I maintain a project in 2.3.5-p2
and for security reasons I want to use much more modern php version. An issue with that are that dependencies may use older signatures for the php core functions.
What is the reccomended approach to tackle it?
- Have a folder
patches
and place modified dependency files (originally from vendor) where will be copied back to./vendor
folder after composer install using at installer events. - Fork any breaking dependency patch it and replace in using composer replace: https://stackoverflow.com/a/18905069/4706711.
- commint
./vendor
into git and never do composer install. (Hard to swallow pill)
Upgrade is the best option but time consuming as well and my boss cannot afford the time.