Add audit.abandoned warnings for abandoned packages #11639
Conversation
Seldaek
force-pushed
the
audit_abandoned
branch
from
42d4312
to
a44d965
Compare
| { | ||
| if ($abandoned === 'default' && $format !== self::FORMAT_SUMMARY) { |
There was a problem hiding this comment.
default is not one of the values supported in the method signature for static analysis.
There was a problem hiding this comment.
I would define an extra constant ABANDONED_DEFAULT = 'default' for now and switch it to ABANDONED_DEFAULT = self::ABANDONED_FAIL in 2.7. Also this section needs a todo to remove the warning in 2.7
There was a problem hiding this comment.
The point is default as a value will be gone in 2.7 so i rather keep it low profile. IMO it's fine as is
| @@ -37,7 +38,7 @@ class Config | |||
| 'allow-plugins' => [], | |||
| 'use-parent-dir' => 'prompt', | |||
| 'preferred-install' => 'dist', | |||
| 'audit' => ['ignore' => []], | |||
| 'audit' => ['ignore' => [], 'abandoned' => 'default'], // TODO in 2.7 switch to ABANDONED_FAIL | |||
There was a problem hiding this comment.
Referencing Auditor::ABANDONED_DEFAULT here automatically future-proofs the code.
|
Awesome quick work man 👍 |
Seldaek
force-pushed
the
audit_abandoned
branch
from
a44d965
to
1b9f311
Compare
| { | ||
| if ($abandoned === 'default' && $format !== self::FORMAT_SUMMARY) { | ||
| $io->writeError('<warning>The new audit.abandoned setting (currently defaulting to "report" will default to "fail" in Composer 2.7, make sure to set it to "report" or "ignore" explicitly by then if you do not want this.</warning>'); |
There was a problem hiding this comment.
Should this warning really always be output or only if an actual warning is output? Seems a bit much to force everyone to set this to a value to make the warning go away?
There was a problem hiding this comment.
Well if you run audit in CI you can also just ignore this warning.. my thinking was more that if it's hidden then you won't notice it unless you have abandoned packages. Then people will come complaining when 2.7 hits and they have an abandoned package in six months..
There was a problem hiding this comment.
Is this really an issue? I highly doubt audit is frequently used outside CI context, so it's not really a 'daily annoyance' or anything, and those that do consciously run audit will be the kind of user happy with the verbose explanation.
Fixes #11623