Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Composer 2.2.1 was released 2021-12-22
https://getcomposer.org/changelog/2.2.1
https://github.com/composer/composer/releases/tag/2.2.1
After updating the composer in local or in an automated testing you will face the following issue
composer/installers contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "composer/installers" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
y - add package to allow-plugins in composer.json and let it run immediately
n - add package (as disallowed) to allow-plugins in composer.json to suppress further prompts
d - discard this, do not change composer.json and do not allow the plugin to run
? - print help
A question to trust will show up for each used composer plugin in Varbase
Do you trust "composer/installers" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
cweagans/composer-patches contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "cweagans/composer-patches" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
oomphinc/composer-installers-extender contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "oomphinc/composer-installers-extender" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
drupal/core-composer-scaffold contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "drupal/core-composer-scaffold" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
drupal/core-project-message contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "drupal/core-project-message" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
vardot/varbase-updater contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "vardot/varbase-updater" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
dealerdirect/phpcodesniffer-composer-installer (installed globally) contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
dealerdirect/phpcodesniffer-composer-installer (installed globally) contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "dealerdirect/phpcodesniffer-composer-installer" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] y
Proposed resolution
Adding allow-plugins
to Varbase and Varbase Project template
Not to block builds or updates.
"config": {
"bin-dir": "bin/",
"secure-http": false,
"optimize-autoloader": true,
"preferred-install": {
"drupal/core": "dist"
},
"allow-plugins": {
"composer/installers": true,
"cweagans/composer-patches": true,
"oomphinc/composer-installers-extender": true,
"drupal/core-composer-scaffold": true,
"drupal/core-project-message": true,
"vardot/varbase-updater": true
}
},
Remaining tasks
- ✅ File an issue about this project
- ✅ Addition/Change/Update/Fix to this project
- ✅ Testing to ensure no regression
- ✅ Automated unit/functional testing coverage
Varbase 9.1.x
Varbase 9.0.x
- ✅ Developer Documentation support on feature change/addition
- ➖ User Guide Documentation support on feature change/addition
- ➖ Update Release Notes and Update Helper on new feature change/addition
- ✅ Code review from 1 Varbase core team member
- ✅ Full testing and approval
- ✅ Credit contributors
- ✅ Review with the product owner
- ✅ Release varbase-9.0.4
Varbase update type:
- ✅ No Update
- ➖ Optional Update
- ➖ Forced Update
- ➖ Forced Update if Unchanged
User interface changes
- N/A
API changes
- N/A
Data model changes
- N/A
Comments
Comment #4
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #5
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #6
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #7
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #8
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #10
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #11
tresero CreditAttribution: tresero commentedWhere exactly would this go? I need to add this to several sites and I don't really understand your composer paths.
Thanks
Comment #12
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedThanks, Jon for following this issue.
This is the case if you had the composer updated to the latest version 2.2.1 and later versions.
1.
composer self-update
2. When doing a
composer update
orcomposer install
... all project will be faced with a question to trust any other composer pluginsExample:
By trusting in the console the final results will add
Mainly for all new projects using Varbase Project template
The Varbase team trusted the composer plugins by default which are listed in the
allow-plugins
Add composer allow-plugins to composer.json for Varbase and Varbase Project template to work with Composer 2.2.1 and later versions #124
So now the root composer.json file look as you can see in this link
https://github.com/Vardot/varbase-project/blob/9.0.x/composer.json#L51
Comment #13
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedWorking on #3257620: Release Varbase 9.0.4
Comment #14
mmjvb CreditAttribution: mmjvb as a volunteer commentedThe allow-plugins belongs to the config key. For existing projects you can `composer config allow-plugins true` to allow plugins like before. When upgrading your projects recommend whitelisting plugins, like done for Varbase. Newly introduced plugins need explicitly be allowed. Expect Composer to ask for it.
Comment #15
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedComment #16
tresero CreditAttribution: tresero commentedInteresting I have 4 varbase sites, they all ask to trust, and it's never written.
I run sudo for www-data which doesn't have a password which your upgrade script asks for (that's another issue). That may be the problem.
Comment #17
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commentedReleased Varbase 9.0.4
https://www.drupal.org/project/varbase/releases/9.0.4
Comment #18
thomaswalther CreditAttribution: thomaswalther commented# 14 worked for me. Thanks!
No warning after I entered:
composer config allow-plugins true
Comment #19
mmjvb CreditAttribution: mmjvb as a volunteer commentedYou might even consider doing that global. It allows your projects to opt in at the time they desire.
Comment #20
tresero CreditAttribution: tresero commentedThis still doesn't work. Not sure why. Composer is definitely a weird beast.
Here is my composer.json in web dir.
I still get
This happens every time on every Varbase site I have.
Ideas?
Thanks
Comment #21
Rajab Natshah CreditAttribution: Rajab Natshah at Vardot for Vardot commented