Skip to content

Audit: add option to ignore individually abandoned packages #12572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Seldaek merged 3 commits into from
Oct 28, 2025
Merged

Audit: add option to ignore individually abandoned packages #12572

Seldaek merged 3 commits into from
Oct 28, 2025

Conversation

@glaubinix
Copy link
Contributor

@glaubinix glaubinix commented Oct 15, 2025
edited
Loading

Implements #12568

Appears this was causing issue in Drupal because of doctrine/annotations being abandoned and people running composer audit as part of their builds with "abandoned": "fail" which now fails without an easy path to upgrade

@cruno91
Copy link

cruno91 commented Oct 15, 2025

We just started adding composer audit as a check that will fail pipelines and prevent merges to find out we can't add abandoned packages as exceptions. Is there a way we can apply this patch via the composer CLI in our pipeline to allow for this temporarily?

@glaubinix
Copy link
Contributor Author

glaubinix commented Oct 20, 2025

@cruno91 no there isn't.

@Seldaek Seldaek added this to the 2.9 milestone Oct 27, 2025
Seldaek
Seldaek reviewed Oct 28, 2025
View reviewed changes
Seldaek
Seldaek reviewed Oct 28, 2025
View reviewed changes
Seldaek
Seldaek reviewed Oct 28, 2025
View reviewed changes
Seldaek
Seldaek approved these changes Oct 28, 2025
View reviewed changes
Copy link
Member

@Seldaek Seldaek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM aside from the few minor comments

@glaubinix glaubinix force-pushed the audit-ignore-abandoned-packages branch from cc9ea6f to 18453f0 Compare October 28, 2025 10:14
@glaubinix glaubinix requested a review from Seldaek October 28, 2025 10:16
@Seldaek Seldaek merged commit 028e057 into composer:main Oct 28, 2025
21 checks passed
@Seldaek
Copy link
Member

Seldaek commented Oct 28, 2025

Thanks

@Seldaek Seldaek mentioned this pull request Oct 28, 2025
Closed
@PhilETaylor
Copy link

PhilETaylor commented Oct 28, 2025
edited
Loading

When running snapshot now Im getting this error - is this related?

In Auditor.php line 75:

  [TypeError]
  Composer\Advisory\Auditor::audit(): Argument #9 ($ignoreUnreachable) must be of type bool, array given, called in phar:///usr/local/bin/composer/src/Composer/Installer.php on line 436

Composer version 2.9-dev+028e057787298cc0881ecb706406802e4c1c7791 (2.9-dev) 2025-10-28 10:23:57
PHP version 8.4.14 (/opt/homebrew/Cellar/php/8.4.14/bin/php)

@glaubinix glaubinix mentioned this pull request Oct 28, 2025
Merged
@glaubinix
Copy link
Contributor Author

glaubinix commented Oct 28, 2025

Yes, see #12579

@PhilETaylor
Copy link

PhilETaylor commented Oct 28, 2025

Awesome, thanks - thought it best to mention it sooner rather than later :)

@quicksketch quicksketch mentioned this pull request Nov 18, 2025
Closed
@th0mcat th0mcat mentioned this pull request Nov 19, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Seldaek Seldaek Awaiting requested review from Seldaek

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.9

Development

Successfully merging this pull request may close these issues.

4 participants

@glaubinix @cruno91 @Seldaek @PhilETaylor