Use ProcessUtils::escapeArgument() instead of escapeshellarg() #446
Conversation
…() (nicolas-grekas) This PR was merged into the 1.1-dev branch. Discussion ---------- Use ProcessUtils::escapeArgument() instead of escapeshellarg() Commits ------- c4e6c02 Use ProcessUtils::escapeArgument() instead of escapeshellarg()
| @@ -15,7 +15,8 @@ | |||
| }, | |||
| "require-dev": { | |||
| "composer/composer": "^1.0.2", | |||
| "symfony/phpunit-bridge": "^3.4.19|^4.1.8" | |||
| "symfony/phpunit-bridge": "^3.4.19|^4.1.8", | |||
| "symfony/process": "^2.8" | |||
There was a problem hiding this comment.
shouldn't it be a non-dev requirement ? Otherwise, the method might be undefined at runtime.
There was a problem hiding this comment.
It cannot be a non-dev requirement because that would prevent using flex with symfony >=3 apps.
But flex always runs in a composer context where process 2.8 is always available.
There was a problem hiding this comment.
but that would break in case Composer updates that (composer itself is already compatible with different versions of symfony/process in case you don't force it to install deps for PHP 5.3)
There was a problem hiding this comment.
The composer.json of Composer has config.platform.php set to 5.3.9, so that only process 2.8 is ever installed. Its "require" is misleading.
There was a problem hiding this comment.
the composer.lock and the platform config only impact the root project (so the composer phar). I know of other projects bringing in composer as a dependency. And then, newer versions can be used.
There was a problem hiding this comment.
btw, composer also has its own version of escapeArgument precisely because it could not stop using it easily, while they wanted to add support for newer Symfony versions
There was a problem hiding this comment.
I missed that one, fixed in #447
No description provided.