Conversation
…rum major version Extensions with '*' or overly broad flarum/core constraints (e.g. '^1.0') pass Composer's resolver on 2.x but fail at runtime. Add a pre-install check via the Packagist p2 API before invoking Composer. - RequireExtensionHandler: fetch the package's latest stable release from repo.packagist.org/p2 and check its flarum/core constraint using Composer\Semver. Constraints satisfying both 1.x and 2.x (e.g. '*') are treated as too permissive and rejected. Fails open if Packagist is unreachable or the package has no stable releases. - ExtensionIncompatibleWithFlarumException: new KnownError with type 'extension_incompatible_with_instance' for a clean pre-Composer rejection. - errorHandler.ts: handle 'extension_incompatible_with_instance' directly, showing the existing incompatibility translation and closing the modal. - Unit tests: cover all constraint cases and fail-open scenarios using Guzzle's MockHandler — no real HTTP calls. Fixes #4408 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #4408
Summary
Extensions with
"flarum/core": "*"(or other overly broad constraints like"^1.0") pass Composer's resolver on 2.x — because*technically satisfies^2.0— but the extension code was written for 1.x and breaks at runtime.This adds a pre-install compatibility check via the Packagist p2 API before handing off to Composer:
repo.packagist.org/p2/{package}.jsonto get the latest stable release'scomposer.jsonmetadata.flarum/coreconstraint usingComposer\Semver:1.0.0and2.0.0(e.g.*,>=1.0) are treated as too permissive and rejected — an extension genuinely targeting 2.x would use^2.0.^1.0) are rejected.flarum/corerequirement, the install proceeds and Composer's own resolver is the final gate.The frontend already has a translation string for
extension_incompatible_with_instance; the error handler is updated to catch the newKnownErrortype and display it as an alert.Changes
RequireExtensionHandler— injectsGuzzleHttp\Client, runsassertFlarumCompatibility()before ComposerExtensionIncompatibleWithFlarumException— newKnownErrorwith typeextension_incompatible_with_instanceerrorHandler.ts— handlesextension_incompatible_with_instancedirectly (shows alert, closes modal)RequireExtensionCompatibilityTest— 11 unit tests usingGuzzleHttp\Handler\MockHandler, covering all constraint scenarios and fail-open casesTest plan
"flarum/core": "^1.0") → error alert appears immediately, Composer never runs"flarum/core": "*"→ same resultcomposer test:unit→ all 11 unit tests green🤖 Generated with Claude Code