Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change audit.ignore behavior before 2.6.0 #11605
Change audit.ignore behavior before 2.6.0 #11605
Changes from 1 commit
d11d620
7e1c55c
e8277f7
57f549c
7d08a6c
f0e92a2
325162a
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we create an object that extends SecurityAdvisory in which you copy all the metadata or should we rather have a
IgnoredSecurityAdvisory
that would take aSecurityAdvisory|PartialSecurityAdvisory
as argument and implements itsjsonSerialize
method by adding an ignore_reason key in the array returned by the delegated call ?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These were the options that I also considered, the solution in the PR just felt better, even if it is "ugly" a bit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps
IgnoredSecurityAdvisory
could be a proxy class or have a factory method which takes in aSecurityAdvisory
object. That'd make the code here much cleaner.$advisory = IgnoredSecurityAdvisory::create($advisory, $ignoreReason);
or$advisory = new IgnoredSecurityAdvisory($advisory, $ignoreReason);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IgnoredSecurityAdvisory::createFromSecurityAdvisory($advisory
I would have gone with this approach by default, but since everything in public on these objects (as public properties) this approach just moves copying object data to somewhere else. Would that have a real added value? In this case, should I make the constructor ofIgnoredSecurityAdvisory
private so it could be only constructed from a SecurityAdvisory from now?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought that the reason was a required field.
Edit: I've now seen that there are two accepted values and only one has the 'reason' field. I'd vote that a reason should always be provided/required.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually I decided to give more freedom to developers... so it cannot be mandatory.
https://github.com/composer/composer/pull/11605/files#diff-89992649ff6652d737d4dac645fbbac6ceeb112ab29010d0eaba3b42c658dc7eR112-R132