- ๐บ๐ธUnited States effulgentsia
Security policies of the package
This is a dev dependency, should only be used in test code.Even for dev dependencies, we have a strong preference for there to at a minimum be a security policy to report security issues privately, which means including contact information for how to do that. https://github.com/colinodell/psr-testlogger#reporting-security-issues includes that. Given that and the other information in the issue summary and in #7, and my own review of the repo, I'm removing the "Needs framework manager review" tag, but this still needs release manager review as well.
The MR needs updating, so "Needs work" for that.
- ๐บ๐ธUnited States effulgentsia
Even for dev dependencies, we have a strong preference for there to at a minimum be a security policy to report security issues privately
I found out that that's actually up for discussion in ๐ [Policy] Dependency evaluation critera Active , but since this particular package already has it, this issue isn't blocked on that discussion.
- Status changed to Needs review
almost 2 years ago 7:19pm 9 March 2023 - ๐บ๐ธUnited States phenaproxima Massachusetts
Updated the merge request; back to review.
- Status changed to Needs work
almost 2 years ago 10:08am 10 March 2023 The Needs Review Queue Bot โ tested this issue. It fails the Drupal core commit checks. Therefore, this issue status is now "Needs work".
Apart from a re-roll or rebase, this issue may need more work to address feedback in the issue or MR comments. To progress an issue, incorporate this feedback as part of the process of updating the issue. This helps other contributors to know what is outstanding.
Consult the Drupal Contributor Guide โ to find step-by-step guides for working with issues.
- Status changed to Needs review
almost 2 years ago 1:18pm 10 March 2023 - ๐ฌ๐งUnited Kingdom catch
Added the dependency evaluation to the issue summary, including a link to the security policy https://github.com/colinodell/psr-testlogger#reporting-security-issues
- ๐บ๐ธUnited States phenaproxima Massachusetts
Opened ๐ Adopt TestLogger for testing logging Closed: won't fix .
- ๐ฌ๐งUnited Kingdom jonathanshaw Stroud, UK
In https://github.com/colinodell/psr-testlogger/pull/3 the maintainer is about to merge a PR of mine to mostly fix the issue raised by @wimleers in #9.
The solution the maintainer wants to use will alow us to make calls like
$this->assertTrue($logger->hasRecordThatContains('[name] => AAA 8.x-5.x', LogLevel::ERROR));
but not calls like
$this->assertTrue($logger->hasErrorThatContains('[name] => AAA 8.x-5.x'));
I think that's acceptable. In โจ Allow kernel tests to fail or expect logged errors Needs work (postponed on this) we explored adding a test trait with enhanced assertion DX anyway so the niceties of the syntax don't seem crucial.
- Status changed to RTBC
almost 2 years ago 2:24pm 13 March 2023 - ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
https://github.com/colinodell/psr-testlogger/pull/3 is not yet in but I +1'd it.
Given the tiny size and tight scope of this library, and a trivial future update for it, I think this is ready to go today.
- ๐ง๐ชBelgium wim leers Ghent ๐ง๐ช๐ช๐บ
I realized something obvious but simple last night (and that wasn't obvious to me before): we could easily write a single class similar to what https://github.com/colinodell/psr-testlogger/blob/main/src/TestLogger.php does for ourselves, and then that avoids adding one extra dependencyโฆ ๐ค๐
Curious what core committers think!
- ๐ฌ๐งUnited Kingdom catch
The biggest risk from adding third party PHP dev dependencies is having to wait for compatibility with new versions of its own dependencies or PHP.
If we exclude dev dependencies, then those are psr/log itself and PHP for this library.
https://github.com/colinodell/psr-testlogger/blob/main/composer.jsonSo there is a non-zero risk of that, probably a lot closer to zero than many of our other dependencies though.
For this one I think there is probably not much between the two options.
- ๐ฌ๐งUnited Kingdom longwave UK
For this one as @catch says I don't think there's much between the two options. If it turns out that the maintainer abandons this package and we need to modify it for a newer version of PHP or
psr/log
then we can always fork it and bring it into core; we have precedent for this withdoctrine/reflection
andsymfony-cmf/routing
, for example. - ๐ฌ๐งUnited Kingdom jonathanshaw Stroud, UK
https://github.com/colinodell/psr-testlogger/pull/3 landed, and a 1.2 was released. Probably we should update the pinned dependency in the MR to use that?
- Status changed to Needs work
almost 2 years ago 8:02pm 14 March 2023 - Status changed to RTBC
almost 2 years ago 1:18am 15 March 2023 - ๐บ๐ธUnited States phenaproxima Massachusetts
Bumped the requirement and updated.
Since no other changes took place, and the requisite reviews have been completed, I'm gonna restore RTBC here on the assumption that tests will pass.
- ๐บ๐ธUnited States dww
Heh, naughty-naughty. ๐
But I reviewed the bump commit, and it all looks fine to me. The one thing that caught my eye is this:
"require": { - "php": "^7.4 || ^8.0", + "php": "^8.0",
But if this going to stay in 10.1.x branch and not be backported, that's fine, since 10.1.x already requires PHP 8.1.
So yeah, RTBC++.
Thanks,
-Derekp.s. added a link to #3347306 in the summary under remaining tasks. The summary no longer needs any updates.
- ๐บ๐ธUnited States phenaproxima Massachusetts
But if this going to stay in 10.1.x branch and not be backported, that's fine, since 10.1.x already requires PHP 8.1.
It shouldn't be backported. This is being added to support the Package Manager module going into core as alpha experimental, which is targeted (hopefully) for 10.1.x.
- ๐บ๐ธUnited States dww
Agreed. It's a new dev dependency for new features. Not backportable. That's what I was trying to acknowledge/say. Sorry I wasn't clear.
- Status changed to Fixed
almost 2 years ago 3:00pm 16 March 2023 -
lauriii โ
committed 1b96488d on 10.1.x
Issue #3321905 by phenaproxima, Wim Leers, jonathanshaw, dww, catch,...
-
lauriii โ
committed 1b96488d on 10.1.x
Automatically closed - issue fixed for 2 weeks with no activity.
- Status changed to Fixed
over 1 year ago 10:03pm 27 April 2023 - ๐ฆ๐บAustralia larowlan ๐ฆ๐บ๐.au GMT+10
I wonder why we didn't consider using \Symfony\Component\Debug\BufferingLogger instead
Something from the symfony namespace feels nicer than a random github username.
- ๐ฆ๐บAustralia larowlan ๐ฆ๐บ๐.au GMT+10
Added ๐ Replace usages of colinodell/testlogger with BufferingLogger from symfony/error-handler, then remove dev dependency on testlogger Closed: won't fix to discuss removal