getProjectExistingVersion example

/** * Determines if an advisory matches the existing version of a project. * * @param \Drupal\system\SecurityAdvisories\SecurityAdvisory $sa * The security advisory. * * @return bool * TRUE if the security advisory matches the existing version of the * project, or FALSE otherwise. */
  protected function matchesExistingVersion(SecurityAdvisory $sa): bool {
    if ($existing_version = $this->getProjectExistingVersion($sa)) {
      $existing_project_version = ExtensionVersion::createFromVersionString($existing_version);
      $insecure_versions = $sa->getInsecureVersions();
      // If a site codebase has a development version of any project, including       // core, we cannot be certain if their development build has the security       // vulnerabilities that make any of the versions in $insecure_versions       // insecure. Therefore, we should err on the side of assuming the site's       // code does have the security vulnerabilities and show the advisories.       // This will result in some sites seeing advisories that do not affect       // their versions, but it will make it less likely that sites with the       // security vulnerabilities will not see the advisories.       if ($existing_project_version->getVersionExtra() === 'dev') {