New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support advisories from multiple repositories for the same package #11436
Conversation
unset($packageConstraintMap[$nameFound]); | ||
} | ||
|
||
$advisories = array_merge($advisories, $result['advisories']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Getting rid of array_merge() in a loop is also a performance improvement.
} | ||
|
||
$advisories = array_merge_recursive(...$advisories); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a bad idea to me, as advisories themselves are also arrays so a recursive merge could end up doing weird things. This should be array_merge(...$advisories)
instead (also, be careful if $advisories
is empty if no repository supports advisories, as both array_merge
and array_merge_recursive
require at least one argument)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the review.
- Used array_merge originally but it did not create the expected result. I would also avoid nested merging for sure.
- You are right about the second part, calling array_merge* without an argument is only possible since 7.4.0 and Composer requires 7.2.5.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- but it did not create the expected result.
what do you mean with that ? AFAICT, you need to merge only the first level of the list (to do the equivalent of what $advisories = array_merge($advisories, $result['advisories'])
was doing in the loop), and that's exactly what array_merge(...$advisories)
will be doing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
} | ||
|
||
$advisories = array_merge_recursive(...$advisories); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- but it did not create the expected result.
what do you mean with that ? AFAICT, you need to merge only the first level of the list (to do the equivalent of what $advisories = array_merge($advisories, $result['advisories'])
was doing in the loop), and that's exactly what array_merge(...$advisories)
will be doing.
} | ||
|
||
$advisories = array_merge($advisories, $result['advisories']); | ||
$advisories[] = $repository->getSecurityAdvisories($packageConstraintMap, $allowPartialAdvisories)['advisories']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This variable should probably be renamed to $repositoryAdvisories
instead of $advisories
as it is not a list of advisories (you get the list of advisories only after the merge). This would make the code easier to read IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✔️
Ok let's give this a shot in 2.6 and see.. if it creates any problems we'll deal with them then. |
Thank you! |
Closes #11435.