Composer: avoid writing a lock file #218
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jrfnl
requested changes
Apr 19, 2024
There was a problem hiding this comment.
Thanks @fredden for this PR! I agree this is a good change.
To allow for merging this PR, however, a small tweak need to be made to the securitycheck.yml workflow which relies on the composer.lock file.
I think an extra step needs to be added to the workflow, before the "compose install" step, to remove this key from the config. that should allow for the workflow to continue to work and be useful.
Potherca
approved these changes
May 3, 2024
|
Merging. The build failures against PHP 8.4 are unrelated to this PR and will be addressed separately via PR #219. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes
When working with this repository as a developer, we should be using the latest compatible packages. By writing a lock file for Composer, we may get into a state where we are "stuck" on an older version of a dependency. This change avoids such a situation by telling Composer to not write out a lock file in the project.