| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2026-05-09 | refactor(composer): move Composer and Factory from mozart-core to mozart | nsfisis | |
| Composer needs DownloadManager (from mozart-registry), but mozart-core sits below mozart-registry in the dependency graph — adding the field would create a dependency cycle. Moving Composer and create_composer to the mozart CLI crate breaks the cycle and lets the root state container hold a DownloadManager. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> | |||
| 2026-05-08 | fix(audit): align with Composer's AuditCommand pipeline | nsfisis | |
| - Add mozart-core::advisory::{AuditFormat, AbandonedHandling, AuditConfig} mirroring Composer\Advisory\AuditConfig; reads audit.ignore, audit.ignore-severity, audit.ignore-abandoned, audit.abandoned, audit.block-insecure, audit.block-abandoned, audit.ignore-unreachable from composer.json config with full apply-scope support - Add mozart-registry::advisory::Auditor mirroring Composer\Advisory\Auditor; process_advisories() filters by package name, advisory ID, CVE, source remote ID, and severity; filter_abandoned_packages() respects ignore-abandoned - Add RepositorySet::get_matching_security_advisories() wrapping fetch_security_advisories with version-matching and unreachable-repo tracking - JSON output now includes ignored-advisories and unreachable-repositories keys - --abandoned falls back to audit.abandoned config (was hardcoded to "fail") - --ignore-severity merges with audit.ignore-severity config - --ignore-unreachable ORs with audit.ignore-unreachable config - Move normalize_or_separator into repository/mod.rs alongside version matching Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> | |||
| 2026-05-08 | fix(repository): align with Composer's RepositoryCommand pipeline | nsfisis | |
| Introduce JsonConfigSource in mozart-core mirroring Composer's JsonConfigSource fallback logic (add/insert/set-url/remove repository), and BaseConfigContext mirroring BaseConfigCommand's initialize(). Key behaviour fixes: - list: synthesise [packagist.org] <disabled> only when no composer-type repo with a packagist.org host is present (was: always show enabled default) - disable: idempotent via add_repository(false) matching Composer's branch; now requires a name (no silent default to packagist.org) - enable: calls remove_repository only, no extra empty-array cleanup - set-url: preserves assoc-keyed format instead of converting to list - get-url: assoc fast-path + unquoted error message matching Composer - add: use regex pre-check (starts_with '{') instead of trial-parse - error messages reworded to match Composer verbatim (mozart brand kept) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> | |||
 |
index : php-mozart | |
| php-mozart | nsfisis |
| aboutsummaryrefslogtreecommitdiffhomepage |