FilterList: fix problem message

glaubinix · glaubinix · commit 381997b598d9 · 2026-04-16T16:59:55.000+01:00
diff --git a/src/Composer/DependencyResolver/Pool.php b/src/Composer/DependencyResolver/Pool.php
@@ -196,18 +196,26 @@ public function getAllFilterListRemovedPackageVersions(): array
      */
     public function getFilterListEntryForPackageVersion(string $packageName, ?ConstraintInterface $constraint): array
     {
+        $lists = [];
         foreach ($this->filterListRemovedVersions[$packageName] ?? [] as $version => $filterListEntries) {
             if ($constraint !== null && $constraint->matches(new Constraint('==', $version))) {
-                return array_map(static function (FilterListEntry $entry) {
-                    $url = (bool) $entry->url ? ' (see ' . $entry->url . ')' : '';
-                    $reason = (bool) $entry->reason ? ' reason: ' . $entry->reason . '' : '';
+                foreach ($filterListEntries as $entry) {
+                    $url = $entry->url ? ' (see ' . $entry->url . ')' : '';
+                    $reason = $entry->reason ? ' reason: ' . $entry->reason : '';
+
+                    $lists[$entry->listName][] =  $url . $reason;
+                }
 
-                    return 'filtered by ' . $entry->listName . $url . $reason;
-                }, $filterListEntries);
             }
         }
 
-        return [];
+        $result = [];
+        foreach ($lists as $listName => $listEntries) {
+            $action = $listName === 'malware' ? 'flagged as ' : 'filtered by ';
+            $result[$listName] = $action . $listName . implode(', ', $listEntries);
+        }
+
+        return $result;
     }
 
     /**
diff --git a/src/Composer/DependencyResolver/Problem.php b/src/Composer/DependencyResolver/Problem.php
@@ -419,7 +419,7 @@ public static function getMissingPackageReason(RepositorySet $repositorySet, Req
             if ($pool->isFilterListRemovedPackageVersion($packageName, $constraint)) {
                 $filters = $pool->getFilterListEntryForPackageVersion($packageName, $constraint);
 
-                return ["- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages, $isVerbose, $pool, $constraint).' but these were not loaded, because they were ' . implode(', ', $filters). '. To ignore filters for this package, add the package to the "filter.unfiltered-packages" config. To turn the feature off entirely, you can set "filter" to false.'];
+                return ["- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages, $isVerbose, $pool, $constraint).' but these were not loaded, because they were ' . implode(', ', $filters). '. To ignore filters for this package, add the package to the "policy.' . implode('|', array_keys($filters)). '.ignore" config. To turn the feature off entirely, you can set "policy" to false.'];
             }
 
             return ["- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages, $isVerbose, $pool, $constraint).' but these were not loaded, likely because '.(self::hasMultipleNames($packages) ? 'they conflict' : 'it conflicts').' with another require.'];
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-advisory-matching-direct-dependency.test b/tests/Composer/Test/Fixtures/installer/update-policy-advisory-matching-direct-dependency.test
@@ -1,5 +1,5 @@
 --TEST--
-Security advisory matching direct dependency preventing a successful update.
+Security advisory policy matching direct dependency preventing a successful update.
 --COMPOSER--
 {
     "name": "acme/project",
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-advisory-matching-indirect-dependency.test b/tests/Composer/Test/Fixtures/installer/update-policy-advisory-matching-indirect-dependency.test
@@ -1,5 +1,5 @@
 --TEST--
-Security advisory matching indirect dependency preventing a successful update.
+Security advisory policy matching indirect dependency preventing a successful update.
 --COMPOSER--
 {
     "name": "acme/project",
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-list-ignore-not-on-block.test b/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-list-ignore-not-on-block.test
@@ -1,5 +1,5 @@
 --TEST--
-Filter list entry matching direct dependency preventing a successful update.
+Filter list entry matching direct dependency with ignore on-block=false preventing a successful update.
 --COMPOSER--
 {
     "name": "acme/project",
@@ -57,7 +57,7 @@ Updating dependencies
 Your requirements could not be resolved to an installable set of packages.
 
   Problem 1
-    - Root composer.json requires acme/library ^1.0.0, found acme/library[1.0.0, 1.1.0] but these were not loaded, because they were filtered by test-list (see https://example.org/malware/acme/library) reason: malware. To ignore filters for this package, add the package to the "filter.unfiltered-packages" config. To turn the feature off entirely, you can set "filter" to false.
+    - Root composer.json requires acme/library ^1.0.0, found acme/library[1.0.0, 1.1.0] but these were not loaded, because they were filtered by test-list (see https://example.org/malware/acme/library) reason: malware,  (see https://example.org/malware/acme/library) reason: malware. To ignore filters for this package, add the package to the "policy.test-list.ignore" config. To turn the feature off entirely, you can set "policy" to false.
 
 
 --EXPECT--
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-list-ignore.test b/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-list-ignore.test
@@ -1,5 +1,5 @@
 --TEST--
-Filter list entry matching direct dependency preventing a successful update.
+Filter list entry matching direct dependency not preventing a successful update because pacakge version is ignored.
 --COMPOSER--
 {
     "name": "acme/project",
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-list-not-blocking.test b/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-list-not-blocking.test
@@ -1,5 +1,5 @@
 --TEST--
-Filter list entry matching direct dependency preventing a successful update.
+Filter list entry matching direct dependency not preventing a successful update because block is set to false.
 --COMPOSER--
 {
     "name": "acme/project",
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-matching-direct-dependency.test b/tests/Composer/Test/Fixtures/installer/update-policy-filter-entry-matching-direct-dependency.test
@@ -48,6 +48,6 @@ Updating dependencies
 Your requirements could not be resolved to an installable set of packages.
 
   Problem 1
-    - Root composer.json requires acme/library 1.0.0 (exact version match: 1.0.0 or 1.0.0.0), found acme/library[1.0.0] but these were not loaded, because they were filtered by test-list (see https://example.org/malware/acme/library) reason: malware. To ignore filters for this package, add the package to the "filter.unfiltered-packages" config. To turn the feature off entirely, you can set "filter" to false.
+    - Root composer.json requires acme/library 1.0.0 (exact version match: 1.0.0 or 1.0.0.0), found acme/library[1.0.0] but these were not loaded, because they were filtered by test-list (see https://example.org/malware/acme/library) reason: malware. To ignore filters for this package, add the package to the "policy.test-list.ignore" config. To turn the feature off entirely, you can set "policy" to false.
 
 --EXPECT--
diff --git a/tests/Composer/Test/Fixtures/installer/update-policy-malware-entry-matching-direct-dependency.test b/tests/Composer/Test/Fixtures/installer/update-policy-malware-entry-matching-direct-dependency.test
@@ -44,6 +44,6 @@ Updating dependencies
 Your requirements could not be resolved to an installable set of packages.
 
   Problem 1
-    - Root composer.json requires acme/library 1.0.0 (exact version match: 1.0.0 or 1.0.0.0), found acme/library[1.0.0] but these were not loaded, because they were filtered by malware (see https://example.org/malware/acme/library) reason: malware. To ignore filters for this package, add the package to the "filter.unfiltered-packages" config. To turn the feature off entirely, you can set "filter" to false.
+    - Root composer.json requires acme/library 1.0.0 (exact version match: 1.0.0 or 1.0.0.0), found acme/library[1.0.0] but these were not loaded, because they were flagged as malware (see https://example.org/malware/acme/library) reason: malware. To ignore filters for this package, add the package to the "policy.malware.ignore" config. To turn the feature off entirely, you can set "policy" to false.
 
 --EXPECT--

Original file line number	Diff line number	Diff line change
`@@ -419,7 +419,7 @@ public static function getMissingPackageReason(RepositorySet $repositorySet, Req`
`419`	`419`	`if ($pool->isFilterListRemovedPackageVersion($packageName, $constraint)) {`
`420`	`420`	`$filters = $pool->getFilterListEntryForPackageVersion($packageName, $constraint);`
`421`	`421`
`422`		`- return ["- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages, $isVerbose, $pool, $constraint).' but these were not loaded, because they were ' . implode(', ', $filters). '. To ignore filters for this package, add the package to the "filter.unfiltered-packages" config. To turn the feature off entirely, you can set "filter" to false.'];`
	`422`	`+ return ["- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages, $isVerbose, $pool, $constraint).' but these were not loaded, because they were ' . implode(', ', $filters). '. To ignore filters for this package, add the package to the "policy.' . implode('\|', array_keys($filters)). '.ignore" config. To turn the feature off entirely, you can set "policy" to false.'];`
`423`	`423`	`}`
`424`	`424`
`425`	`425`	`return ["- Root composer.json requires $packageName".self::constraintToText($constraint) . ', ', 'found '.self::getPackageList($packages, $isVerbose, $pool, $constraint).' but these were not loaded, likely because '.(self::hasMultipleNames($packages) ? 'they conflict' : 'it conflicts').' with another require.'];`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`--TEST--`
`2`		`-Security advisory matching direct dependency preventing a successful update.`
	`2`	`+Security advisory policy matching direct dependency preventing a successful update.`
`3`	`3`	`--COMPOSER--`
`4`	`4`	`{`
`5`	`5`	`"name": "acme/project",`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`--TEST--`
`2`		`-Security advisory matching indirect dependency preventing a successful update.`
	`2`	`+Security advisory policy matching indirect dependency preventing a successful update.`
`3`	`3`	`--COMPOSER--`
`4`	`4`	`{`
`5`	`5`	`"name": "acme/project",`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`--TEST--`
`2`		`-Filter list entry matching direct dependency preventing a successful update.`
	`2`	`+Filter list entry matching direct dependency not preventing a successful update because pacakge version is ignored.`
`3`	`3`	`--COMPOSER--`
`4`	`4`	`{`
`5`	`5`	`"name": "acme/project",`