From d554b62e1b578a88b796f34e6eb82b5c452cd785 Mon Sep 17 00:00:00 2001 From: nsfisis Date: Sun, 3 May 2026 19:28:56 +0900 Subject: feat(resolver): honour audit.block-abandoned config Read `config.audit.block-abandoned` from composer.json (defaults to false) and propagate it to the resolver. When set, the pool builder skips packages whose `abandoned` field is truthy (`true` or a non-empty replacement string), matching `SecurityAdvisoryPoolFilter`'s behavior in `Composer\DependencyResolver`. With no candidates left, a root require that only matches abandoned versions fails resolution with exit 2. --- crates/mozart/src/commands/remove.rs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'crates/mozart/src/commands/remove.rs') diff --git a/crates/mozart/src/commands/remove.rs b/crates/mozart/src/commands/remove.rs index 9c5f7fa..dc20a21 100644 --- a/crates/mozart/src/commands/remove.rs +++ b/crates/mozart/src/commands/remove.rs @@ -276,6 +276,7 @@ pub async fn execute( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; // Print header messages @@ -554,6 +555,7 @@ async fn remove_unused( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; console.info("Resolving dependencies to detect unused packages..."); @@ -908,6 +910,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolve(&request) .await @@ -965,6 +968,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved2 = resolve(&request2) .await -- cgit v1.3.1