Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disappeared 6.7.x tags #710

Open
umulmrum opened this issue Apr 12, 2024 · 10 comments
Open

Disappeared 6.7.x tags #710

umulmrum opened this issue Apr 12, 2024 · 10 comments

Comments

@umulmrum
Copy link

Hi,

I just noticed that the only 6.7.x tag available in the repo is the latest 6.7.4. Packagist still knows 6.7.2 and 6.7.3 and is able to install those, but the tags are gone. Unfortunately that makes it impossible to compare the releases when upgrading. Would you be so kind to explain why the tags are no longer there?

Thank you!
@williamdes
Copy link
Contributor

I doubt there will be explanations from the author.
The diffs where very weird, but the final diff looks okay. I imported it in Debian after reading it 3 times 😄
https://salsa.debian.org/phpmyadmin-team/tcpdf/-/commit/0d01530fd70f6697d1d2dcf305e27cf5c94968f8

@nevotheless
Copy link

The 6.6.5 Tag is gone as well, it's still in the changelog file but our builds were failing today since 6.6.5 seems to got removed for some reason.

@wotta
Copy link

wotta commented Apr 22, 2024

I can confirm what @nevotheless stated. When looking for commit 5fce932 it cannot be found anymore.

@dimtrovich
Copy link

The 6.6.5 tag has also disappeared, it's still in the changelog file but our builds failed today because 6.6.5 seems to have been removed for some reason.

Same here, I don't know what caused it. My app is totally offline because of this. How can i fix it

@d-javu
Copy link

d-javu commented Apr 23, 2024

There was a force-push to the main branch a while ago, which made the 6.6.5 tag disappear.
If you absolutely need the 6.6.5 code, you can get it from a fork, eg. https://github.com/d-javu/TCPDF
The best would probably be to upgrade, unless you are using an ancient version of PHP.
The minimum version is now 5.5 acccording to the CHANGELOG and composer.json

@williamdes
Copy link
Contributor

From what I see on my diff, the php version bump has no consequences (yet) https://salsa.debian.org/phpmyadmin-team/tcpdf/-/commit/0d01530fd70f6697d1d2dcf305e27cf5c94968f8

@d-javu
Copy link

d-javu commented Apr 23, 2024

Since we are now in the age of supply-chain attacks, I've recovered the lost history and compared it to the released version to make sure nothing more sinister was going on here. To see the commits, take a look at my lost_commits branch: https://github.com/d-javu/TCPDF/tree/lost_commits

As you can see from the following diff, just the CHANGELOG.TXT has changed as compared to the current 6.7.4 tag.
https://github.com/tecnickcom/TCPDF/compare/6.7.4..d-javu:TCPDF:lost_commits?expand=1

You certainly don't have to take my word for it, so here's how you can check for yourself:

git clone https://github.com/tecnickcom/TCPDF
cd TCPDF
git fetch origin f9fd21807cbb5d43ed62c685e2d6467515d31746
git branch lost_commits FETCH_HEAD

You should now have the lost commits, and be able to check the diff:

git diff lost_commits 6.7.4

@nicolaasuni The force push that was made has made a lot of people very angry and been widely regarded as a bad move. Please consider rescuing the lost commits, then cherry-picking the 4 additional commits that has been applied to the main branch, and force-pushing again. Maybe it will resolve the issues people are complaining about, and for sure it will help by not hiding the history, and making people suspicious.

@jekuaitk jekuaitk mentioned this issue Apr 24, 2024
Closed
@AlexGnatko
Copy link

AlexGnatko commented Apr 25, 2024
edited

If you absolutely need the 6.6.5 code, you can get it from a fork, eg. https://github.com/d-javu/TCPDF

I need the 6.6.5, it's the only version that worked with custom tags properly. All other versions don't work.
But I can't get it by composer from the d-javu/TCPDF repo because of this:

Root composer.json requires tecnickcom/tcpdf 6.6.5, found tecnickcom/tcpdf[dev-lost_commits, dev-main, dev-fixes, 6.7.0, 6.7.1, 6.7.2, 6.7.3] but it does not match the constraint.

UPD:

Oh, I get it, 6.6.5 is under the "dev-main" tag. But it's better to have a dedicated tag for 6.6.5. And finally I got the custom tags working.

@d-javu
Copy link

d-javu commented Apr 25, 2024

Oh, I get it, 6.6.5 is under the "dev-main" tag. But it's better to have a dedicated tag for 6.6.5. And finally I got the custom tags working.

I've now added the 6.6.5 tag on that commit, maybe it will help others.

Do you have, or can you make a minimal testcase for the issue you have with all other versions?
Feel free to create a new issue, then maybe we can get it fixed.

@jekuaitk jekuaitk mentioned this issue Apr 25, 2024
Open
@matthiasPOE
Copy link

matthiasPOE commented May 3, 2024
edited

Oh, I get it, 6.6.5 is under the "dev-main" tag. But it's better to have a dedicated tag for 6.6.5. And finally I got the custom tags working.

I've now added the 6.6.5 tag on that commit, maybe it will help others.

Do you have, or can you make a minimal testcase for the issue you have with all other versions? Feel free to create a new issue, then maybe we can get it fixed.

@d-javu did you push the tag? just came across this exact issue because the tags went missing

Edit: Just realized its a fork my bad.

@nicolaasuni as others have already stated please dont force push onto main branches after releases have already gone out. This is perfect example of potential supply chain attack by force pushing and retagging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@nevotheless @umulmrum @williamdes @AlexGnatko @wotta @dimtrovich @d-javu @matthiasPOE