Closed nicolas-grekas closed 1 year ago
Thanks for the PR 😍
Define the SYMFONY_ENDPOINT
environment variable:
# On Unix-like (BSD, Linux and macOS)
export SYMFONY_ENDPOINT=https://raw.githubusercontent.com/symfony/recipes/flex/pull-1234/index.json
# On Windows
SET SYMFONY_ENDPOINT=https://raw.githubusercontent.com/symfony/recipes/flex/pull-1234/index.json
Install the package(s) related to this recipe:
composer req 'symfony/flex:^1.16'
composer req 'symfony/security-bundle:^6.4'
Don't forget to unset the SYMFONY_ENDPOINT
environment variable when done:
# On Unix-like (BSD, Linux and macOS)
unset SYMFONY_ENDPOINT
# On Windows
SET SYMFONY_ENDPOINT=
In order to help with the review stage, I'm in charge of computing the diff between the various versions of patched recipes. I'm going keep this comment up to date with any updates of the attached patch.
As discussed in https://github.com/symfony/symfony/pull/51380 and privately I'm rather 👎 for this PR as it hides an important part of Symfony's security. The syntax and meaning of the { type : alg }
mapping are hard to guess and, in addition to the doc link that is removed by this patch, it provides a lot of information about how password hashing works in Symfony.
Needs https://github.com/symfony/symfony/pull/51380