Skip to content

Enhancement: Update schema.json #1507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
localheinz merged 2 commits into from
Dec 23, 2025
+221 −9
Merged

Enhancement: Update schema.json #1507

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1bcbdfd
Enhancement: Update schema.json
ergebnis-bot Sep 19, 2025
e9f61c6
Fix: Update CHANGELOG.md
localheinz Dec 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

For a full diff see [`2.48.2...main`][2.48.2...main].

### Changed

- Updated `schema.json` ([#1507]), by [@ergebnis-bot]

## [`2.48.2`][2.48.2]

For a full diff see [`2.48.1...2.48.2`][2.48.1...2.48.2].
Expand Down Expand Up @@ -1333,6 +1337,7 @@ For a full diff see [`81bc3a8...0.1.0`][81bc3a8...0.1.0].
[#1493]: https://github.com/ergebnis/composer-normalize/pull/1493
[#1496]: https://github.com/ergebnis/composer-normalize/pull/1496
[#1502]: https://github.com/ergebnis/composer-normalize/pull/1502
[#1507]: https://github.com/ergebnis/composer-normalize/pull/1507

[@AlexSkrypnyk]: https://github.com/AlexSkrypnyk
[@andrey-helldar]: https://github.com/andrey-helldar
Expand Down
225 changes: 216 additions & 9 deletions resource/schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@
"additionalProperties": {
"anyOf": [
{
"$ref": "#/definitions/repository"
"$ref": "#/definitions/anonymous-repository"
},
{
"type": "boolean",
Expand Down Expand Up @@ -519,23 +519,48 @@
},
"audit": {
"type": "object",
"description": "Security audit configuration options",
"description": "Security audit and version blocking configuration options",
"properties": {
"ignore": {
"anyOf": [
{
"type": "object",
"description": "A list of advisory ids, remote ids or CVE ids (keys) and the explanations (values) for why they're being ignored. The listed items are reported but let the audit command pass.",
"description": "A list of advisory ids, remote ids, CVE ids or package names (keys) with either explanations (string values) or detailed configuration (object values with 'apply' and 'reason' fields) for why they're ignored.",
"additionalProperties": {
"type": [
"string",
"string"
"anyOf": [
{
"type": "string",
"description": "Explanation for ignoring this advisory (applies to audit reports and version blocking)"
},
{
"type": "object",
"description": "Detailed configuration for ignoring this advisory",
"properties": {
"apply": {
"type": "string",
"enum": [
"audit",
"block",
"all"
],
"description": "Where to apply this ignore: 'audit' (only audit reports), 'block' (only version blocking), or 'all' (both)"
},
"reason": {
"type": "string",
"description": "Explanation for ignoring this advisory, e.g. vulnerable code path not reachable in application"
}
}
},
{
"type": "null",
"description": "Ignore without explanation (applies to audit reports and version blocking)"
}
]
}
},
{
"type": "array",
"description": "A set of advisory ids, remote ids or CVE ids that are reported but let the audit command pass.",
"description": "A set of advisory ids, remote ids, CVE ids or package names that are reported but let the audit command pass. Applies to audit reports and version blocking.",
"items": {
"type": "string"
}
Expand All @@ -548,7 +573,109 @@
"report",
"fail"
],
"description": "Whether abandoned packages should be ignored, reported as problems or cause an audit failure."
"description": "Whether abandoned packages should be ignored, reported as problems or cause an audit failure. Applies only to audit reports, not to version blocking."
},
"ignore-severity": {
"anyOf": [
{
"type": "object",
"description": "A list of severities (keys) with either explanations (string values) or detailed configuration (object values with 'apply' fields) for why they're ignored.",
"additionalProperties": {
"anyOf": [
{
"type": "string",
"description": "Explanation for ignoring this severity (applies to audit reports and version blocking)"
},
{
"type": "object",
"description": "Detailed configuration for ignoring this severity",
"properties": {
"apply": {
"type": "string",
"enum": [
"audit",
"block",
"all"
],
"description": "Where to apply this ignore: 'audit' (only audit reports), 'block' (only version blocking), or 'all' (both)"
}
}
},
{
"type": "null",
"description": "Ignore without explanation (applies to audit reports and version blocking)"
}
]
}
},
{
"type": "array",
"description": "A list of severities for which advisories with matching severity will be ignored, e.g. critical, high, medium, low, or none. Applies to audit reports and version blocking.",
"items": {
"type": "string"
}
}
]
},
"ignore-unreachable": {
"type": "boolean",
"description": "Whether repositories that are unreachable or return a non-200 status code should be ignored or not. Applies only to the composer audit command, does not affect audit report summaries in other commands or version blocking."
},
"block-insecure": {
"type": "boolean",
"description": "Whether insecure versions should be blocked during a composer update/require command or not.",
"default": true
},
"block-abandoned": {
"type": "boolean",
"description": "Whether abandoned packages should be blocked during a composer update/require command or not. Applies only if blocking of insecure versions is enabled.",
"default": false
},
"ignore-abandoned": {
"anyOf": [
{
"type": "object",
"description": "A list of abandoned package names (keys) with either explanations (string values) or detailed configuration (object values with 'apply' and 'reason' fields) for why they're ignored.",
"additionalProperties": {
"anyOf": [
{
"type": "string",
"description": "Explanation for ignoring this abandoned package (applies to audit reports and version blocking)"
},
{
"type": "object",
"description": "Detailed configuration for ignoring this abandoned package",
"properties": {
"apply": {
"type": "string",
"enum": [
"audit",
"block",
"all"
],
"description": "Where to apply this ignore: 'audit' (only audit reports), 'block' (only version blocking), or 'all' (both)"
},
"reason": {
"type": "string",
"description": "Explanation for ignoring this abandoned package"
}
}
},
{
"type": "null",
"description": "Ignore without explanation (applies to audit reports and version blocking)"
}
]
}
},
{
"type": "array",
"description": "A set of abandoned package names that are reported but let the audit command pass and that are not blocked during updates/requires.",
"items": {
"type": "string"
}
}
]
}
}
},
Expand Down Expand Up @@ -647,6 +774,29 @@
}
}
},
"forgejo-token": {
"type": "object",
"description": "An object of domain name => forgejo username/access token, typically {\"codeberg.org\":{\"username\": \"<username>\", \"token\": \"<access-token>\"}}.",
"additionalProperties": {
"type": [
"object"
],
"required": [
"username",
"token"
],
"properties": {
"username": {
"type": "string",
"description": "The username used for Forgejo authentication"
},
"token": {
"type": "string",
"description": "The access token used for Forgejo authentication"
}
}
}
},
"disable-tls": {
"type": "boolean",
"description": "Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP instead and no network level encryption is performed. Enabling this is a security risk and is NOT recommended. The better way is to enable the php_openssl extension in php.ini."
Expand Down Expand Up @@ -825,6 +975,13 @@
"type": "string"
}
},
"forgejo-domains": {
"type": "array",
"description": "A list of domains to use in forgejo mode. This is used for custom Forgejo setups, defaults to [\"codeberg.org\"].",
"items": {
"type": "string"
}
},
"bitbucket-oauth": {
"type": "object",
"description": "An object of domain name => {\"consumer-key\": \"...\", \"consumer-secret\": \"...\"}.",
Expand Down Expand Up @@ -883,20 +1040,37 @@
"boolean",
"string"
],
"enum": [
"php-only",
true,
false
],
"description": "Defaults to \"php-only\" which checks only the PHP version. Setting to true will also check the presence of required PHP extensions. If set to false, Composer will not create and require a platform_check.php file as part of the autoloader bootstrap."
},
"bump-after-update": {
"type": [
"string",
"boolean"
],
"enum": [
"dev",
"no-dev",
true,
false
],
"description": "Defaults to false and can be any of true, false, \"dev\"` or \"no-dev\"`. If set to true, Composer will run the bump command after running the update command. If set to \"dev\" or \"no-dev\" then only the corresponding dependencies will be bumped."
},
"allow-missing-requirements": {
"type": [
"boolean"
],
"description": "Defaults to false. If set to true, Composer will allow install when lock file is not up to date with the latest changes in composer.json."
},
"update-with-minimal-changes": {
"type": [
"boolean"
],
"description": "Defaults to false. If set to true, Composer will only perform absolutely necessary changes to transitive dependencies during update."
}
}
},
Expand Down Expand Up @@ -1146,13 +1320,30 @@
}
]
},
"anonymous-repository": {
"allOf": [
{
"$ref": "#/definitions/repository"
},
{
"not": {
"required": [
"name"
]
}
}
]
},
"composer-repository": {
"type": "object",
"required": [
"type",
"url"
],
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -1196,6 +1387,9 @@
"url"
],
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string",
"enum": [
Expand All @@ -1208,7 +1402,8 @@
"hg",
"fossil",
"perforce",
"svn"
"svn",
"forgejo"
]
},
"url": {
Expand Down Expand Up @@ -1283,6 +1478,9 @@
"url"
],
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -1349,6 +1547,9 @@
"url"
],
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -1382,6 +1583,9 @@
"url"
],
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string",
"enum": [
Expand Down Expand Up @@ -1418,6 +1622,9 @@
"package"
],
"properties": {
"name": {
"type": "string"
},
"type": {
"type": "string",
"enum": [
Expand Down
Loading