From 18d5a78fee75e0a466355e6edfb634d8f7a7565a Mon Sep 17 00:00:00 2001 From: nsfisis Date: Fri, 8 May 2026 23:40:37 +0900 Subject: fix(require): align with Composer's RequireCommand pipeline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add mozart-registry::version_selector::VersionSelector mirroring Composer\Package\Version\VersionSelector; wraps find_best_candidate and find_recommended_require_version_string for per-arg resolution - Decompose execute() into named helpers matching Composer's structure: CommandState, revert_composer_file, get_inconsistent_require_keys, get_packages_by_require_key, update_file, update_file_cleanly (stub for PR 3), do_update, update_requirements_after_resolution (stub for PR 2) - Fix firstRequire gating: compute first_require from the original file before applying changes; apply setUpdateAllowList only when !first_require and lock exists (prevents over-pinning on fresh projects) - Add --fixed gate: bail when fixed && !dev && type != "project", matching Composer L173-189 wording verbatim - Wire --no-security-blocking + COMPOSER_NO_SECURITY_BLOCKING env var into block_insecure in ResolveRequest (was always false) - Wire COMPOSER_NO_AUDIT env var to skip audit step (tracked) - Match Composer's revertComposerFile messaging: "deleting " for newly-created, "reverting and to their" / "to its" for existing files; also removes lock file on newly-created revert - Auto-create "{\n}\n" when composer.json is missing or empty, mirroring Composer L138-152; delete file on dry-run cleanup (finally block) - Add resolution-failure hint: "You can also try re-running mozart require with an explicit version constraint…" for unversioned packages - Update deprecated-flag warnings to stderr (write_error) with Composer-matching wording for --no-suggest Co-Authored-By: Claude Sonnet 4.6 --- crates/mozart-registry/src/advisory.rs | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) (limited to 'crates/mozart-registry/src/advisory.rs') diff --git a/crates/mozart-registry/src/advisory.rs b/crates/mozart-registry/src/advisory.rs index 97242b3..8cf112e 100644 --- a/crates/mozart-registry/src/advisory.rs +++ b/crates/mozart-registry/src/advisory.rs @@ -230,29 +230,30 @@ impl Auditor { } // Check by advisory ID - if is_active - && let Some(reason) = ignore_list.get(&adv.advisory_id) { - is_active = false; - ignore_reason = reason.clone(); - } + if is_active && let Some(reason) = ignore_list.get(&adv.advisory_id) { + is_active = false; + ignore_reason = reason.clone(); + } // Check by severity if is_active && let Some(ref sev) = adv.severity - && let Some(reason) = ignored_severities.get(sev.as_str()) { - is_active = false; - ignore_reason = reason - .clone() - .or_else(|| Some(format!("{sev} severity is ignored"))); - } + && let Some(reason) = ignored_severities.get(sev.as_str()) + { + is_active = false; + ignore_reason = reason + .clone() + .or_else(|| Some(format!("{sev} severity is ignored"))); + } // Check by CVE if is_active && let Some(ref cve) = adv.cve - && let Some(reason) = ignore_list.get(cve.as_str()) { - is_active = false; - ignore_reason = reason.clone(); - } + && let Some(reason) = ignore_list.get(cve.as_str()) + { + is_active = false; + ignore_reason = reason.clone(); + } // Check by source remote IDs if is_active { -- cgit v1.3.1