From d554b62e1b578a88b796f34e6eb82b5c452cd785 Mon Sep 17 00:00:00 2001 From: nsfisis Date: Sun, 3 May 2026 19:28:56 +0900 Subject: feat(resolver): honour audit.block-abandoned config Read `config.audit.block-abandoned` from composer.json (defaults to false) and propagate it to the resolver. When set, the pool builder skips packages whose `abandoned` field is truthy (`true` or a non-empty replacement string), matching `SecurityAdvisoryPoolFilter`'s behavior in `Composer\DependencyResolver`. With no candidates left, a root require that only matches abandoned versions fails resolution with exit 2. --- crates/mozart/src/commands/require.rs | 3 +++ 1 file changed, 3 insertions(+) (limited to 'crates/mozart/src/commands/require.rs') diff --git a/crates/mozart/src/commands/require.rs b/crates/mozart/src/commands/require.rs index caf88c1..24812fc 100644 --- a/crates/mozart/src/commands/require.rs +++ b/crates/mozart/src/commands/require.rs @@ -664,6 +664,7 @@ pub async fn execute( .collect(), locked_package_names: indexmap::IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; // Print header messages @@ -1066,6 +1067,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolver::resolve(&request) @@ -1141,6 +1143,7 @@ mod tests { root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), locked_packages: Vec::new(), + block_abandoned: false, }; let resolved = resolver::resolve(&request) -- cgit v1.3.1