paradoxlabs/github-actions-magento2
3
0
Fork 0
mirror of https://github.com/graycoreio/github-actions-magento2.git synced 2026-06-19 06:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
62d2aec976cdc6487586cecf2e497e1add45f526
github-actions-magento2/supported-version/src/kind/get-usable.ts
T
Ryan Hoerr f8036173e1 fix(supported-version): filter uninstallable versions from usable kind (#319) 
Exclude versions that cannot be installed due to security or dependency issues:
- Magento 2.4.2 through 2.4.3-p3: require composer <=2.1, which is insecure
- Mage-OS 2.2.1: blocked by webonyx/graphql-php security advisory
2026-04-28 10:21:08 -04:00

46 lines
2.2 KiB
TypeScript
Raw Blame History

import { PackageMatrixVersion } from '../matrix/matrix-type';
import { getIndividualVersionsForProject } from "../versions/get-versions-for-project";
import semver from 'semver';
/**
* Versions that are known to be uninstallable and should be excluded from the usable set.
* Each entry includes a reason for documentation purposes.
*/
const uninstallableVersions: Record<string, string> = {
// magento/composer-root-update-plugin ~1.1 requires composer/composer <=2.1,
// but all composer versions <=2.1 are insecure and cannot be used.
'magento/project-community-edition:2.4.2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.2-p1': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.2-p2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p1': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p2': 'requires insecure composer <=2.1',
'magento/project-community-edition:2.4.3-p3': 'requires insecure composer <=2.1',
// Security advisory in webonyx/graphql-php prevents installation.
'mage-os/project-community-edition:2.2.1': 'uninstallable due to webonyx/graphql-php security advisory',
};
export const getUsableVersions = (project: string): string[] => {
const allVersions = getIndividualVersionsForProject(project)
return Object.entries(<Record<string,PackageMatrixVersion>>allVersions)
.filter(([key, value]) => {
/**
* Filter out any versions that are not 'usable', and cannot be successfully installed
* anymore for modern systems or other reasons outside our control.
*/
// Packagist retired support for Composer 1 on 2025-09-01.
const composerVersion = semver.coerce(value.composer.toString());
if (composerVersion && semver.lt(composerVersion, '2.0.0')) {
return false;
}
// Exclude versions known to be uninstallable.
if (key in uninstallableVersions) {
return false;
}
return true;
})
.map(([key, value]) => key);
}
Reference in New Issue View Git Blame Copy Permalink