Problem/Motivation

https://blog.packagist.com/composer-2-7-7/

Proposed resolution

Require Composer 2.7.7 for 10.3.x and above in Drupal's dev dependencies (and for Autoupdates).

Remaining tasks

NR. Branch named -composer is the 11.x version (sorry); others are named according to their target branch.

Release notes snippet

Drupal core's Composer development dependency has been updated to Composer 2.7.7, which addresses security vulnerabilities. It is recommended that Drupal site owners also update their local Composer versions with composer self-update.

CommentFileSizeAuthor
#8 3454556-nr-bot.txt90 bytesneeds-review-queue-bot

Issue fork drupal-3454556

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

xjm created an issue. See original summary.

xjm opened merge request !8403

xjm opened merge request !8404

xjm’s picture

xjm
she/her
Primary language English
commented
Status: Active » Needs review

xjm opened merge request !8405

xjm opened merge request !8406

xjm’s picture

xjm
she/her
Primary language English
commented
Issue summary: View changes
needs-review-queue-bot’s picture

needs-review-queue-bot commented
Status: Needs review » Needs work
StatusFileSize
new 3454556-nr-bot.txt90 bytes

The Needs Review Queue Bot tested this issue. It no longer applies to Drupal core. Therefore, this issue status is now "Needs work".

This does not mean that the patch necessarily needs to be re-rolled or the MR rebased. Read the Issue Summary, the issue tags and the latest discussion here to determine what needs to be done.

Consult the Drupal Contributor Guide to find step-by-step guides for working with issues.

xjm’s picture

xjm
she/her
Primary language English
commented
Status: Needs work » Needs review
Issue tags: +no-needs-review-bot
xjm’s picture

xjm
she/her
Primary language English
commented
Issue summary: View changes
xjm’s picture

xjm
she/her
Primary language English
commented
Issue summary: View changes

 

smustgrave’s picture

smustgrave commented
Status: Needs review » Reviewed & tested by the community

All MRs are green

Didn't test on every version but on 11.x applied the MR and self-update worked as expected.

catch closed merge request !8403

catch closed merge request !8404

catch closed merge request !8405

  • catch committed b367184c on 10.3.x 
    Issue #3454556 by xjm: Require Composer 2.7.7

  • catch committed cbf7975e on 10.4.x 
    Issue #3454556 by xjm: Require Composer 2.7.7

  • catch committed 7e813547 on 11.0.x 
    Issue #3454556 by xjm: Require Composer 2.7.7

  • catch committed 6d1c5c57 on 11.x 
    Issue #3454556 by xjm: Require Composer 2.7.7
catch’s picture

catch
he/him
Primary language English
commented
Version: 11.x-dev » 10.3.x-dev
Status: Reviewed & tested by the community » Fixed

Committed/pushed to 11.x, 11.0.x, 10.4.x, 10.3.x respectively, thanks! Added the release notes snippet to the 10.3.0 draft.

xjm closed merge request !8406

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.