Repo jacking protection and cleanups #1411
Conversation
…cked repos from updating further
composer.lockPackage changes
Dev Package changes
Settings · Docs · Powered by Private Packagist |
| @@ -33,6 +33,13 @@ | |||
| use Composer\Util\HttpDownloader; | |||
| use DateTimeInterface; | |||
|
|
|||
| enum PackageFreezeReason: string | |||
There was a problem hiding this comment.
why defining it inline instead of making it autoloadable ?
There was a problem hiding this comment.
Because it belongs together with the class, and is much more readable to me than having tiny enum files lingering around, and there is no reason to use it without package instance, so the package class will be loaded when you need it.
|
|
||
| public function translationKey(): string | ||
| { | ||
| return 'freezing_reasons.' . $this->value; |
There was a problem hiding this comment.
if you want to make those translations extractable, a solution would be to make a method returning a TranslatableMessage object (that you would still use in Twig by passing it to the trans filter), using a match() statement instead of concatenation (as dynamic keys cannot be extracted by the tooling)
There was a problem hiding this comment.
Thanks that's good to know but I don't really care about extractability here.
| </div> | ||
| {% if package.isFrozen() %} |
There was a problem hiding this comment.
should this be displayed only for package maintainers and admins (as done right now by being inside the {% if has_actions %}) or to all users ?
There was a problem hiding this comment.
Maybe we should open it to everyone, I don't expect this to be too frequent anyway.. And it'd be valuable to see the warning for the gone packages.
Replaces #1402