-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds allow-plugins section to composer.json file for compatibility with Composer 2.2.x #34873
Adds allow-plugins section to composer.json file for compatibility with Composer 2.2.x #34873
Conversation
Hi @hostep. Thank you for your contribution
❗ Automated tests can be triggered manually with an appropriate comment:
You can find more information about the builds here ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review. For more details, review the Magento Contributor Guide documentation. 🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket. 🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
d242b33
to
14b5353
Compare
@magento run all tests @sidolov, I added P1 priority to this issue as it improves security for the composer. @xmav @fascinosum @andrewbess , can this PR be added to the platform health project to deliver it faster and include to Magento 2.4.4? |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@magento run Database Compare, Functional Tests B2B |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✔ Approved.
Failing tests look not related to changes from this PR.
Hi @ihor-sviziev, thank you for the review. |
@magento run Database Compare |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@andrewbess Could you please assist with PR to commerce ? |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello @hostep
Thank you for your contribution
Approved from my side ✔️
Also, I added required fixes for Magento2 EE
Hello @xmav The needed PR has been created |
@magento run all tests |
Hi @andrewbess, thank you for the review. |
@andrewbess: just for sake of moving this PR fowards I've implemented your suggestion. But some small remarks:
|
Hi @torhoehn, thank you for the review. |
@magento run all tests |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
4 similar comments
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved from my side
Pending delivery magento-commerce/magento2ce#7397
Hi @andrewbess, thank you for the review. |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
1 similar comment
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@magento run Functional Tests B2B |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
@magento run Functional Tests B2B |
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
Retested since there were updates as per above comments. Hence the result is below. ✔️ QA Passed Preconditions:
Manual testing scenario:
Before: ✖️ Used to get a warning à la: xxx contains a Composer plugin which is currently not in your allow-plugins config as shown in below screenshot After: ✔️ No warnings are noticed, installation takes place successfully. Since it is relevant to installation and no impact functionally, no additional regression testing is required as such. |
@magento give me 2.4-develop instance |
Hi @fiko. Thank you for your request. I'm working on Magento instance for you. |
Hi @fiko, here is your Magento Instance: https://0a96fbbf16f974d89b6ef39a0e9c6d7d.instances.magento-community.engineering |
Could you please backport this to Magento <2.4.4 releases, such as 2.4.3-p2? |
Description (*)
Composer 2.2 comes with a new security feature where you have to specify the plugins you trust in your
composer.json
file before they will be executed. At first the plugins will still get installed to ensure backwards compatibility, but according to the documentation around this new config option, this will change in July 2022 after which plugins will no longer be executed if they aren't specified in thecomposer.json
fileRelated Pull Requests
https://github.com/magento/partners-magento2ee/pull/675
Fixed Issues (if relevant)
Manual testing scenarios (*)
composer install
xxx contains a Composer plugin which is currently not in your allow-plugins config.
Questions or comments
The same changes should be made to the composer meta package that is used when you run
composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition
Ideally before every new Magento release, all composer plugins being used should be found and added to the
allow-plugins
section and plugins that are no longer part of core Magento should be removed from that section.@fascinosum
Would be great if this gets included in Magento 2.4.4 and 2.4.3-p2 and 2.3.7-p3 as it would be the only releases of Magento before July 2022
Contribution checklist (*)