From 9f92c826bc34867e25d0f50fb62f4a8e00b5b964 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucio=20Wa=C3=9Fill?= <lucio@undpaul.de>
Date: Mon, 11 Jul 2022 10:12:36 +0200
Subject: [PATCH 1/4] Allow to set the URL for the security advisories composer
 url via environment variable

---
 src/Commands/pm/SecurityUpdateCommands.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Commands/pm/SecurityUpdateCommands.php b/src/Commands/pm/SecurityUpdateCommands.php
index 208ffdf0c4..9f393c4f90 100644
--- a/src/Commands/pm/SecurityUpdateCommands.php
+++ b/src/Commands/pm/SecurityUpdateCommands.php
@@ -102,7 +102,8 @@ public function suggestComposerCommand($updates): void
     protected function fetchAdvisoryComposerJson()
     {
         $client = new Client(['handler' => $this->getStack()]);
-        $response = $client->get('https://raw.githubusercontent.com/drupal-composer/drupal-security-advisories/9.x/composer.json');
+        $security_advisories_composer_url = getenv('DRUSH_SECURITY_ADVISORIES_URL') ? getenv('DRUSH_SECURITY_ADVISORIES_URL') : 'https://raw.githubusercontent.com/drupal-composer/drupal-security-advisories/9.x/composer.json';
+        $response = $client->get($security_advisories_composer_url);
         $security_advisories_composer_json = json_decode($response->getBody(), true);
         return $security_advisories_composer_json;
     }

From 20057811d653c08fcd910026afd21ddbc9a170c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucio=20Wa=C3=9Fill?= <lucio@undpaul.de>
Date: Tue, 12 Jul 2022 13:02:02 +0200
Subject: [PATCH 2/4] Improve the code getting the security advisories url by
 using a null coalesce php operator

---
 src/Commands/pm/SecurityUpdateCommands.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Commands/pm/SecurityUpdateCommands.php b/src/Commands/pm/SecurityUpdateCommands.php
index 9f393c4f90..d31934f11d 100644
--- a/src/Commands/pm/SecurityUpdateCommands.php
+++ b/src/Commands/pm/SecurityUpdateCommands.php
@@ -102,7 +102,7 @@ public function suggestComposerCommand($updates): void
     protected function fetchAdvisoryComposerJson()
     {
         $client = new Client(['handler' => $this->getStack()]);
-        $security_advisories_composer_url = getenv('DRUSH_SECURITY_ADVISORIES_URL') ? getenv('DRUSH_SECURITY_ADVISORIES_URL') : 'https://raw.githubusercontent.com/drupal-composer/drupal-security-advisories/9.x/composer.json';
+        $security_advisories_composer_url = getenv('DRUSH_SECURITY_ADVISORIES_URL') ?? 'https://raw.githubusercontent.com/drupal-composer/drupal-security-advisories/9.x/composer.json';
         $response = $client->get($security_advisories_composer_url);
         $security_advisories_composer_json = json_decode($response->getBody(), true);
         return $security_advisories_composer_json;

From 711a92848f9a34ae6eb55f714523cb1b1e95aab1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucio=20Wa=C3=9Fill?= <lucio@undpaul.de>
Date: Tue, 12 Jul 2022 13:02:26 +0200
Subject: [PATCH 3/4] Add a comment about the env variable not being a
 supported api.

---
 src/Commands/pm/SecurityUpdateCommands.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Commands/pm/SecurityUpdateCommands.php b/src/Commands/pm/SecurityUpdateCommands.php
index d31934f11d..656f69b2bf 100644
--- a/src/Commands/pm/SecurityUpdateCommands.php
+++ b/src/Commands/pm/SecurityUpdateCommands.php
@@ -95,6 +95,11 @@ public function suggestComposerCommand($updates): void
     /**
      * Fetches the generated composer.json from drupal-security-advisories.
      *
+     * This function fetches the generated composer.json from the
+     * drupal-security-advisories repository or fetches it from another source
+     * if the environment variable DRUSH_SECURITY_ADVISORIES_URL is set. The
+     * environment variable is not a supported API.
+     *
      * @return mixed
      *
      * @throws \Exception

From e62c4fe69bd6c9b7c6d7b3b5f7c64e01a4eaa6da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucio=20Wa=C3=9Fill?= <luciowassill@googlemail.com>
Date: Tue, 12 Jul 2022 17:21:54 +0200
Subject: [PATCH 4/4] Fix getting either the env variable or default url

Co-authored-by: Moshe Weitzman <weitzman@tejasa.com>
---
 src/Commands/pm/SecurityUpdateCommands.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Commands/pm/SecurityUpdateCommands.php b/src/Commands/pm/SecurityUpdateCommands.php
index 656f69b2bf..b81e2a6192 100644
--- a/src/Commands/pm/SecurityUpdateCommands.php
+++ b/src/Commands/pm/SecurityUpdateCommands.php
@@ -107,7 +107,7 @@ public function suggestComposerCommand($updates): void
     protected function fetchAdvisoryComposerJson()
     {
         $client = new Client(['handler' => $this->getStack()]);
-        $security_advisories_composer_url = getenv('DRUSH_SECURITY_ADVISORIES_URL') ?? 'https://raw.githubusercontent.com/drupal-composer/drupal-security-advisories/9.x/composer.json';
+        $security_advisories_composer_url = getenv('DRUSH_SECURITY_ADVISORIES_URL') ?: 'https://raw.githubusercontent.com/drupal-composer/drupal-security-advisories/9.x/composer.json';
         $response = $client->get($security_advisories_composer_url);
         $security_advisories_composer_json = json_decode($response->getBody(), true);
         return $security_advisories_composer_json;