Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect version for specific plugin #517

Open
strarsis opened this issue Feb 28, 2024 · 3 comments
Open

Incorrect version for specific plugin #517

strarsis opened this issue Feb 28, 2024 · 3 comments
Labels
upstream-packaging Issues that are due to WordPress.org or Subversion packaging errors

Comments

@strarsis
Copy link

strarsis commented Feb 28, 2024
edited
Loading

The bbPress Notify (No-Spam) plugin has 2.18.2 as current version (at time of writing).
On wpackagist its latest version is listed with 2.27.7.
When updating to that version, the installed plugin is listed with version 2.17.7 instead.
@NoelLH
Copy link
Contributor

NoelLH commented Mar 4, 2024

It looks like something has been done inconsistently at package level such that Subversion and the package database don't match. On the WordPress plugin page itself you can see the phantom version in the dropdown at the bottom: https://wordpress.org/plugins/bbpress-notify-nospam/advanced/

@NoelLH NoelLH added the upstream-packaging Issues that are due to WordPress.org or Subversion packaging errors label Mar 4, 2024
@strarsis
Copy link
Author

strarsis commented Mar 4, 2024
edited
Loading

@NoelLH: Thanks for investigating this! This kind of issue occurred with other plugins, too: Some higher version that is not even listed on the plugin directory page. Is this then a bug of WordPress plugin directory, that it should enforce those version tags more?

ISimilar issue with WooCommerce plugin: https://discourse.roots.io/t/403-error-in-wordpress-woocommerce-admin-with-multiple-sites-rest-cookie-invalid-nonce-cookie-check-failed-api-fetch-wp-json/26524/5?u=strarsis)

@NoelLH
Copy link
Contributor

NoelLH commented Mar 13, 2024

@NoelLH: Thanks for investigating this! This kind of issue occurred with other plugins, too: Some higher version that is not even listed on the plugin directory page. Is this then a bug of WordPress plugin directory, that it should enforce those version tags more?

ISimilar issue with WooCommerce plugin: https://discourse.roots.io/t/403-error-in-wordpress-woocommerce-admin-with-multiple-sites-rest-cookie-invalid-nonce-cookie-check-failed-api-fetch-wp-json/26524/5?u=strarsis)

I think they would probably categorise it as a design limitation, since code probably has to get to the Subversion (svn) server before it can be considered for having metadata added to the package releases database. But it certainly results in a buggy situation if a version is partially pulled in this way without being taken off svn.

I don't know what a fix would look like that doesn't break backwards compatibility on the WordPress side.

Similarly, I think Wpackagist is in a tricky spot when things like this happen. If it aggressively removed versions that are still in svn but aren't [any more] formally listed release versions, then that could create avoidable breaks for anyone who already updated and has the removed version in their lockfile. There's an argument that it's better to break on install than to allow installing disavowed versions, but it would represent a big change in behaviour and could stop Wpackagist being suitable for certain deployment strategies that use Composer lockfiles but not completely built artefacts with WP packages baked in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
upstream-packaging Issues that are due to WordPress.org or Subversion packaging errors
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@NoelLH @strarsis