githubProvisioner introduces the use of composer.
Adding a New External Package
- Is the use of an external package really necessary? Balance the convenience of using a package against the increased maintenance (and potential increased security exposure) before deciding to proceed.
- Is the external package you want to use appropriately licensed? The package you want to use must be licensed with an Apache "Category A" open source license in order to be compatible with the Apache 2.0 license. If it is not, or if you aren't sure, you cannot use the package.
- Add the package to the source tree, depending on what type of package it is.
- Cake plugins generally go in
- Anything else generally goes in
$REGISTRY/NOTICEand be sure to comply with any notification requirements required by the package.
$REGISTRY/NOTICE. Minified versions typically do not include the license, just a reference to the license which is typically not actually compliant with the license itself.
- Update Version Dependencies.