Problem/Motivation
In #2991207: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases, we implemented messages for the site owner about the security coverage dates for their installed release. The implementation assumes each minor receives security coverage until two minors later. However, the last 1-2 minor versions of the major series need to have specific dates hardcoded, because there is no "two minors later".
Proposed resolution
Add the dates for 9.4.x and 9.5.x.
Adding appropriately named constants will automatically generate the correct messages (as shown in the test cases).
Remaining tasks
Needs code review.
Manual testing requires faking update module data, because the message is not displayed unless the branch has a stable release.
Alternately, manual testing with the below changes will display the message as if 9.2 and 9.3 were the final releases instead. (This works because Drupal.org already has stable releases for those branches.)
diff --git a/core/modules/update/src/ProjectSecurityData.php b/core/modules/update/src/ProjectSecurityData.php
index 6c927c5e0f..03e6cd3ab6 100644
--- a/core/modules/update/src/ProjectSecurityData.php
+++ b/core/modules/update/src/ProjectSecurityData.php
@@ -39,13 +39,13 @@ final class ProjectSecurityData {
*
* @see \Drupal\update\ProjectSecurityRequirement::getDateEndRequirement()
*/
- const SECURITY_COVERAGE_END_DATE_9_4 = '2023-06-21';
+ const SECURITY_COVERAGE_END_DATE_9_2 = '2023-06-21';
- const SECURITY_COVERAGE_ENDING_WARN_DATE_9_4 = '2022-12-14';
+ const SECURITY_COVERAGE_ENDING_WARN_DATE_9_2 = '2022-12-14';
- const SECURITY_COVERAGE_END_DATE_9_5 = '2023-11';
+ const SECURITY_COVERAGE_END_DATE_9_3 = '2023-11';
- const SECURITY_COVERAGE_ENDING_WARN_DATE_9_5 = '2023-05-14';
+ const SECURITY_COVERAGE_ENDING_WARN_DATE_9_3 = '2023-05-14';
/**
* The existing (currently installed) version of the project.
User interface changes
Drupal 9.4 and 9.5 will properly inform the user of accurate EOL dates.
API changes
- API addition of magically named class constants as added in response to #2991207-155: Drupal core should inform the user of the security coverage for the site's installed minor version including final 8.x LTS releases.
- Deprecation or removal of the D8 legacy dates.
Data model changes
None.
Release notes snippet
TBD
Issue fork drupal-3272956
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
- 3272956-eol-dates changes, plain diff MR !2039
Comments
Comment #2
xjmComment #3
xjmComment #4
xjmComment #5
xjmComment #7
xjmComment #8
xjmTest failure is a problem in the fixtures; I added release metadata for 9.8.0 and 9.9.0 instead of 9.4.0 and 9.5.0. 🤦♀️ Fix incoming.
Comment #9
xjmComment #10
xjmAdded a draft change record for the issue. I was on the fence about whether we even needed one, since the class is internal and the constants are only relevant on the Drupal version in their names, but it's there just in case.
Comment #11
xjmComment #12
xjmAdded info on manual testing.
Comment #13
xjmKnown random fail; sent retest.
Comment #14
dwwPer #3115435: Make clear why each XML update.module fixture is created the way it is, I'd love for us to be adding new update.module test fixtures with comments. E.g. see the top of
core/modules/update/tests/fixtures/release-history/bbb_update_test.1_2.xml
:I know you're copy/pasting existing fixtures that don't have them, but I'd be in favor of adding them (and trying to maintain the "gate" that newly added update fixtures should always have them, as if they were docblock comments on a class).
I have trouble keeping track of our test coverage and fixtures, and I'm one of the subsystem maintainers. It's generally very hard for other folks to contribute to these issues and understand the fixtures and tests.
Otherwise, I don't think I see anything in the MR to complain about. But I'll give it a more thorough look after some belated lunch. 😉
Thanks!
-Derek
Comment #15
xjmTagging for:
Comment #16
xjmComment #17
dwwPer #2995367: Fix update module test fixture names for 8.2.0-rc2 sample data and many others, I was under the impression that our naming convention for fixtures was that the filename indicates the latest release in that fixture. I don't believe we have this convention documented anywhere, but it's mostly true. 😉 Perhaps we can add a README.md to this directory as part of #3115435: Make clear why each XML update.module fixture is created the way it is or something?
Granted, the previous fixture names touched by this issue don't match that "convention" (such as it is), but if we're renaming them, I think we should move in the direction of this standard. So what's now
drupal.sec.9.9.0.xml
should be renamed todrupal.sec.9.5.0.xml
(since that's the latest release in that fixture after the changes in the MR).The one being renamed to
drupal.sec.10.5.0.xml
is already correct (since that fixture indeed ends with a 10.5.0 release).I haven't chatted w/ Ted about this, so I won't remove the subsystem maintainer review tag. But here's 1/2 of that review. 😉 I'll ping via Slack to see if we agree. Also temporarily assigning to @tedbow for the same.
Thanks and sorry for the confusion!
-Derek
Comment #18
tedbowthe fixture renaming @dww suggests in #17 seems right to me
Comment #19
tedbowComment #20
dwwI believe these are the metadata changes Ted meant. 😉
Comment #22
Wim LeersComment #23
tedbowNeeds Work for needing comments in XML see #14
Comment #24
Wim LeersAll feedback addressed!
Comment #25
tedbowLooks. thanks everyone
@Wim Leers for your follow #3280679: Remove legacy attributes, add supported_branches and consistently name update.module's XML fixtures, you might to see if the scope overlaps with #3110917: [meta] Fix update XML fixtures bad data
Comment #27
alexpottCommitted and pushed 96b87dfb70 to 10.0.x and 387143aa73 to 9.5.x and 6b59e9e50f to 9.4.x. Thanks!
Comment #34
smustgrave CreditAttribution: smustgrave at Mobomo commentedClosed https://www.drupal.org/project/drupal/issues/3186927 as a duplicate of this moving over credit
Comment #36
quietone CreditAttribution: quietone at PreviousNext commentedClosed #3107378: Deprecate hard-coded Drupal 8 dates from update logic for the status report once this information is provided by the infrastructure as a duplicate, adding credit.
Comment #37
quietone CreditAttribution: quietone at PreviousNext commented