From d554b62e1b578a88b796f34e6eb82b5c452cd785 Mon Sep 17 00:00:00 2001 From: nsfisis Date: Sun, 3 May 2026 19:28:56 +0900 Subject: feat(resolver): honour audit.block-abandoned config Read `config.audit.block-abandoned` from composer.json (defaults to false) and propagate it to the resolver. When set, the pool builder skips packages whose `abandoned` field is truthy (`true` or a non-empty replacement string), matching `SecurityAdvisoryPoolFilter`'s behavior in `Composer\DependencyResolver`. With no candidates left, a root require that only matches abandoned versions fails resolution with exit 2. --- crates/mozart-registry/src/vcs_bridge.rs | 1 + 1 file changed, 1 insertion(+) (limited to 'crates/mozart-registry/src/vcs_bridge.rs') diff --git a/crates/mozart-registry/src/vcs_bridge.rs b/crates/mozart-registry/src/vcs_bridge.rs index e9a2f37..aae3d87 100644 --- a/crates/mozart-registry/src/vcs_bridge.rs +++ b/crates/mozart-registry/src/vcs_bridge.rs @@ -188,6 +188,7 @@ pub fn vcs_to_packagist_version(vpkg: &VcsPackageVersion) -> PackagistVersion { extra: vpkg.composer_json.get("extra").cloned(), notification_url: None, default_branch: vpkg.is_default_branch, + abandoned: vpkg.composer_json.get("abandoned").cloned(), } } -- cgit v1.3.1