From fbde1a83781c14836f07d459d06da9bf6f22dc4e Mon Sep 17 00:00:00 2001 From: Andrew Longosz Date: Mon, 18 May 2026 19:10:50 +0200 Subject: [PATCH 1/5] [Composer Install] Bumped `ramsey/composer-install` to `v4` --- actions/composer-install/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/composer-install/action.yml b/actions/composer-install/action.yml index 4c268fd..92d431e 100644 --- a/actions/composer-install/action.yml +++ b/actions/composer-install/action.yml @@ -73,7 +73,7 @@ runs: env: GITHUB_ACTION_PATH: ${{ github.action_path }} - - uses: ramsey/composer-install@v3 + - uses: ramsey/composer-install@v4 with: dependency-versions: highest composer-options: ${{ inputs.composer-options }} From 48d182c237d1197785fd39106c252d6923fca69c Mon Sep 17 00:00:00 2001 From: Andrew Longosz Date: Mon, 18 May 2026 19:17:33 +0200 Subject: [PATCH 2/5] [Composer Audit ignore] Created `composer-audit-ignore` Action Created `ibexa/gh-workflows/actions/composer-audit-ignore` GHA Action Co-Authored-By: Codex --- actions/composer-audit-ignore/action.yml | 26 ++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 actions/composer-audit-ignore/action.yml diff --git a/actions/composer-audit-ignore/action.yml b/actions/composer-audit-ignore/action.yml new file mode 100644 index 0000000..aafa6b7 --- /dev/null +++ b/actions/composer-audit-ignore/action.yml @@ -0,0 +1,26 @@ +name: "Configure ignoring known unsolvable advisories" +author: 'Ibexa AS' +description: >- + Configures Composer `audit.ignore` list for CI tests in an allow-list way. + +inputs: + php-version: + description: 'PHP version' + required: true + +runs: + using: "composite" + steps: + - if: startsWith(inputs.php-version, '7.4.') + name: Configure advisory ignore list for PHP 7.4 + shell: bash + run: | + reason="The affected version of 3rd party component is installed on PHP 7.4. There's no alternative supporting PHP 7.4. Consider upgrading to PHP 8" + + for advisory in \ + PKSA-xwpn-zs9j-6wy5 \ + PKSA-sf9j-1gs7-xzvx \ + PKSA-7h5p-prw9-w5nr + do + composer config audit.ignore --json --merge "{\"$advisory\":\"$reason\"}" + done From e007ed3f8bcf6ef5964fee6ad212b34d757b3a50 Mon Sep 17 00:00:00 2001 From: Andrew Longosz Date: Mon, 18 May 2026 19:17:59 +0200 Subject: [PATCH 3/5] [Composer Install] Used `composer-audit-ignore` action --- actions/composer-install/action.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/actions/composer-install/action.yml b/actions/composer-install/action.yml index 92d431e..346ecbd 100644 --- a/actions/composer-install/action.yml +++ b/actions/composer-install/action.yml @@ -42,6 +42,7 @@ runs: - name: Setup PHP Action uses: shivammathur/setup-php@v2 + id: setup_php with: php-version: ${{ matrix.php }} coverage: ${{ inputs.coverage }} @@ -73,6 +74,11 @@ runs: env: GITHUB_ACTION_PATH: ${{ github.action_path }} + - name: 'Ignore known unsolvable advisories' + uses: ibexa/gh-workflows/actions/composer-audit-ignore@main + with: + php-version: ${{ steps.setup_php.outputs.php-version }} + - uses: ramsey/composer-install@v4 with: dependency-versions: highest From 26f9c9dd91fd8aaed4efdf6598b560aa5cbd9e46 Mon Sep 17 00:00:00 2001 From: Andrew Longosz Date: Thu, 21 May 2026 00:16:35 +0200 Subject: [PATCH 4/5] [Composer Audit Ignore] Added `twig/twig` advisories --- actions/composer-audit-ignore/action.yml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/actions/composer-audit-ignore/action.yml b/actions/composer-audit-ignore/action.yml index aafa6b7..8f96065 100644 --- a/actions/composer-audit-ignore/action.yml +++ b/actions/composer-audit-ignore/action.yml @@ -20,7 +20,24 @@ runs: for advisory in \ PKSA-xwpn-zs9j-6wy5 \ PKSA-sf9j-1gs7-xzvx \ - PKSA-7h5p-prw9-w5nr + PKSA-7h5p-prw9-w5nr \ + PKSA-5k7f-wvjj-jrgw \ + PKSA-sjvz-tbbr-vwth \ + PKSA-h8hf-ytnd-5t9q \ + PKSA-wwb1-81rc-pd65 \ + PKSA-hgmw-wn4d-hpcy \ + PKSA-kvv6-36cr-fkzb \ + PKSA-n14z-jjjg-g8vd \ + PKSA-3mcc-k66d-pydb \ + PKSA-gw7n-z4yx-7xjt \ + PKSA-dpx1-78wg-1kqs \ + PKSA-21g2-dzjv-sky5 \ + PKSA-v3kg-5xkr-pykw \ + PKSA-yhcn-xrg3-68b1 \ + PKSA-2wrf-1xmk-1pky \ + PKSA-6319-ffpf-gx66 \ + PKSA-n7sg-8f52-pqtf \ + PKSA-8kk8-h2xr-h5nx do composer config audit.ignore --json --merge "{\"$advisory\":\"$reason\"}" done From e095422c946f1c8c4878fa58d507913cc2303017 Mon Sep 17 00:00:00 2001 From: Andrew Longosz Date: Thu, 21 May 2026 01:14:12 +0200 Subject: [PATCH 5/5] [Composer Audit Ignore] Added `twig/intl-extra` advisory --- actions/composer-audit-ignore/action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/actions/composer-audit-ignore/action.yml b/actions/composer-audit-ignore/action.yml index 8f96065..4b3701e 100644 --- a/actions/composer-audit-ignore/action.yml +++ b/actions/composer-audit-ignore/action.yml @@ -37,7 +37,8 @@ runs: PKSA-2wrf-1xmk-1pky \ PKSA-6319-ffpf-gx66 \ PKSA-n7sg-8f52-pqtf \ - PKSA-8kk8-h2xr-h5nx + PKSA-8kk8-h2xr-h5nx \ + PKSA-2rbx-bjdx-4d4d do composer config audit.ignore --json --merge "{\"$advisory\":\"$reason\"}" done