paradoxlabs/github-actions-magento2
3
0
Fork 0
mirror of https://github.com/graycoreio/github-actions-magento2.git synced 2026-06-19 06:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(supported-version): filter uninstallable versions from usable kind (#319)

Browse Source 
Exclude versions that cannot be installed due to security or dependency issues:
- Magento 2.4.2 through 2.4.3-p3: require composer <=2.1, which is insecure
- Mage-OS 2.2.1: blocked by webonyx/graphql-php security advisory
This commit is contained in:
Ryan Hoerr
2026-04-15 21:51:50 -04:00
committed by Damien Retzinger
parent bbecc7f5f9
commit f8036173e1
3 changed files with 79 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
supported-version/src/kind/get-usable.ts
+23
View File
@@ -2,6 +2,24 @@ import { PackageMatrixVersion } from '../matrix/matrix-type';
import { getIndividualVersionsForProject } from "../versions/get-versions-for-project";
import semver from 'semver';
/**
* Versions that are known to be uninstallable and should be excluded from the usable set.
* Each entry includes a reason for documentation purposes.
*/
const uninstallableVersions: Record<string, string> = {
// magento/composer-root-update-plugin ~1.1 requires composer/composer <=2.1,
// but all composer versions <=2.1 are insecure and cannot be used.
'magento/project-community-edition:2.4.2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.2-p1': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.2-p2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p1': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p3': 'requires insecure composer <=2.1',
// Security advisory in webonyx/graphql-php prevents installation.
'mage-os/project-community-edition:2.2.1': 'uninstallable due to webonyx/graphql-php security advisory',
};
export const getUsableVersions = (project: string): string[] => {
const allVersions = getIndividualVersionsForProject(project)
return Object.entries(<Record<string,PackageMatrixVersion>>allVersions)
@@ -17,6 +35,11 @@ export const getUsableVersions = (project: string): string[] => {
return false;
}
// Exclude versions known to be uninstallable.
if (key in uninstallableVersions) {
return false;
}
return true;
})
.map(([key, value]) => key);