fix(supported-version): filter uninstallable versions from usable kind (#319)

Exclude versions that cannot be installed due to security or dependency issues:
- Magento 2.4.2 through 2.4.3-p3: require composer <=2.1, which is insecure
- Mage-OS 2.2.1: blocked by webonyx/graphql-php security advisory

supported-version/src/kind/get-usable.spec.ts

@@ -25,7 +25,7 @@ describe('getUsableVersions for magento-open-source', () => {
             'magento/project-community-edition:2.4.5': { composer: '1.9.0' },
             'magento/project-community-edition:2.4.6': { composer: '2.2.0' }
         });
-        
+
         const versions = getUsableVersions(project);
         expect(versions).not.toContain('magento/project-community-edition:2.4.5');
         expect(versions).toContain('magento/project-community-edition:2.4.6');
@@ -50,4 +50,46 @@ describe('getUsableVersions for magento-open-source', () => {
         expect(versions).not.toContain('magento/project-community-edition:2.3.7-p3');
         expect(versions).toContain('magento/project-community-edition:2.4.6');
     });
+
+    it('should filter out uninstallable Magento 2.4.2.x and 2.4.3.x versions', () => {
+        mockGetVersions.mockReturnValue({
+            'magento/project-community-edition:2.4.2': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.2-p1': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.2-p2': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.3': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.3-p1': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.3-p2': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.3-p3': { composer: '2.2.21' },
+            'magento/project-community-edition:2.4.4': { composer: '2.2.21' }
+        });
+
+        const versions = getUsableVersions(project);
+        expect(versions).not.toContain('magento/project-community-edition:2.4.2');
+        expect(versions).not.toContain('magento/project-community-edition:2.4.2-p1');
+        expect(versions).not.toContain('magento/project-community-edition:2.4.2-p2');
+        expect(versions).not.toContain('magento/project-community-edition:2.4.3');
+        expect(versions).not.toContain('magento/project-community-edition:2.4.3-p1');
+        expect(versions).not.toContain('magento/project-community-edition:2.4.3-p2');
+        expect(versions).not.toContain('magento/project-community-edition:2.4.3-p3');
+        expect(versions).toContain('magento/project-community-edition:2.4.4');
+    });
+});
+
+describe('getUsableVersions for mage-os', () => {
+    const project: Project = "mage-os";
+
+    beforeEach(() => {
+        mockGetVersions.mockReset();
+    });
+
+    it('should filter out mage-os 2.2.1 due to security advisory', () => {
+        mockGetVersions.mockReturnValue({
+            'mage-os/project-community-edition:2.2.0': { composer: '2.9.3' },
+            'mage-os/project-community-edition:2.2.1': { composer: '2.9.3' }
+        });
+
+        const versions = getUsableVersions(project);
+        expect(versions).not.toContain('mage-os/project-community-edition:2.2.1');
+        expect(versions).toContain('mage-os/project-community-edition:2.2.0');
+    });
 });

supported-version/src/kind/get-usable.ts

@@ -2,6 +2,24 @@ import { PackageMatrixVersion } from '../matrix/matrix-type';
 import { getIndividualVersionsForProject } from "../versions/get-versions-for-project";
 import semver from 'semver';
 
+/**
+ * Versions that are known to be uninstallable and should be excluded from the usable set.
+ * Each entry includes a reason for documentation purposes.
+ */
+const uninstallableVersions: Record<string, string> = {
+    // magento/composer-root-update-plugin ~1.1 requires composer/composer <=2.1,
+    // but all composer versions <=2.1 are insecure and cannot be used.
+    'magento/project-community-edition:2.4.2': 'requires insecure composer <=2.1',
+    'magento/project-community-edition:2.4.2-p1': 'requires insecure composer <=2.1',
+    'magento/project-community-edition:2.4.2-p2': 'requires insecure composer <=2.1',
+    'magento/project-community-edition:2.4.3': 'requires insecure composer <=2.1',
+    'magento/project-community-edition:2.4.3-p1': 'requires insecure composer <=2.1',
+    'magento/project-community-edition:2.4.3-p2': 'requires insecure composer <=2.1',
+    'magento/project-community-edition:2.4.3-p3': 'requires insecure composer <=2.1',
+    // Security advisory in webonyx/graphql-php prevents installation.
+    'mage-os/project-community-edition:2.2.1': 'uninstallable due to webonyx/graphql-php security advisory',
+};
+
 export const getUsableVersions = (project: string): string[] => {
     const allVersions = getIndividualVersionsForProject(project)
     return Object.entries(<Record<string,PackageMatrixVersion>>allVersions)
@@ -17,6 +35,11 @@ export const getUsableVersions = (project: string): string[] => {
                 return false;
             }
 
+            // Exclude versions known to be uninstallable.
+            if (key in uninstallableVersions) {
+                return false;
+            }
+
             return true;
         })
         .map(([key, value]) => key);