Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Split off from #3255749: Composer v2.2 prompts to authorize plugins
Problem/Motivation
I'm seeing the message
For additional security you should declare the allow-plugins config with a list of packages names that are allowed to run code. See https://getcomposer.org/allow-plugins
You have until July 2022 to add the setting. Composer will then switch the default behavior to disallow all plugins.
on all automated test branches of 9.3.x-dev
, 9.4.x-dev
and 10.0.x-dev
near the Drupal\Tests\Composer\Plugin\Scaffold\Functional\ManageGitIgnoreTest
test.
I hope the attached patch (which seems to apply on all mentioned branches) will prevent that message.
Steps to reproduce
Look at a full console output of any full test run on drupal CI environment mentioned above.
Proposed resolution
Add an "allow-plugins"
sub-section in the "config"
section of the appropriate composer.json
templates.
Remaining tasks
User interface changes
API changes
Data model changes
Release notes snippet
Comment | File | Size | Author |
---|---|---|---|
#3 | 3277025-test-only.patch | 1.5 KB | Spokje |
#3 | 3277025-3.patch | 2.26 KB | Spokje |
Comments
Comment #2
SpokjeComment #3
SpokjeComment #4
Spokje@The Powers That Be: The test-only patch was created by @longwave in #3255749-2: Composer v2.2 prompts to authorize plugins, please add credits
Comment #5
SpokjeComment #6
SpokjeComment #7
Wim LeersTest-only patch has this:
The changes in the test logic are AFAICT only to get clean output, i.e. a cleaner string to compare against than HEAD gets.
The fix makes sense.
I don't see why we wouldn't go ahead with this?
Comment #9
Spokjerandom JS test failure, back to RTBC.
Comment #11
alexpottCommitted and pushed 8b44468ec3 to 10.0.x and 73d0a0c117 to 9.5.x and d1721377e6 to 9.4.x. Thanks!
Backported to 9.4.x since it is a test only fix. Nice to this oddity resolved.
Crediting @longwave as per #4