Drupal composer update12/3/2023 ![]() ![]() I understand that this is not always possible and using something like roave/security-advisories to tell you when there are known security issues in a package might help postponing it and giving some sense of security. ![]() Leaving it in will likely cause more work in the future when replacing it and might pose a security risk (if it is outdated and insecure). You should do the switch to the new dependency as early as possible. You will have to set them up before you do the change, so that you can see how their output differs and fix the new issues that come up. For updating a Drupal site using Composer: Update core via Composer Update modules and themes via Composer Once Composer is used to manage a single module, it also means that Composer needs to be used to manage and update Drupal core. ![]() Static code analysis tools might help as well. That means replacing the package should be as easy as changing the name in your composer.json and then do a composer update drupal/core-dev.įor packages where the answer is not as straightforward, you have to rely on automated/manual tests to see if everything still works. In your case webflo/drupal-core-require-dev only contains a composer.json and the required packages match with what the alternative drupal/core-dev provides. It might be that all you have to do is replace the package, because it was only a name change or having to modify your code as well. Abandoned packages will not receive updates, but composer will not be able to tell you how difficult it will be to transition to the recommended alternative. I think the best practice is quite clear from the message "you should avoid using it". ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |