Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Reporter:
Created:
19 Dec 2025 at 09:20 UTC
Updated:
10 Feb 2026 at 09:09 UTC
Jump to comment: Most recent
Comments
Comment #2
carlosmp commentedComment #3
vishal.kadamComment #4
avpadernoThank you for applying!
Please read Review process for security advisory coverage: What to expect for more details and Security advisory coverage application checklist to understand what reviewers look for. Tips for ensuring a smooth review gives some hints for a smoother review.
The important notes are the following.
To the reviewers
Please read How to review security advisory coverage applications, Application workflow, What to cover in an application review, and Tools to use for reviews.
The important notes are the following.
For new reviewers, I would also suggest to first read In which way the issue queue for coverage applications is different from other project queues.
Comment #5
vishal.kadam1.
masteris a wrong name for a branch and should be removed. Release branch names always end with the literal .x as described in Release branches.2. FILE: site_config.info.yml, modules/site_config_jsonapi/site_config_jsonapi.info.yml, modules/site_config_rest/site_config_rest.info.yml
package: CustomThis line is used by custom modules created for specific sites. It is not a package name used for projects hosted on drupal.org.
3. FILE: site_config.info.yml
core_version_requirement: ^9 || ^10 || ^11FILE: modules/site_config_jsonapi/site_config_jsonapi.info.yml, modules/site_config_rest/site_config_rest.info.yml
core_version_requirement: ^9 || ^10A new project should not declare itself compatible with a Drupal release that is no longer supported. No site should be using Drupal 8 nor Drupal 9, and people should not be encouraged to use those Drupal releases.
4. FILE: src/SiteConfigPluginBase.php, src/Service/SiteConfigService.php, modules/site_config_jsonapi/src/Resource/SiteConfigBaseResource.php
\Drupal::logger('site_config')->error($e->getMessage());The
$messageparameter passed to theLoggerInterfacemethods must be a literal string that uses placeholders. It's not a translatable string returned fromt()/$this->t(), a string concatenation, a value returned from a function/method, nor a variable containing an exception object.5. Fix the warnings/errors reported by PHP_CodeSniffer.
Note: I would suggest enabling GitLab CI for the project, follow the Drupal Association .gitlab-ci.yml template and fix the PHP_CodeSniffer errors/warnings it reports.
Comment #6
carlosmp commentedI have applied all the requested changes.
Comment #7
vishal.kadamRemember to change status, when the project is ready to be reviewed. In this queue, projects are only reviewed when the status is Needs review.
Comment #8
carlosmp commentedComment #9
carlosmp commentedThanks! I have just changed the status.
Comment #10
vishal.kadamRest seems fine to me.
Please wait for other reviewers and Project Moderator to take a look and if everything goes fine, you will get the role.
Comment #11
carlosmp commentedAny news?
Comment #12
bbu23Hi,
I don't have time to do a proper review now, but I did notice a few things:
- There's no
composer.jsonfile defined. See Add a composer.json file for more info.- You are providing a plugin using PHP Annotation, which is not recommended anymore. You should implement plugins as PHP Attributes instead of PHP Annotations as described in Attribute-based plugins.
- New modules, which are compatible with Drupal 10 and higher versions are expected to include type declarations in property definitions, and use property promotion. This should be applied to all class constructors.
- Use dependency injection for:
- Comments like "Get value." as function description for "getValue()" are not relevant.
The minimum core version will have to be increased after applying these changes.
Comment #13
carlosmp commentedI have applied all corrections:
- Add composer.json.
- Update README.md.
- Implement the plugin as PHP attributes.
- Use property promotion.
- Fix the dependency injection issue.
- Increase the minimum core version.
Comment #14
carlosmp commentedAny other issues?
Comment #15
avpadernoThank you for your contribution and for your patience with the review process!
I am going to update your account so you can opt into security advisory coverage any project you create, including the projects you already created.
These are some recommended readings to help you with maintainership:
You can find more contributors chatting on Slack or IRC in #drupal-contribute. So, come hang out and stay involved!
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank also all the reviewers for helping with these applications.
Comment #16
avpaderno