Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
recaptcha uses the packagist.drupal-composer.org semver shim, which causes problems with the new drupal.org Facade. See #2746737: Modules with invalid composer.json versions.
Proposed resolution
Change the version to "1.0.0-alpha1" or something that works based on the facade.
This should probably be done when packagist.drupal-composer.org is officially deprecated and not updating so that people's other builds don't break.
Comments
Comment #2
mradcliffeAttached patches:
1. The real patch, 2846861-recaptcha-use-do-composer-facade-2.patch, which I can use to patch recaptcha currently to use the facade, and should be applied going forward after everyone is off of packagist.drupal-composer.or.g.
2. A reverse patch for #1 for when patch #1 is committed and then people can reference it in case their build systems still use packagist.drupal-composer.org.
#2 will fail to apply. Hopefully I cancel the test in time.
Edit: screw trying to cancel a bajillion tests when they start. I'll just change the issue back to needs review.
Comment #4
hass CreditAttribution: hass commentedFailing patch, but how does composer know from the string "~1.0.0-alpha1" to install a D8 version and not a D7 version or D9?
Comment #5
mradcliffeThat one fail on the appropriate patch seems to be random. Retesting.
I don't know how the drupal.org facade works, but I believe it is based on which composer repository you're using.
https://packages.drupal.org/8 for 8, https://packages.drupal.org/7 for 7.
And probably https://packages.drupal.org/9 for 9 whenever that comes around.
Comment #6
mradcliffeYep, random test fail.
Comment #7
hass CreditAttribution: hass commentedAre you really sure this works properly? I have read https://getcomposer.org/doc/articles/versions.md and
~1.2.3
may is like>=1.2.3 <1.3.0
and this means "~1.0.0-alpha1" may only work for captcha>=1.0.0-alpha1 <1.1.0
and this is not what we need. The beta/alpha strings are not very well documented.And the version of captcha is
8.x-1.0-alpha1
. Why have you used~1.0.0
and not only~1.0-alpha1
?As I'm a newbie to composer I may be wrong, but this is how I read the documentation and I have zero expierence with this stuff and how to test it. Not the first time we changed the composer json.
Comment #8
MixologicThat is correct, you would be restricting yourselves to the 8.x-1.0-* version of captcha, and this would not allow the someday version of 8.x-1.1 version of captcha to work.
If you wish to accept any future version of captcha on the 8.x-1.x branch, then you would want to use *either*
~1.0-alpha1
Or^1.0.0-alpha1
The caret version of constraints are typically more useful for setting an 'exact version floor' where the tilde give you the flexibility to prevent upgrades to minor versions, but allow patch level upgrades (infrequently used, but could be considered the most conservative, safest option)
Since drupal.org does not *yet* support semantic version strings in contrib modules (the third patch level number), you can use the
~1.0-alpha1
form.Comment #9
Mixologicmradcliffe is correct. There are separate metadata repositories so that composer knows which major api to use.
Comment #10
hass CreditAttribution: hass commentedThanks. So the patch need to change.
Maybe good to write a drupal specific help page that explains the Drupal specific versioning.
As I know there are no plans for semantic versioning. But if we use "^1.0.0-alpha1" it is safe for whatever comes...
Comment #12
hass CreditAttribution: hass commented