Closed NielsLinde closed 4 months ago
gennadigennadigennadi
commented
4 months ago Just stay on the shim version for now. With shim being abandoned it does not change the usability of the shim version. Nothing changed for the shim but the archive/abandoned state.
The documentation v2 is not ready for the next release, yet. Hence the alpha version.
NielsLinde
commented
4 months ago We have a policy in place to don't allow abandoned packages but will try to find a workaround then.
Thank you for your quick reply!
vudaltsov
commented
4 months ago Nothing changed for the shim but the archive/abandoned state
@gennadigennadigennadi , well, smth changed. composer audit command reports abandoned packages as possible vulnerabilities. It broke our pipeline and we had to switch to config.audit.abandoned = "report" just because of this.
vudaltsov
commented
4 months ago I would consider removing the "abandoned" status until you introduce a new way to install Deptrac.
NielsLinde
commented
3 months ago @gennadigennadigennadi I agree with the latest reply. This is impossible to fix in our projects and security templates.
We cannot use qossmic/deptrac yet and cannot use qossmic/deptrac-shim because of the abandoned state
gennadigennadigennadi
commented
3 months ago Could you check again? I unabandoned the shim for packagist.
NielsLinde
commented
3 months ago For me it is working now. Big thanks!
With abandoned deptrac-shim we have a problem with installing deptrac. We're using composer to achive this but i'm unable to achieve this.
Version 1.0.2 The readme is still referring to 'qossmic/deptrac-shim' and the bin/deptrac is missing
Version 2.0.0-alpha The readme is still referring to 'qossmic/deptrac-shim' but does have bin/deptrac But using a alpha version and a major upgrade is not what we prefer at the moment