- Issue created by @JamesOakley
For a long time I've been ignoring a few packages that come back if I run composer outdated --direct, because I know I cannot use the more up to date version. One of those was composer/installers; I was being prompted that 2.2.0 existed instead of 1.12.0.
Then I found #3253059: Upgrade to composer/installers 2 → and discovered that, from Drupal 10 onwards, composer/installers:^2.0.0 is supported.
However, my composer.json dates back to Drupal 8, so contained a requirement of ^1.2.
Because that requirement for composer/installers is contained in my site's composer.json, not in the one for Drupal core or part of its scaffolding, I would have stayed on 1.x forever, had I not gone looking. There will be plenty of Drupal 10 sites, that started life as Drupal 8 or 9, with this. At present, this is not a problem, as there is nothing wrong with running an older version of composer/installers. But there could come a day when it becomes a problem, and the developers of those sites may not even realise that they are running an outdated version unnecessarily.
This didn't get into release notes, because it's an update to a dependency. The problem is that it's an update that would not be applied unless the developer does so manually.
This is a task not a bug report, so I'll phrase it as a question: Does something need to be done to draw developers of former D8 / D9 sites attention to the fact they can, and probably should, update their composer.json manually?
Active
10.2 ✨