diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-05-03 19:28:56 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-05-03 19:28:56 +0900 |
| commit | d554b62e1b578a88b796f34e6eb82b5c452cd785 (patch) | |
| tree | c9bf835955c1760f12a360727c6819dc8f98a378 /crates/mozart-registry/src/packagist.rs | |
| parent | 240b0dd14a607a9dfdb84bb339c87bb0effd6963 (diff) | |
| download | php-mozart-d554b62e1b578a88b796f34e6eb82b5c452cd785.tar.gz php-mozart-d554b62e1b578a88b796f34e6eb82b5c452cd785.tar.zst php-mozart-d554b62e1b578a88b796f34e6eb82b5c452cd785.zip | |
feat(resolver): honour audit.block-abandoned config
Read `config.audit.block-abandoned` from composer.json (defaults to
false) and propagate it to the resolver. When set, the pool builder
skips packages whose `abandoned` field is truthy (`true` or a non-empty
replacement string), matching `SecurityAdvisoryPoolFilter`'s behavior in
`Composer\DependencyResolver`. With no candidates left, a root require
that only matches abandoned versions fails resolution with exit 2.
Diffstat (limited to 'crates/mozart-registry/src/packagist.rs')
| -rw-r--r-- | crates/mozart-registry/src/packagist.rs | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/crates/mozart-registry/src/packagist.rs b/crates/mozart-registry/src/packagist.rs index 1d9356d..6b24589 100644 --- a/crates/mozart-registry/src/packagist.rs +++ b/crates/mozart-registry/src/packagist.rs @@ -135,6 +135,13 @@ pub struct PackagistVersion { /// `crate::resolver::packagist_to_pool_inputs`. #[serde(rename = "default-branch", default)] pub default_branch: bool, + + /// Abandonment marker. Composer accepts `abandoned: true` (no replacement + /// suggested) or `abandoned: "<replacement-package>"`. Anything else + /// (absent, `false`, empty string) means the package is active. Mirrors + /// `Composer\Package\CompletePackage::isAbandoned`. + #[serde(default, deserialize_with = "deserialize_unset_as_none")] + pub abandoned: Option<serde_json::Value>, } impl PackagistVersion { |