Silence composer audit for patched vulnerabilities

Created on 20 March 2025, 26 days ago

Problem/Motivation

although 📌 Drupal Core Security Update for OS 12 Active applied the patches for the recent core security issues, running composer audit on such a project still complains about those vulnerabilities, breaking CI pipelines

Steps to reproduce

run composer audit

Proposed resolution

you can inform composer about the applied patches for security issues using
config → audit → ignore
see: https://getcomposer.org/doc/06-config.md#ignore

    "config": {
        "audit": {
            "ignore": {
               "SA-CORE-2025-001": "The security fix was applied as a patch.",
               "SA-CORE-2025-002": "The security fix was applied as a patch."
            }
        }
    },

Remaining tasks

review the patch

✨ Feature request

Status

Active

Version

12.4

Component

Other

Created by

🇷🇴Romania reszli Târgu Mureș

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @reszli
@reszli opened merge request.
Comment 26 days ago →
🇷🇴Romania reszli Târgu Mureș

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024