Make generating PATCHES.txt conditional #140
Comments
|
Good points. I'm more than happy to put this in 2.x. 1.x might be okay depending on the impact, but it would have to be a really small thing. |
|
This is on the 2.0.0 roadmap (see #93). |
|
Patch report generation has been removed in master. I don't plan to add it back in unless people feel very strongly about it, and only as an optional thing at that point. This functionality will be replaced by a |
donquixote
pushed a commit
to donquixote/composer-patches
that referenced
this issue
Mar 15, 2019
This is a backport of pull request cweagans#213 for issue cweagans#140. The two commits from cweagans#213 have been squashed into one.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Composer patches generates a PATCHES.txt file with info about the applied patch. In my view this info duplicates the patches section in composer.json which also documents the applied patches.
Further, having a PATCHES.txt may be a security vulnerability. I use composer-patches in a Drupal project, where the PATCHES.txt is web accessible. This exposes information about applied patches which I do not want to share.
I would like to see an option to disable generating the PATCHES.txt file.
Without this option, I have these work-arounds:
The text was updated successfully, but these errors were encountered: