search

symfony / symfony

The Symfony PHP framework
https://symfony.com
MIT License
29.65k stars 9.43k forks source link

https://github.com/symfony/webpack-encore-pack has been deleted #48854

Closed mnapoli closed 1 year ago

mnapoli commented 1 year ago

Symfony version(s) affected

4.1

Description

https://github.com/symfony/webpack-encore-pack is gone, my Symfony 4.1 app no longer installs.

I understand this version is not maintained, but I don't understand at all the logic of removing the repository and the Packagist packages. Was there a huge security issue that required this drastic move?

How to reproduce

Visit https://github.com/symfony/webpack-encore-pack

Possible Solution

No response

Additional Context

No response

xabbuh commented 1 year ago

https://github.com/symfony/webpack-encore-bundle works for me

mnapoli commented 1 year ago

@xabbuh 🤦 my bad I wrote the new repo instead. I updated the issue, I'm talking about https://github.com/symfony/webpack-encore-pack

derrabus commented 1 year ago

Packs are meant to be unpacked by Flex. That means they should not be kept in your composer.json file.

fabpot commented 1 year ago

Packs are automatically unpacked nowadays, but that was not the case a few years ago. So, maybe that's an old project. You might want to update to the latest Flex version and unpack the packs.

wouterj commented 1 year ago

See also http://fabien.potencier.org/symfony4-unpack-the-packs.html and https://github.com/symfony/flex/pull/656

mnapoli commented 1 year ago

OK, thank you for providing an upgrade path 👍

What I'm worried about is the deletion of a packagist dependency and its repository. Was there a reason the repo was deleted? This ends up being a breaking change for older projects like mine (breaking not on a major upgrade I mean).

I know open-source resources are limited, I'm not trying to be annoying. It just feels weird knowing that parts of the Symfony ecosystem can disappear from GitHub and break existing projects. Maybe there's a specific reason here?

stof commented 1 year ago

Packs are unpacked since 5 years now, meaning that it has been 5 years that the repository is unnecessary during installs. As the pack was not necessary anymore (the encore alias was targetting the bundle since years as well), I guess a cleanup dropped the repository. Maybe a better move would have been to archive the repo instead of deleting it.

fabpot commented 1 year ago

I don't remember the specifics here, as deleting a repo is not something we're doing. Maybe @weaverryan remembers?