[#2518] Removed audit ignore entries for upstream-fixed 'twig/twig' and 'symfony/polyfill-intl-idn' CVEs.#2528
Conversation
…nd 'symfony/polyfill-intl-idn' CVEs.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (4)
📒 Files selected for processing (1)
💤 Files with no reviewable changes (1)
WalkthroughThe PR removes temporary security advisory ignore entries from ChangesAudit ignore cleanup
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Suggested labels
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Code coverage (threshold: 90%) Per-class coverage |
This comment has been minimized.
This comment has been minimized.
2 similar comments
This comment has been minimized.
This comment has been minimized.
|
Code coverage (threshold: 90%) Per-class coverage |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2528 +/- ##
==========================================
- Coverage 86.49% 86.04% -0.46%
==========================================
Files 94 87 -7
Lines 4674 4515 -159
Branches 47 3 -44
==========================================
- Hits 4043 3885 -158
+ Misses 631 630 -1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Closes #2518
Summary
Removes the six
config.audit.ignoreentries fromcomposer.jsonthat were suppressing PKSA advisories fortwig/twigandsymfony/polyfill-intl-idn. Those entries were necessary whiledrupal/core-recommended ~11.3.10pinnedtwig/twigat v3.26.0 andsymfony/polyfill-intl-idnat v1.37.0. Withdrupal/core-recommended ~11.3.11(landed onmainin #2524), the dependency graph now resolvestwig/twig v3.27.0andsymfony/polyfill-intl-idn v1.38.1, both above the fix thresholds. The entireignoremap is dropped;abandoned: reportandblock-insecure: trueare kept. Installer baseline snapshot and three derived fixtures are regenerated to reflect the structural change.Changes
composer.json- Dropped theconfig.audit.ignoreblock (6 PKSA advisory suppressions);auditsection retainsabandonedandblock-insecuresettings..vortex/installer/tests/Fixtures/handler_process/_baseline/composer.json- Regenerated baseline snapshot; theignoreblock is removed, matching the updated rootcomposer.json..vortex/installer/tests/Fixtures/handler_process/hosting_acquia/composer.json- Diff-header line numbers updated to account for the 8-line removal in the baseline..vortex/installer/tests/Fixtures/handler_process/hosting_project_name___acquia/composer.json- Same mechanical line-number cascade ashosting_acquia..vortex/installer/tests/Fixtures/handler_process/starter_drupal_cms_profile/composer.json- Snapshot updated to reflect the absence of theignoreblock and the cascaded line-number shifts.Before / After
Summary by CodeRabbit