diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-05-03 19:28:56 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-05-03 19:28:56 +0900 |
| commit | d554b62e1b578a88b796f34e6eb82b5c452cd785 (patch) | |
| tree | c9bf835955c1760f12a360727c6819dc8f98a378 /crates/mozart | |
| parent | 240b0dd14a607a9dfdb84bb339c87bb0effd6963 (diff) | |
| download | php-mozart-d554b62e1b578a88b796f34e6eb82b5c452cd785.tar.gz php-mozart-d554b62e1b578a88b796f34e6eb82b5c452cd785.tar.zst php-mozart-d554b62e1b578a88b796f34e6eb82b5c452cd785.zip | |
feat(resolver): honour audit.block-abandoned config
Read `config.audit.block-abandoned` from composer.json (defaults to
false) and propagate it to the resolver. When set, the pool builder
skips packages whose `abandoned` field is truthy (`true` or a non-empty
replacement string), matching `SecurityAdvisoryPoolFilter`'s behavior in
`Composer\DependencyResolver`. With no candidates left, a root require
that only matches abandoned versions fails resolution with exit 2.
Diffstat (limited to 'crates/mozart')
| -rw-r--r-- | crates/mozart/src/commands/create_project.rs | 1 | ||||
| -rw-r--r-- | crates/mozart/src/commands/remove.rs | 4 | ||||
| -rw-r--r-- | crates/mozart/src/commands/require.rs | 3 | ||||
| -rw-r--r-- | crates/mozart/src/commands/update.rs | 13 | ||||
| -rw-r--r-- | crates/mozart/tests/installer.rs | 5 |
5 files changed, 22 insertions, 4 deletions
diff --git a/crates/mozart/src/commands/create_project.rs b/crates/mozart/src/commands/create_project.rs index ae7a550..13a2bb2 100644 --- a/crates/mozart/src/commands/create_project.rs +++ b/crates/mozart/src/commands/create_project.rs @@ -442,6 +442,7 @@ pub async fn execute( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; console.info("Resolving dependencies..."); diff --git a/crates/mozart/src/commands/remove.rs b/crates/mozart/src/commands/remove.rs index 9c5f7fa..dc20a21 100644 --- a/crates/mozart/src/commands/remove.rs +++ b/crates/mozart/src/commands/remove.rs @@ -276,6 +276,7 @@ pub async fn execute( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; // Print header messages @@ -554,6 +555,7 @@ async fn remove_unused( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; console.info("Resolving dependencies to detect unused packages..."); @@ -908,6 +910,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolve(&request) .await @@ -965,6 +968,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved2 = resolve(&request2) .await diff --git a/crates/mozart/src/commands/require.rs b/crates/mozart/src/commands/require.rs index caf88c1..24812fc 100644 --- a/crates/mozart/src/commands/require.rs +++ b/crates/mozart/src/commands/require.rs @@ -664,6 +664,7 @@ pub async fn execute( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; // Print header messages @@ -1066,6 +1067,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolver::resolve(&request) @@ -1141,6 +1143,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolver::resolve(&request) diff --git a/crates/mozart/src/commands/update.rs b/crates/mozart/src/commands/update.rs index 6003dd0..0d7d60e 100644 --- a/crates/mozart/src/commands/update.rs +++ b/crates/mozart/src/commands/update.rs @@ -1009,6 +1009,17 @@ pub async fn run( platform.apply_overrides(overrides); } + // Mirrors `Composer\Advisory\AuditConfig::fromConfig`: read + // `config.audit.block-abandoned` straight off composer.json. Defaults to + // false; when true the resolver drops abandoned packages from the pool. + let block_abandoned = composer_json + .extra_fields + .get("config") + .and_then(|c| c.get("audit")) + .and_then(|a| a.get("block-abandoned")) + .and_then(|v| v.as_bool()) + .unwrap_or(false); + let request = ResolveRequest { root_name: composer_json.name.clone(), root_version: composer_json.version.clone(), @@ -1042,6 +1053,7 @@ pub async fn run( .collect(), locked_package_names, locked_packages, + block_abandoned, }; // Step 6: Print header and run resolver @@ -2168,6 +2180,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolve(&request).await.expect("Resolution should succeed"); diff --git a/crates/mozart/tests/installer.rs b/crates/mozart/tests/installer.rs index fd25dee..6213a6c 100644 --- a/crates/mozart/tests/installer.rs +++ b/crates/mozart/tests/installer.rs @@ -350,10 +350,7 @@ installer_fixture!(suggest_uninstalled); installer_fixture!(unbounded_conflict_does_not_match_default_branch_with_branch_alias); installer_fixture!(unbounded_conflict_does_not_match_default_branch_with_numeric_branch); installer_fixture!(unbounded_conflict_matches_default_branch); -installer_fixture!( - update_abandoned_package_required_but_blocked_via_audit_config, - ignore -); +installer_fixture!(update_abandoned_package_required_but_blocked_via_audit_config); installer_fixture!(update_alias); installer_fixture!(update_alias_lock, ignore); installer_fixture!(update_alias_lock2); |