Last dev-php/* EAPI=6 packages, and reverse dependencies of them. composer has active security vulnerabilities. Others are waiting for version bumps, and unbundling of dependencies. package list: dev-php/composer dev-php/phpDocumentor dev-php/phpcov dev-php/phpdepend dev-php/phpdocumentor-reflection-common dev-php/phpdocumentor-reflection-docblock dev-php/phpdocumentor-type-resolver dev-php/stringparser_bbcode dev-php/symfony-config dev-php/symfony-console dev-php/symfony-dependency-injection dev-php/symfony-event-dispatcher dev-php/symfony-yaml
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cc0f51b2fcd7e652b8990021c7ca69de80499fc commit 6cc0f51b2fcd7e652b8990021c7ca69de80499fc Author: Arthur Zamarin <arthurzam@gentoo.org> AuthorDate: 2024-06-21 17:21:26 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2024-06-21 17:21:26 +0000 profiles: last-rite last EAPI=6 dev-php/* Bug: https://bugs.gentoo.org/934666 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> profiles/package.mask | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
dev-php/composer and other masked packages are needed for Magento 2 setup. What should I do once removed from the repository? Please advise.
@victor: There is an updated and curated version of composer and some other php related packages in https://github.com/gentoo-php-overlay/php-overlay
(In reply to Victor Costache from comment #2) > dev-php/composer and other masked packages are needed for Magento 2 setup. > What should I do once removed from the repository? Please advise. Maintain it in ::gentoo?
Is there any plan to return these packages to the Gentoo official repository anytime soon, or should I use an overlay or maintain them myself (local repository)? I think I am not the only one using Gentoo for Magento.
If someone's willing to proxy-maintain it in ::gentoo, it can come back (but nobody's done that until now).