paradoxlabs/github-actions-magento2
3
0
Fork 0
mirror of https://github.com/graycoreio/github-actions-magento2.git synced 2026-06-08 19:46:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(supported-version): filter uninstallable versions from usable kind (#319)

Browse Source 
Exclude versions that cannot be installed due to security or dependency issues:
- Magento 2.4.2 through 2.4.3-p3: require composer <=2.1, which is insecure
- Mage-OS 2.2.1: blocked by webonyx/graphql-php security advisory
This commit is contained in:
Ryan Hoerr
2026-04-15 21:51:50 -04:00
committed by Damien Retzinger
parent bbecc7f5f9
commit f8036173e1
3 changed files with 79 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
supported-version/dist/index.js
Vendored
+13 -13
View File
File diff suppressed because one or more lines are too long
supported-version/src/kind/get-usable.spec.ts
+42
View File
@@ -50,4 +50,46 @@ describe('getUsableVersions for magento-open-source', () => {
expect(versions).not.toContain('magento/project-community-edition:2.3.7-p3');
expect(versions).toContain('magento/project-community-edition:2.4.6');
});
it('should filter out uninstallable Magento 2.4.2.x and 2.4.3.x versions', () => {
mockGetVersions.mockReturnValue({
'magento/project-community-edition:2.4.2': { composer: '2.2.21' },
'magento/project-community-edition:2.4.2-p1': { composer: '2.2.21' },
'magento/project-community-edition:2.4.2-p2': { composer: '2.2.21' },
'magento/project-community-edition:2.4.3': { composer: '2.2.21' },
'magento/project-community-edition:2.4.3-p1': { composer: '2.2.21' },
'magento/project-community-edition:2.4.3-p2': { composer: '2.2.21' },
'magento/project-community-edition:2.4.3-p3': { composer: '2.2.21' },
'magento/project-community-edition:2.4.4': { composer: '2.2.21' }
});
const versions = getUsableVersions(project);
expect(versions).not.toContain('magento/project-community-edition:2.4.2');
expect(versions).not.toContain('magento/project-community-edition:2.4.2-p1');
expect(versions).not.toContain('magento/project-community-edition:2.4.2-p2');
expect(versions).not.toContain('magento/project-community-edition:2.4.3');
expect(versions).not.toContain('magento/project-community-edition:2.4.3-p1');
expect(versions).not.toContain('magento/project-community-edition:2.4.3-p2');
expect(versions).not.toContain('magento/project-community-edition:2.4.3-p3');
expect(versions).toContain('magento/project-community-edition:2.4.4');
});
});
describe('getUsableVersions for mage-os', () => {
const project: Project = "mage-os";
beforeEach(() => {
mockGetVersions.mockReset();
});
it('should filter out mage-os 2.2.1 due to security advisory', () => {
mockGetVersions.mockReturnValue({
'mage-os/project-community-edition:2.2.0': { composer: '2.9.3' },
'mage-os/project-community-edition:2.2.1': { composer: '2.9.3' }
});
const versions = getUsableVersions(project);
expect(versions).not.toContain('mage-os/project-community-edition:2.2.1');
expect(versions).toContain('mage-os/project-community-edition:2.2.0');
});
});
supported-version/src/kind/get-usable.ts
+23
View File
@@ -2,6 +2,24 @@ import { PackageMatrixVersion } from '../matrix/matrix-type';
import { getIndividualVersionsForProject } from "../versions/get-versions-for-project";
import semver from 'semver';
/**
* Versions that are known to be uninstallable and should be excluded from the usable set.
* Each entry includes a reason for documentation purposes.
*/
const uninstallableVersions: Record<string, string> = {
// magento/composer-root-update-plugin ~1.1 requires composer/composer <=2.1,
// but all composer versions <=2.1 are insecure and cannot be used.
'magento/project-community-edition:2.4.2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.2-p1': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.2-p2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p1': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p3': 'requires insecure composer <=2.1',
// Security advisory in webonyx/graphql-php prevents installation.
'mage-os/project-community-edition:2.2.1': 'uninstallable due to webonyx/graphql-php security advisory',
};
export const getUsableVersions = (project: string): string[] => {
const allVersions = getIndividualVersionsForProject(project)
return Object.entries(<Record<string,PackageMatrixVersion>>allVersions)
@@ -17,6 +35,11 @@ export const getUsableVersions = (project: string): string[] => {
return false;
}
// Exclude versions known to be uninstallable.
if (key in uninstallableVersions) {
return false;
}
return true;
})
.map(([key, value]) => key);