- Issue created by @holo96
- Status changed to Needs review
about 2 years ago 1:46pm 11 July 2023 - last update
about 2 years ago 1 pass - π«π·France tido Montpellier
Do you have any idea when this modification will be validated and packaged in a new version of the module?
For people who have automated tests in a CI, for example with
composer audit, the webmozart//path-util package appears as abandoned and so CIs often fail. - Status changed to RTBC
over 1 year ago 2:17pm 22 May 2024 - π©πͺGermany marcoliver Neuss, NRW, Germany
Any chance of this and https://www.drupal.org/i/3485647 β getting merged some time soon?
Because yes,
drush language:*is mostly a replacement for this module, but there is some convenience stuff in here that would be cool to keep! - First commit to issue fork.
- Merge request !2[#3366450] Switched from webmozart/path-util to symfony/filesystem β (Open) created by HitchShock
- π©πͺGermany jan kellermann
RTBC and please merge an release version.
When applying the patch into the composer.json will it still show the issue on composer audit?
I set the patch in composer.json and ran composer install, but the audit still shows the error.
- π©πͺGermany marcoliver Neuss, NRW, Germany
@watkinsj Unable to verify this right now, but AFAIK composer audit scans your composer.lock file for packages with known vulnerabilities and packages that depend on ones with known vulnerabilities.
Maybe take a look at your drush_language entry in the lock file and its dependencies. Or maybe audit knows that drush_language has inherited an issues from its dependency?
- π«π·France prudloff Lille
Patching composer.json does nothing because Composer reads the dependencies from the remote repository (when adding or updating a dependency) or from your composer.lock file (on subsequent installs), not from the patched composer.json file.