New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add audit.abandoned warnings for abandoned packages #11639
Conversation
42d4312
to
a44d965
Compare
{ | ||
if ($abandoned === 'default' && $format !== self::FORMAT_SUMMARY) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
default
is not one of the values supported in the method signature for static analysis.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would define an extra constant ABANDONED_DEFAULT = 'default'
for now and switch it to ABANDONED_DEFAULT = self::ABANDONED_FAIL
in 2.7. Also this section needs a todo to remove the warning in 2.7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The point is default as a value will be gone in 2.7 so i rather keep it low profile. IMO it's fine as is
@@ -37,7 +38,7 @@ class Config | |||
'allow-plugins' => [], | |||
'use-parent-dir' => 'prompt', | |||
'preferred-install' => 'dist', | |||
'audit' => ['ignore' => []], | |||
'audit' => ['ignore' => [], 'abandoned' => 'default'], // TODO in 2.7 switch to ABANDONED_FAIL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Referencing Auditor::ABANDONED_DEFAULT
here automatically future-proofs the code.
Awesome quick work man 👍 |
a44d965
to
1b9f311
Compare
{ | ||
if ($abandoned === 'default' && $format !== self::FORMAT_SUMMARY) { | ||
$io->writeError('<warning>The new audit.abandoned setting (currently defaulting to "report" will default to "fail" in Composer 2.7, make sure to set it to "report" or "ignore" explicitly by then if you do not want this.</warning>'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this warning really always be output or only if an actual warning is output? Seems a bit much to force everyone to set this to a value to make the warning go away?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well if you run audit in CI you can also just ignore this warning.. my thinking was more that if it's hidden then you won't notice it unless you have abandoned packages. Then people will come complaining when 2.7 hits and they have an abandoned package in six months..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this really an issue? I highly doubt audit
is frequently used outside CI context, so it's not really a 'daily annoyance' or anything, and those that do consciously run audit
will be the kind of user happy with the verbose explanation.
Fixes #11623