IBX-11717: [4.6] Configured ignoring unsolvable advisories on PHP 7.4

[alongosz]

🎫 Issue	IBX-11717

Related PRs:

• IBX-11717: [GHA] Prepared Ibexa composer-audit-ignore action gh-workflows#96
• IBX-11717: [GHA][Backend CI] Switched to Ibexa Composer Install action graphql#101
• Regressions: IBX-11717: Test composer audit ignore for Browser Tests commerce#1819

Description:

This PR configures on the fly composer audit.ignore config.

For now, we have 3 advisories for webonyx/graphql-php package:

• GHSA-r7cg-qjjm-xhqq (PKSA-xwpn-zs9j-6wy5),
• GHSA-fc86-6rv6-2jpm (PKSA-sf9j-1gs7-xzvx),
• GHSA-68jq-c3rv-pcrr (PKSA-7h5p-prw9-w5nr)

They don't have a solution / patch for PHP 7.4 which is past EOL, however we still need to run our CI on PHP 7.4. We, of course, recommend switching to PHP 8 as soon as possible.

Without this, Browser tests ran on PHP 7.4, were installing webonyx/graphql-php 14.x-dev dev version due to minimum-stability. It's not possible to run Browser Tests ATM on a tagged version due to lack of installable stable candidate.

For QA:

Verify the approach & verify that webonyx/graphql-php is being installed using tagged version - for PHP 7.4 - with known vulnerabilities, for PHP 8+ - the patched version.

Regressions: ibexa/commerce#1819.

Documentation:

Already documented.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud