TCPDF
TCPDF copied to clipboard
Disappeared 6.7.x tags
Hi,
I just noticed that the only 6.7.x tag available in the repo is the latest 6.7.4. Packagist still knows 6.7.2 and 6.7.3 and is able to install those, but the tags are gone. Unfortunately that makes it impossible to compare the releases when upgrading. Would you be so kind to explain why the tags are no longer there?
Thank you!
I doubt there will be explanations from the author. The diffs where very weird, but the final diff looks okay. I imported it in Debian after reading it 3 times 😄 https://salsa.debian.org/phpmyadmin-team/tcpdf/-/commit/0d01530fd70f6697d1d2dcf305e27cf5c94968f8
The 6.6.5 Tag is gone as well, it's still in the changelog file but our builds were failing today since 6.6.5 seems to got removed for some reason.
I can confirm what @nevotheless stated. When looking for commit 5fce932fcee4371865314ab7f6c0d85423c5c7ce it cannot be found anymore.
The 6.6.5 tag has also disappeared, it's still in the changelog file but our builds failed today because 6.6.5 seems to have been removed for some reason.
Same here, I don't know what caused it. My app is totally offline because of this. How can i fix it
There was a force-push to the main branch a while ago, which made the 6.6.5 tag disappear. If you absolutely need the 6.6.5 code, you can get it from a fork, eg. https://github.com/d-javu/TCPDF The best would probably be to upgrade, unless you are using an ancient version of PHP. The minimum version is now 5.5 acccording to the CHANGELOG and composer.json
From what I see on my diff, the php version bump has no consequences (yet) https://salsa.debian.org/phpmyadmin-team/tcpdf/-/commit/0d01530fd70f6697d1d2dcf305e27cf5c94968f8
Since we are now in the age of supply-chain attacks, I've recovered the lost history and compared it to the released version to make sure nothing more sinister was going on here. To see the commits, take a look at my lost_commits branch: https://github.com/d-javu/TCPDF/tree/lost_commits
As you can see from the following diff, just the CHANGELOG.TXT has changed as compared to the current 6.7.4 tag. https://github.com/tecnickcom/TCPDF/compare/6.7.4..d-javu:TCPDF:lost_commits?expand=1
You certainly don't have to take my word for it, so here's how you can check for yourself:
git clone https://github.com/tecnickcom/TCPDF
cd TCPDF
git fetch origin f9fd21807cbb5d43ed62c685e2d6467515d31746
git branch lost_commits FETCH_HEAD
You should now have the lost commits, and be able to check the diff:
git diff lost_commits 6.7.4
@nicolaasuni The force push that was made has made a lot of people very angry and been widely regarded as a bad move. Please consider rescuing the lost commits, then cherry-picking the 4 additional commits that has been applied to the main branch, and force-pushing again. Maybe it will resolve the issues people are complaining about, and for sure it will help by not hiding the history, and making people suspicious.
If you absolutely need the 6.6.5 code, you can get it from a fork, eg. https://github.com/d-javu/TCPDF
I need the 6.6.5, it's the only version that worked with custom tags properly. All other versions don't work. But I can't get it by composer from the d-javu/TCPDF repo because of this:
Root composer.json requires tecnickcom/tcpdf 6.6.5, found tecnickcom/tcpdf[dev-lost_commits, dev-main, dev-fixes, 6.7.0, 6.7.1, 6.7.2, 6.7.3] but it does not match the constraint.
UPD:
Oh, I get it, 6.6.5 is under the "dev-main" tag. But it's better to have a dedicated tag for 6.6.5. And finally I got the custom tags working.
Oh, I get it, 6.6.5 is under the "dev-main" tag. But it's better to have a dedicated tag for 6.6.5. And finally I got the custom tags working.
I've now added the 6.6.5 tag on that commit, maybe it will help others.
Do you have, or can you make a minimal testcase for the issue you have with all other versions? Feel free to create a new issue, then maybe we can get it fixed.
Oh, I get it, 6.6.5 is under the "dev-main" tag. But it's better to have a dedicated tag for 6.6.5. And finally I got the custom tags working.
I've now added the 6.6.5 tag on that commit, maybe it will help others.
Do you have, or can you make a minimal testcase for the issue you have with all other versions? Feel free to create a new issue, then maybe we can get it fixed.
@d-javu did you push the tag? just came across this exact issue because the tags went missing
Edit: Just realized its a fork my bad.
@nicolaasuni as others have already stated please dont force push onto main branches after releases have already gone out. This is perfect example of potential supply chain attack by force pushing and retagging.