Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,9 @@ RUN apk update && apk add --no-cache \
autoconf \
g++ \
make \
linux-headers
linux-headers \
# Upgrade all packages to pick up security fixes not yet in base image
&& apk upgrade --no-cache

# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
Expand All @@ -46,6 +48,12 @@ RUN cd /composer && \
composer config --no-plugins allow-plugins.dealerdirect/phpcodesniffer-composer-installer true && \
composer install

# Remove unused npm package files from magento-coding-standard.
# These are for JavaScript linting (eslint) which this pipe doesn't use.
# Leaving them triggers false positive security alerts (e.g. GHSA-673x-qfjx-j475)
# since the package-lock.json references vulnerable npm packages that are never installed.
RUN rm -f /composer/vendor/magento/magento-coding-standard/package*.json

FROM standards-runtime

ENV PYTHONUNBUFFERED=1
Expand Down
4 changes: 2 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"description": "Composer requirements for Alignet code standards checks",
"type": "magento2-module",
"require": {
"magento/magento-coding-standard": "^37",
"magento/magento-coding-standard": "^40",
"pheromone/phpcs-security-audit": "^2.0",
"squizlabs/php_codesniffer": "^3.5",
"magento/php-compatibility-fork": "0.1.0"
Expand All @@ -21,4 +21,4 @@
],
"check-style": "./vendor/bin/phpcs --standard=Magento2 --colors --report=summary app"
}
}
}
Loading
Loading