diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-06-02 23:58:38 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-06-02 23:58:54 +0900 |
| commit | 51843230859ef39344c0b67daa9049ead87ec49c (patch) | |
| tree | f657969816da51b7f8656012e756498680ffcc23 /crates/shirabe/src/dependency_resolver/pool_builder.rs | |
| parent | 20dbcf11b86cb03c451ba1d5cd9efe17b68fa66d (diff) | |
| download | php-shirabe-51843230859ef39344c0b67daa9049ead87ec49c.tar.gz php-shirabe-51843230859ef39344c0b67daa9049ead87ec49c.tar.zst php-shirabe-51843230859ef39344c0b67daa9049ead87ec49c.zip | |
feat(resolver): port SecurityAdvisoryPoolFilter::filter
Implement the security advisory pool filter end to end, plus the
remaining actionable wirings it unblocked.
- Unify the PartialSecurityAdvisory|SecurityAdvisory union as the
PartialOrFullSecurityAdvisory enum and make the advisory types Clone,
so advisories can be collected and stored; Pool.security_removed_versions
now carries the union. This also unblocks PoolOptimizer's clone of the
security-removed versions.
- Thread the filter result through run_security_advisory_filter/build_pool
as anyhow::Result.
- Introduce typed PlatformRepositoryHandle and pass platform repos as
handles through determine_requirements instead of &PlatformRepository.
- Wire RuleSetGenerator's is_unacceptable_fixed_or_locked_package check
and UpdateCommand's non-locked installed-packages branch.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Diffstat (limited to 'crates/shirabe/src/dependency_resolver/pool_builder.rs')
| -rw-r--r-- | crates/shirabe/src/dependency_resolver/pool_builder.rs | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/crates/shirabe/src/dependency_resolver/pool_builder.rs b/crates/shirabe/src/dependency_resolver/pool_builder.rs index 18d2db4..1bbd51e 100644 --- a/crates/shirabe/src/dependency_resolver/pool_builder.rs +++ b/crates/shirabe/src/dependency_resolver/pool_builder.rs @@ -352,7 +352,7 @@ impl PoolBuilder { // filter vulnerable packages before optimizing the pool otherwise we may end up with inconsistent state where the optimizer took away versions // that were not vulnerable and now suddenly the vulnerable ones are removed and we are missing some versions to make it solvable - pool = self.run_security_advisory_filter(pool, &repositories, request); + pool = self.run_security_advisory_filter(pool, &repositories, request)?; pool = self.run_optimizer(request, pool); Intervals::clear(); @@ -1110,9 +1110,9 @@ impl PoolBuilder { pool: Pool, repositories: &Vec<RepositoryInterfaceHandle>, request: &Request, - ) -> Pool { + ) -> anyhow::Result<Pool> { if self.security_advisory_pool_filter.is_none() { - return pool; + return Ok(pool); } self.io.debug("Running security advisory pool filter.", &[]); @@ -1121,16 +1121,16 @@ impl PoolBuilder { let total = pool.get_packages().len() as f64; let repos_owned: Vec<RepositoryInterfaceHandle> = repositories.iter().cloned().collect(); - let pool = - self.security_advisory_pool_filter - .as_mut() - .unwrap() - .filter(pool, repos_owned, request); + let pool = self + .security_advisory_pool_filter + .as_mut() + .unwrap() + .filter(pool, repos_owned, request)?; let filtered = total - (pool.get_packages().len() as f64); if 0.0 == filtered { - return pool; + return Ok(pool); } self.io.write3( @@ -1154,6 +1154,6 @@ impl PoolBuilder { io_interface::VERY_VERBOSE, ); - pool + Ok(pool) } } |