Created attachment 245324 [details] patch v1 Hi, I have an update for composer2. Tested it as usual and using it locally. This update contains a security update: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf BTW also composer 1.x should be updated, but I don't have an update patch for it, could you provide one? Thanks!
Can we simply update devel/php-composer to 2.x and remove devel/php-composer2?
Mhmm renaming the port entails some issues, also before removing a port it should be deprecated. But composer 1 is quite old and EOLed two years ago. I don't feel comfortable doing such a rename operation just before the quarterly branch. SO I'll do this, mark composer1 as forbidden due to being EOL with known vulnerabilities, and update composer2. Then, after the branch I will take a look at renaming the port. I'll leave this bug report open as a reminder.
Or maybe it's better to do that before the branch. I'll prepare a patch for moving it also in the while.
Aside from renaming the port (which I have no objections to), the patch looks good to me. If you want to submit a patch to do the rename, I'll look at that when it comes in.
Created attachment 245325 [details] Patch including update and port move Here is a patch updating the composer ports and removing the composer2 port. I added the required MOVED line, and also a note in UPDATING. Thanks!
Comment on attachment 245325 [details] Patch including update and port move Looks good to me.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8ed8145684356244c2a05ff696bf9f3bc9262a21 commit 8ed8145684356244c2a05ff696bf9f3bc9262a21 Author: Guido Falsi <madpilot@FreeBSD.org> AuthorDate: 2023-09-30 07:03:04 +0000 Commit: Guido Falsi <madpilot@FreeBSD.org> CommitDate: 2023-09-30 07:03:04 +0000 devel/php-composer: Update to 2.6.4 The main composer port contains old and long EOLed/deprecated version 1.x of the software. Move the devel/php-composer2 port over, dropping it, and update to latest version. Please check UPDATING entry 20230930, to correctly update use "pkg install phpXX-composer" (replacing XX with the PHP shorthand version you're using) PR: 274160 Approved by: Naram Qashat <cyberbotx@cyberbotx.com> (maintainer) Security: 33922b84-5f09-11ee-b63d-0897988a1c07 MOVED | 1 + UPDATING | 11 +++++++++ devel/Makefile | 1 - devel/php-composer/Makefile | 10 +++++--- devel/php-composer/distinfo | 6 ++--- devel/php-composer2/Makefile (gone) | 46 ------------------------------------ devel/php-composer2/distinfo (gone) | 3 --- devel/php-composer2/pkg-descr (gone) | 3 --- 8 files changed, 22 insertions(+), 59 deletions(-)
All committed. Thanks!