Comments (1)
jrfnl
commented on May 27, 2024
Additional info from @Seldaek as posted in shivammathur/setup-php#635 (comment):
I am not sure what the best default is here tbh. Just to be clear though:
During updates the audit is will simply output some warning but not fail the build if there is a known vulnerability found.
If you simply run install no audit is done by default.
If you want to fail the build in case vulns are found, then you kinda need to explicitly call the audit command, in which case disabling the auto-audit on update may make sense.
from composer-install.
Related Issues (20)
- Question: Why are there two composer json files for a repo for php; which includes no PHP? HOT 1
- Action erroring out on with incorrect invalid `composer.json` report HOT 3
- Compatibility with Composer 1 broken due to validate command HOT 1
- Action debug information showing in workflow run summary
- Heads-up: upcoming (helpful) change in setupPHP HOT 1
- Do not depend on awk and perl
- CI `run` job only tests with lock files HOT 5
- Support `composer-bin` commands like `composer bin [folder] install` HOT 4
- failed to open stream HOT 1
- Cannot find composer.json HOT 4
- Yaml is invalid? HOT 5
- Error: The process '/usr/local/bin/composer' failed with exit code 1 HOT 4
- Add `retries:` input HOT 2
- Better cache busting when using `dependency-versions: 'highest'` HOT 3
- `set-output` function is deprecated HOT 1
- "Could not authenticate against github.com" HOT 2
- Ability to swap out actions/cache for the faster alternative buildjet/cache HOT 1
- Failure to restore cache causes the GitHub Action step to run indefinitely HOT 8
- File "./composer.json" cannot be found in the current directory HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from composer-install.