In the issue below, we changed our composer audit reporting mode for abandoned packages from fail to report:
We made this change since this Drupal core issue related to an abandoned package was causing all our pull requests to fail our security check. That Drupal core issue is set to be resolved in the Drupal 11.3.0 and 10.6.0 releases, to be included in Quickstart 3.2.0 and a 2.14.x patch release. As part of these Quickstart releases, we should set the composer audit reporting mode for abandoned packages back to fail (the default) to ensure that we're alerted about any newly abandoned packages (especially those used directly by Quickstart).
In the issue below, we changed our composer audit reporting mode for abandoned packages from
failtoreport:We made this change since this Drupal core issue related to an abandoned package was causing all our pull requests to fail our security check. That Drupal core issue is set to be resolved in the Drupal 11.3.0 and 10.6.0 releases, to be included in Quickstart 3.2.0 and a 2.14.x patch release. As part of these Quickstart releases, we should set the composer audit reporting mode for abandoned packages back to
fail(the default) to ensure that we're alerted about any newly abandoned packages (especially those used directly by Quickstart).