I maintain a project in 2.3.5-p2 and for security reasons I want to use much more modern php version. An issue with that are that dependencies may use older signatures for the php core functions.
What is the reccomended approach to tackle it?
- Have a folder
patchesand place modified dependency files (originally from vendor) where will be copied back to./vendorfolder after composer install using at installer events. - Fork any breaking dependency patch it and replace in using composer replace: https://stackoverflow.com/a/18905069/4706711.
- commint
./vendorinto git and never do composer install. (Hard to swallow pill)
Upgrade is the best option but time consuming as well and my boss cannot afford the time.