"available updates" & "no longer supprted"

Hello FarmOS users,
does anyone else have these messages that are consistently there, and seemingly unable to fix?

I think my post history will confirm that updates are always an issue for me. The worst thing to do to farmOS, is to install extensions it seems. If Drupal is ahead, but FarmOS is not released yet, I assume we can’t fix the updates message (hopefully without risks).

The modules being out of date is another thing.
I had to disable calender to get that one to hush, which is a pain because I need Calendar.
The one that is currently pestering me is Entity Browser being out of date, which I can’t update because it relies on a specific Drupal version which my FarmOS version is not at yet.

Is it just my installation, and if not, how did you all fix it? Can we ignore it, safely?

I assume these are all just warnings?

For the most part it’s likely there will always be some in any open source projects dependent on libraries/ plugins from other open source projects. FarmOS will always be behind Drupal for instance but I’m sure the team here are quicker to act on security issues, compared to items just marked depreciated for other reasons. Some times we just have to wait for updates from the other library/project maintainers which is not just farmOS and Drupal but the individual module maintainers.

Thanks Ed
Warnings yes.
No problems waiting at all, and I understand and appreciate.
I wanted to make sure that it’s not just my installation that is suffering from this. Assuming everyone beta3 should see the same warnings. I helped some folks getting on to FarmOS recently, and can convey this information to them as well (since they were also curious/concerned).

Hi @marlonv - Here is a screenshot of /admin/reports/updates on a farmOS 3.0.0-beta3 site right now:

Screenshot 2023-12-29 at 06-26-04 Available updates Test3x1366×5113 286 KB

Is that what yours looks like?

I’m curious what you are referring to with “no longer supported” in this forum topic’s subject. None of the modules that are enabled in the screenshot above are flagged that way. What are you seeing?

For context, farmOS 3.0.0-beta3 was released about a month ago (November 27th). Since then, Drupal core and a few contrib modules have released new versions (Entity Browser was the first on Dec 11th). None of these are “security” updates - which means they are only adding features or fixing bugs. We are overdue for a 3.0.0-beta4 release (or maybe even 3.0.0)… but what with the holidays and all… I will most likely tag it soon after the New Year!

In general, though, you don’t need to worry about ones that just say “Update available”. Security updates are more important, and I try to put out releases more quickly when those show up. Even in those cases, though, you usually don’t need to worry. Drupal is usually used in public-facing websites, which have a larger attack surface for vulnerabilities. farmOS is often immune to most security vulnerabilities simply because it is private (requires a login, which generally means only “trusted” users are allowed). If a security update is critical, however, I usually make a release the same day that I learn about it.

Worth noting, the “updates available” message that appears at the top of pages is only displayed to the “admin” user (or any user with the permission to see it, which we do not grant to Manager/Worker/Viewer roles). It is best practice to not use “admin” as your main login, so if the message is concerning/distracting you can create a Manager/Worker (or custom) user and it won’t show up.

Also worth noting: if you are managing your farmOS deployment with Composer, you have the ability to update most of the modules yourself via composer update. There are some, however, that farmOS “pins” to specific versions. Those will not be updated by a composer update until farmOS updates them upstream. This includes Drupal core (currently pinned to 10.1.6), Entity Browser (pinned to 2.9), and a handful of others. The reason we pin these is because we are applying patches to them to fix outstanding bugs that we are waiting to be fixed officially upstream. If we did not pin them, and a new release causes the patch to conflict, it would break everyone’s ability to install/update farmOS via Composer.

I had to disable calender to get that one to hush, which is a pain because I need Calendar.

I need to refresh on the what the issue was you encountered originally, but I wanted to point out that Calendar does work with 3.0.0-beta3. You can see that I have it enabled in the screenshot above. Let’s circle back and get it working for you again!

Hi Mike
Thank you for the detailed reply. Feeling better.
To clarify, the folks I got on to FarmOS are admins of their own installs/farms, not on mine. They have similar messages, is what I meant

For now, it’s just calender that I cannot update, but will try investigate what’s going on (perhaps permissions that I messed up during the last backup recovery).
The rest of the items are similar to yours.

Thanks again for bringing light to this. I was mostly concerned about sec, and if I broke my own installs by bringing them out of sync somehow.

Your work on FarmOS is greatly appreciated.

@marlonv Sure thing! This feels like it would be a good thing to describe in a “Frequently Asked Questions” on farmOS.org somewhere. We had a FAQ on the old website, but never recreated it for farmOS v2+. That would be a great opportunity for beginner contributors to organize! I’d be happy to suggest (and answer) some of them!

Can you remind me what issue you experienced originally? I remember working with you on it, but now I can’t find it in the forum (maybe it was in chat?)

Just a guess but are you pinning your farm_calendar package to an old version, perhaps? Only version 1.1+ supports farmOS v3: https://www.drupal.org/project/farm_calendar/releases

Also for reference (and anyone else who finds this thread and is curious), you can see which packages farmOS patches in the composer.json file’s extras.patches section: farmOS/composer.json at 3.x · farmOS/farmOS · GitHub

You’ll notice that all packages that are patched have a fixed (pinned) version in the require section. All other packages have a more flexible version constraint. eg: ^2.0 where the caret ^ means greater than or equal to (essentially… Versions and constraints - Composer).

Thank you for the info on packages/patches, that is great.
Don’t worry about the Calendar issue. I know i broke it, if you know your side is clear. Also, I see that it’s been updated. I disabled it prior to a backup restore, and forced a version to get it to work while it was being updated. Problem is more than likely a pinning thing I need to reset, or permission issue.

The previous problem you’re thinking of, was unrelated to this one (and it was about calender not wanting to upgrade because it was installed through the UI).

Gotcha! Thanks for clarifying, in case anyone else finds this thread.

Lemme know if you get stuck on the Calendar update/install!

@marlonv FYI farmOS 3.0.0 includes the latest version of Drupal core and Entity Browser. So everything is “in the green” right now.