- Merge request !442#3564269 Composer audit: ignore specific security advisories → (Merged) created by jonathan1055
The Composer (previous major) job in the d9-basic branch has just started to fail with security blocks in Drupal 9.5
Problem 1
- Root composer.json requires drupal/core-recommended ^9.5 -> satisfiable by drupal/core-recommended[9.5.x-dev].
- drupal/core-recommended 9.5.x-dev requires twig/twig ~v2.15.4 -> found twig/twig[v2.15.4, v2.15.5, v2.15.6] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
This must be a relatively new discovery, because the scheduled pipeline on 17th December was OK
https://git.drupalcode.org/project/gitlab_templates_downstream/-/pipelin...
Active
Composer
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.