From 75fd2bbeb2a04cce78ca9f5488583ea8c420a4d5 Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Thu, 11 Jan 2024 16:44:27 +0100
Subject: [PATCH] Ensure we respect available-package-patterns and
 available-packages directives when fetching security advisories, fixes #11704
 (#11773)

---
 src/Composer/Repository/ComposerRepository.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php
index 1dcf991aa..58069c9d7 100644
--- a/src/Composer/Repository/ComposerRepository.php
+++ b/src/Composer/Repository/ComposerRepository.php
@@ -637,6 +637,15 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
 
         $apiUrl = $this->securityAdvisoryConfig['api-url'];
 
+        // respect available-package-patterns / available-packages directives from the repo
+        if ($this->hasAvailablePackageList) {
+            foreach ($packageConstraintMap as $name => $constraint) {
+                if (!$this->lazyProvidersRepoContains(strtolower($name))) {
+                    unset($packageConstraintMap[$name]);
+                }
+            }
+        }
+
         $parser = new VersionParser();
         /**
          * @param array<mixed> $data