Problem/Motivation

In our composer we use ~ often. In the composer doc is says that the caret:

is the recommended operator for maximum interoperability when writing library code.

Furthermore when there is a patch release for a dependency which we'd like to help ensure users using composer to manage their project's dependencies get this will help them. See #2768953: Prevent insecure Guzzle from being installed when using composer to manager your project dependencies.

Proposed resolution

Change composer dependency versions to ^1.2.3 style using the caret. This would also allow for users managing their own dependencies to update to later minor versions when needed (outside of core releases).

Remaining tasks

  • Decide if we want to adopt ^1.2.3 style versioning
  • Patch composer.json to adjust

User interface changes

n/a

API changes

n/a

Data model changes

n/a

Comments

alexpott created an issue. See original summary.

dawehner’s picture

Patch composer.json to adjust

Do we potential have to adapt our component composer.json files as well?

alexpott’s picture

Why not? Let's review the lot.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.0-beta1 was released on August 3, 2016, which means new developments and disruptive changes should now be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.0-alpha1 will be released the week of January 30, 2017, which means new developments and disruptive changes should now be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

geerlingguy’s picture

Decide if we want to adopt ^1.2.3 style versioning

Is this not yet decided? I'm in the 'yes' vote camp... it seems like a lot of Drupal/Composer solutions are already defaulting to that style now.

heddn’s picture

Issue tags: +Novice

+1
Is the next step to roll a patch? Tagging novice for that. Let's see what happens when we change to a carrot.

edgewl2’s picture

Status: Active » Needs review
FileSize
3.44 KB

Can you check this out? It really can be helpful.

Status: Needs review » Needs work

The last submitted patch, 8: prefer_carat_over_tilde-2769841-8.patch, failed testing.

heddn’s picture

After updating to tilde, we need to run composer update nothing, or something like that to update the lock file.

edgewl2’s picture

Status: Needs work » Needs review
FileSize
47.42 KB
43.93 KB

I think this patch has what it takes

edgewl2’s picture

Status: Needs review » Needs work
edgewl2’s picture

Status: Needs work » Needs review
FileSize
3.91 KB
433 bytes

Can you check this out?

AjitS’s picture

Issue summary: View changes
heddn’s picture

Status: Needs review » Reviewed & tested by the community

This does what is outlined in the IS, by switching to carat (^). Tests are passing. Looks good to me. I also did a quick check, we've got all the composer.json files updated.

Wim Leers’s picture

Title: Prefer carat over tilde in composer.json » Prefer caret over tilde in composer.json
Issue summary: View changes
alexpott’s picture

Status: Reviewed & tested by the community » Needs work
Issue tags: +Needs tests

I think this worth adding something to \Drupal\Tests\ComposerIntegrationTest to ensure the tilde does not make a return. It'd be simple to have a patch revert on of these changes and I think ensuring the caret is worth it.

heddn’s picture

Issue tags: -Novice

Removing the Novice tag as adding a test is less easy for a newcomer.

alexpott’s picture

Status: Needs work » Needs review
Issue tags: -Needs tests
FileSize
12.27 KB
8.37 KB

Testing all the composer.json we have.

heddn’s picture

Status: Needs review » Reviewed & tested by the community

I obviously missed a few composer.json files. Good thing for automated testing. But it seems we've caught all the changes now and we have tests.

alexpott’s picture

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 21: 2769841-21.patch, failed testing.

heddn’s picture

Status: Needs work » Reviewed & tested by the community

Seems like a random test failure. Back to RTBC.

Status: Reviewed & tested by the community » Needs work

The last submitted patch, 21: 2769841-21.patch, failed testing.

heddn’s picture

Status: Needs work » Reviewed & tested by the community

Unrelated test failure:

Drupal\KernelTests\Core\Theme\StableTemplateOverrideTest::testStableTemplateOverrides
PHPUnit_Framework_Exception: Segmentation fault (core dumped)