Skip to content

Commit cb3dd07

Browse files
committed
Don't let Composer advisory blocking break CI
Composer 2.10 blocks installing packages affected by an active security advisory. When Symfony deps have an advisory but no patched release yet, dependency resolution fails and CI turns red with nothing actionable in the bundle itself. Disable advisory blocking for the test job.
1 parent 9edab87 commit cb3dd07

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

.github/workflows/ci.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,11 @@ jobs:
5858
- name: Configure Composer minimum stability
5959
run: composer config minimum-stability ${{ matrix.minimum-stability || 'stable' }} --ansi
6060

61+
# Symfony deps may temporarily have no advisory-free release (unpatched CVE upstream);
62+
# don't let Composer's advisory blocking turn the bundle's CI red in the meantime.
63+
- name: Disable Composer security advisories blocking
64+
run: composer config --no-plugins policy.advisories.block false
65+
6166
- name: "Composer install"
6267
uses: ramsey/composer-install@26d8a556604053a9612623447203a691f406fbe6
6368
with:

0 commit comments

Comments
 (0)