, why does the site admin even care if the minor 1 branch has a security release? :grinning:

    • quietone
      quietone @quietone
      Author Maintainer

      They would care if they only wanted to updated to security releases. Maybe?

    • Please register or sign in to reply
  • Derek Wright
  • Derek Wright
  • Derek Wright
    Derek Wright @dww started a thread on an old version of the diff
    • core/modules/update/update.compare.inc
    573 580 $project_data['reason'] = t('Invalid info');
    574 581 }
    575 582 }
    583
    584 /**
    585 * Updates recommended if there is a later security release in ihe same minor.
    586 *
    587 * @param $project_data
    588 * An array containing information about a specific project.
    589 * @param $release_module_version
    590 * The current release extension object.
    • Comment on lines +589 to +590
      Derek Wright
      Derek Wright @dww
      Developer

      "extension object"? So we assume this is a Drupal\update\ProjectRelease? We should say so. Also see above that these are for themes, too, so we don't want module_ in the name...

      Suggested change
      589 * @param $release_module_version
      590 * The current release extension object.
      589 * @param \Drupal\update\ProjectRelease $installed_version
      590 * The current release extension object.
    • quietone changed this line in version 5 of the diff

      changed this line in version 5 of the diff

    • quietone
      quietone @quietone
      Author Maintainer

      The second parameter has been removed. The installed version is available in $project_data, so that is used.

    • Please register or sign in to reply
  • Derek Wright
    Derek Wright @dww started a thread on an old version of the diff
    • core/modules/update/update.compare.inc
    573 580 $project_data['reason'] = t('Invalid info');
    574 581 }
    575 582 }
    583
    584 /**
    585 * Updates recommended if there is a later security release in ihe same minor.
    586 *
    587 * @param $project_data
    588 * An array containing information about a specific project.
    589 * @param $release_module_version
    590 * The current release extension object.
    591 */
    592 function update_recommended(&$project_data, $release_module_version): void {
    • Derek Wright
      Derek Wright @dww
      Developer

      As new code, can we add the types?

      Suggested change
      592 function update_recommended(&$project_data, $release_module_version): void {
      592 function update_recommended(array &$project_data, ProjectRelease $installed_version): void {

      Also, see above about the name of this parameter. I'm not exactly sure what it should be called, but maybe $installed_version is short and sweet? The rest of the function will need to be updated to match...

    • quietone changed this line in version 4 of the diff

      changed this line in version 4 of the diff

    • quietone
      quietone @quietone
      Author Maintainer

      See above. The second parameter has been removed.

    • Please register or sign in to reply
  • Derek Wright
    Derek Wright @dww started a thread on an old version of the diff
    • core/modules/update/update.compare.inc
    358 358 $recommended_version_without_extra = '';
    359 359 $recommended_release = NULL;
    360 360 $release_is_supported = FALSE;
    361 $release_module_version = NULL;
    • Derek Wright
      Derek Wright @dww
      Developer

      All this plumbing works on both modules and themes, so I doubt this is the right name for this variable. Everywhere else we call these "project releases". So probably something like this would be better:

        $project_release_version = NULL;

      That said, I'm not totally understanding the point of this variable (yet) and the entire code base is dealing with "project release versions" of all sorts. :wink: What's the more self-documenting thing here? Is this really "Currently installed project release version"? If so, let's put "current" or "installed" in the name...

        $project_installed_release_version = NULL;

      Maybe? Or even just this?

      Suggested change
      361 $release_module_version = NULL;
      361 $installed_version = NULL;

      This function is per-project already, so we don't really have to keep saying so.

    • quietone changed this line in version 5 of the diff

      changed this line in version 5 of the diff

    • quietone
      quietone @quietone
      Author Maintainer

      This was PHPStorm was complaining about $release_module_version not being set. Since the new method no longer uses that variable this line has been removed.

      Also, the variable '$release_module_version' was added to core in 2020, in #3074993. A name change would be something for another issue.

    • Please register or sign in to reply
  • Derek Wright
  • Derek Wright
    Derek Wright @dww started a thread on the diff
    • core/modules/update/update.compare.inc
    370 371 }
    371 372
    372 373 try {
    373 374 $release_module_version = ExtensionVersion::createFromVersionString($release->getVersion());
    • Derek Wright
      Derek Wright @dww
      Developer

      Oh crap, this isn't a new variable from this MR? I guess this snuck in while I wasn't looking. Ugh. Well, probably out of scope to change it here. But then why are we initializing it to NULL above here? Maybe if we need to be initializing it to NULL, we can rename it? :grinning:

    • quietone
      quietone @quietone
      Author Maintainer

      Ah, we agree! No renaming as explained above.

    • Please register or sign in to reply
  • quietone added 124 commits

    added 124 commits

    Compare with previous version

  • quietone added 5 commits

    added 5 commits

    Compare with previous version

    Toggle commit list
  • quietone added 1 commit

    added 1 commit

    Compare with previous version

  • quietone added 136 commits

    added 136 commits

    Compare with previous version

    Toggle commit list
  • quietone added 1 commit

    added 1 commit

    Compare with previous version

  • quietone added 40 commits

    added 40 commits

    Compare with previous version

    Toggle commit list
  • quietone added 363 commits

    added 363 commits

    Compare with previous version

    Toggle commit list
  • quietone added 1 commit

    added 1 commit

    Compare with previous version

    • Please register or sign in to reply