Composer Dependencies Revamp has side effects on upgraders. The problem is that all files in vendor/ should be deleted because they now live in vendor_bundled. Please see Description of various vendor folders. This is a more specific case of a more general issue that upgraders sometimes don't follow best practices and end up with a mix of code of different versions (ex.: unzip Tiki 15.x on top of a Tiki 12.x)

Examples of reports

• https://tiki.org/forumthread68557-Fatal-error-upgrading-from-17-1-to-18
• Switching branch from Tiki17 to Tiki18

Use cases

TRIM

TRIM knows that it's upgrading a Tiki so it could easily be smarter.

SVN + setup.sh

They need to think to delete the vendor directory

FTP upgrades

Many users will just unzip newer version on top of old version. This is bad practice but often works. In this case, it fails badly.

Questions

Can tiki-check.php detect the mismatch?

Should SecDB be used to detect file mismatch?

Because unzipping over an old version will cause issues not just in vendor/

https://doc.tiki.org/Security-Admin#Check_your_files

Should we delete or rename vendor/?

If Tiki detects that this is an upgrade from 16 and before to 17 and after:

If we think vendor may have some important things that should't disappear (we've documented to use vendor_custom for this so will be unlikely)

rename vendor/ to vendor-pre-upgrade-from-16x-17x-or-later-you-can-probably-delete-this/