Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
15 Sep 2025 at 16:20 UTC
Updated:
9 Oct 2025 at 19:09 UTC
Jump to comment: Most recent
Comments
Comment #2
platypus media commentedComment #3
vishal.kadamComment #4
platypus media commentedMy apologies if this is an inappropriate question to ask, but how long does this process normally take? Days? Weeks? Longer? This is my first contrib module, so I'm a little overzealous.
Comment #5
rushikesh raval commentedThank you for applying!
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
The important notes are the following.
To the reviewers
Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.
The important notes are the following.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.
Comment #6
avpadernoComment #7
avpadernosrc/Controller/AgeGateController.php
Since that class does not use methods from the parent class, it does not need to use
ControllerBaseas parent class. Controllers do not need to have a parent class; as long as they implement\Drupal\Core\DependencyInjection\ContainerInjectionInterface, they are fine.src/Form/AgeGateSettingsForm.php
ConfigFormBase::__construct()needs to be called. Since its parameters changed in Drupal 10.2, the project cannot be compatible with all the Drupal 10 releases and Drupal 11; it needs to require at least Drupal 10.2.With Drupal 10 and Drupal 11, there is no longer need to use
#default_valuefor each form element, when the parent class isConfigFormBase: It is sufficient to use#config_target, as in the following code.Using that code, it is no longer needed to save the configuration values in the form submission handler: The parent class will take care of that.
vendor
The vendor directory is never committed in contributed projects.
simpleavs.module
For a new module that aims to be compatible with Drupal 10 and Drupal 11, I would rather implement hooks as class methods as described in Support for object oriented hook implementations using autowired services.
It would require increasing the minimum Drupal 10 version supported, but Drupal 10.1 is no longer supported.
The @file tag has been added twice. Only one is necessary, and it must be right after
<?php.Furthermore, the usual description is Hook implementations for the [module name] module. where [module name] is the module name reported in the .info.yml file.
The documentation comments for functions that are not hook implementations include the description of the parameters and the return value.
Some lines are not following the Drupal coding standards. For example, in the following code, the
=>characters do not need to be vertically aligned.Similarly, in the following lines, the assignment operator does not need to be vertically aligned.
Comment #8
platypus media commentedI made the updates requested and pushed the new copy
Comment #9
platypus media commentedComment #10
vishal.kadam1.
devanddeveare wrong names for a branch and should be removed. Release branch names always end with the literal .x as described in Release branches.2. Fix phpcs issues.
Note: I would suggest enabling GitLab CI for the project, follow the Drupal Association .gitlab-ci.yml template and fix the PHP_CodeSniffer errors/warnings it reports.
Comment #11
platypus media commentedExtraneous branches removed and phpcs issues resolved.
Comment #12
vishal.kadamA few points are still pending: one from comment #7 and another from comment #10.
The vendor directory is still present in the codebase, and not all PHPCS errors have been resolved.
Comment #13
platypus media commentedRemoved stray vendor/ directory, normalized EOF newlines in SECURITY.md and phpcs.yml. PHPCS runs clean locally with Drupal + DrupalPractice standards.
Comment #14
vishal.kadamRest looks good to me.
Please wait for a Project Moderator to take a look and if everything goes fine, you will get the role.
Comment #15
platypus media commentedAwesome. Thank you so much for all the help you've been. Just for clarification, should it be set to "reviewed and tested" status at this point so the moderators know that it's ready for their final review?
Comment #16
vishal.kadamComment #17
avpadernoThank you for your contribution and for your patience with the review process!
I am going to update your account so you can opt into security advisory coverage any project you create, including the projects you already created.
These are some recommended readings to help you with maintainership:
You can find more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank also all the reviewers for helping with these applications.
Comment #19
avpaderno