Site templates should not pin dependencies. It's very bad practice and will result in sites built on these templates getting stuck on potentially insecure, or unsupported, dependencies with no way to update them except by altering composer.json.

We should add this as an explicit no-no in GET-STARTED.md, and enforce it with a smoke test.

Issue fork drupal_cms_site_template_base-3560910

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

phenaproxima created an issue. See original summary.

phenaproxima opened merge request !5

phenaproxima’s picture

phenaproxima
he/him
Primary language English
Location Massachusetts
commented
Status: Active » Fixed

Auto-merged into 1.x.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.