DQA-7826: Hotfix for components security check (#695)

ec-europa · Sep 22, 2023 · a720403 · a720403
1 parent 94cae6b
commit a720403
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Toolkit change log
 
+## Version 9.13.1 | 10.3.1
+- DQA-7826: Hotfix for components security check.
+
 ## Version 9.13.0 | 10.3.0
   - DQA-7528: Allow to block access to files in htaccess.
   - DQA-7379: Force max-age in Cache-Control headers.

diff --git a/phpdoc.dist.xml b/phpdoc.dist.xml
@@ -9,7 +9,7 @@
     <paths>
         <output>docs</output>
     </paths>
-    <version number="10.3.0">
+    <version number="10.3.1">
         <folder>latest</folder>
         <api>
             <source dsn=".">

diff --git a/src/TaskRunner/Commands/ComponentCheckCommands.php b/src/TaskRunner/Commands/ComponentCheckCommands.php
@@ -451,18 +451,17 @@ protected function componentInsecure(array $modules)
             if (!empty($data['advisories']) && is_array($data['advisories'])) {
                 // Each package might have multiple issues, we take the first.
                 foreach ($data['advisories'] as $advisory) {
-                    $packageName = $advisory[0]['packageName'];
-                    if (!isset($packages[$packageName])) {
-                        $packages[] = $advisory[0];
-                        $packages[$packageName]['version'] = ToolCommands::getPackagePropertyFromComposer($packageName);
-                    }
+                    $firstAdvisory = array_pop($advisory);
+                    $packageName = $firstAdvisory['packageName'];
+                    $packages[$packageName]['title'] = $firstAdvisory['title'];
+                    $packages[$packageName]['version'] = ToolCommands::getPackagePropertyFromComposer($packageName);
                 }
             }
         }
 
         $messages = [];
         foreach ($packages as $name => $package) {
-            $msg = "Package $name has a security update, please update to a safe version.";
+            $msg = "Package $name has a security update, please update to a safe version. (" . $package['title'] . ")";
             if (!empty($modules[$name]['secure'])) {
                 if (Semver::satisfies($package['version'], $modules[$name]['secure'])) {
                     $messages[] = "$msg (Version marked as secure)";

diff --git a/src/Toolkit.php b/src/Toolkit.php
@@ -12,7 +12,7 @@ final class Toolkit
     /**
      * Constant holding the current version.
      */
-    public const VERSION = '10.3.0';
+    public const VERSION = '10.3.1';
 
     /**
      * Returns the Toolkit root.

diff --git a/tests/fixtures/commands/tool.yml b/tests/fixtures/commands/tool.yml
@@ -86,7 +86,7 @@
           [WARNING] Failed to get Toolkit version from composer.lock.
 
         Minimum version: ^10
-        Current version: 10.3.0
+        Current version: 10.3.1
         Version check: OK
 
 - command: toolkit:check-version
@@ -99,7 +99,7 @@
         >  Checking Toolkit version:
 
         Minimum version: ^10
-        Current version: 10.3.0
+        Current version: 10.3.1
         Version check: OK
 
 - command: toolkit:vendor-list