mahara-contributors team mailing list archive

Thread
Date

[Bug 1959536] Re: Include composer.lock

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Kristina Hoeppner <1959536@xxxxxxxxxxxxxxxxxx>
Date: Sun, 06 Mar 2022 05:41:20 -0000
Reply-to: Bug 1959536 <1959536@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: mahara
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1959536

Title:
  Include composer.lock

Status in Mahara:
  Confirmed

Bug description:
  The composer.lock file should be committed to the repo.

  This stores a known state for the packages installed with it and
  allows for a `composer install` to be run rather than a `composer
  update`.  The `composer install` will only download and install the
  explicit versions the lock file specifies allowing the project to have
  a known trusted state.

  A Makefile target could be added to allow for a `composer update
  --dry-run` to check for updates to libraries we use as well. This
  would give an another signal for updates to these packages.

  The Makefile should be updated to use `composer install` in places it
  is currently using `composer update` as well.  This will speed up a
  lot of the targets we currently have.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1959536/+subscriptions

References

[Bug 1959536] [NEW] Include composer.lock
From: Gold, 2022-01-31