Added audit ignore entries for advisories blocking Drupal core install.#2520
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (4)
📒 Files selected for processing (2)
WalkthroughThis PR makes two independent updates: it clarifies the development workflow by emphasizing that commits must precede snapshot regeneration in ChangesWorkflow and Dependency Updates
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Possibly related issues
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Code coverage (threshold: 90%) Per-class coverage |
This comment has been minimized.
This comment has been minimized.
2 similar comments
This comment has been minimized.
This comment has been minimized.
|
Code coverage (threshold: 90%) Per-class coverage |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2520 +/- ##
==========================================
- Coverage 86.50% 86.05% -0.46%
==========================================
Files 93 86 -7
Lines 4661 4502 -159
Branches 47 3 -44
==========================================
- Hits 4032 3874 -158
+ Misses 629 628 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Summary
drupal/core-recommended~11.3.10 pinstwig/twigto~v3.26.0andsymfony/polyfill-intl-idnto~v1.37.0. Both ranges resolve only to versions covered by open security advisories, while the fixed versions (twig/twig >=3.27.0andsymfony/polyfill-intl-idn >=1.38.1) fall outside the pinned constraints. As a result,composer audit --lockedblockscomposer installin CI. This PR adds aconfig.audit.ignoreblock to suppress those six advisories so Drupal core installs cleanly until upstream widens its constraints.Changes
composer.json- addedconfig.audit.ignoreblock with 6 entries:PKSA-dwsq-ppd2-mb1x(symfony/polyfill-intl-idnv1.37.0) andPKSA-1tmc-rt7x-12w6,PKSA-fbvq-z33h-r2np,PKSA-g9zw-qxh8-pq8w,PKSA-xx6c-6d96-db2w,PKSA-yd6k-t2gh-1m43(alltwig/twigv3.26.0); each entry documents the affected package, version, root cause, and forward-looking note..vortex/CLAUDE.md- promoted the "commit beforeahoy update-snapshots" guidance to a HARD RULE at the top of the Cross-System Workflow section, and updated both the template-scripts and template-files checklists to make the commit step explicit and ordered..vortex/installer/tests/Fixtures/handler_process/(_baseline,hosting_acquia,hosting_project_name___acquia,starter_drupal_cms_profile) to reflect the newaudit.ignoreblock in the baselinecomposer.json.Before / After
Related: #2518 (tracks removal once upstream fixes land).
Summary by CodeRabbit