diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index 70b4fc534..d98b34fc1 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -12,6 +12,9 @@ env: COMPOSER_FLAGS: "--ansi --no-interaction --no-progress --prefer-dist" COMPOSER_UPDATE_FLAGS: "" +permissions: + contents: read + jobs: tests: name: "CI" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 84063c5ac..153563a8e 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -8,6 +8,9 @@ on: paths-ignore: - 'doc/**' +permissions: + contents: read + jobs: tests: name: "Lint" diff --git a/.github/workflows/phpstan.yml b/.github/workflows/phpstan.yml index f0b4624ee..587cbc264 100644 --- a/.github/workflows/phpstan.yml +++ b/.github/workflows/phpstan.yml @@ -12,6 +12,9 @@ env: COMPOSER_FLAGS: "--ansi --no-interaction --prefer-dist" SYMFONY_PHPUNIT_VERSION: "" +permissions: + contents: read + jobs: tests: name: "PHPStan" diff --git a/src/Composer/Downloader/GitDownloader.php b/src/Composer/Downloader/GitDownloader.php index 4e458c3b2..c4fbc8d76 100644 --- a/src/Composer/Downloader/GitDownloader.php +++ b/src/Composer/Downloader/GitDownloader.php @@ -460,7 +460,7 @@ class GitDownloader extends VcsDownloader implements DvcsDownloaderInterface // check whether non-commitish are branches or tags, and fetch branches with the remote name $gitRef = $reference; if (!Preg::isMatch('{^[a-f0-9]{40}$}', $reference) - && $branches + && null !== $branches && Preg::isMatch('{^\s+composer/'.preg_quote($reference).'$}m', $branches) ) { $command = sprintf('git checkout '.$force.'-B %s %s -- && git reset --hard %2$s --', ProcessExecutor::escape($branch), ProcessExecutor::escape('composer/'.$reference)); @@ -472,7 +472,7 @@ class GitDownloader extends VcsDownloader implements DvcsDownloaderInterface // try to checkout branch by name and then reset it so it's on the proper branch name if (Preg::isMatch('{^[a-f0-9]{40}$}', $reference)) { // add 'v' in front of the branch if it was stripped when generating the pretty name - if (!Preg::isMatch('{^\s+composer/'.preg_quote($branch).'$}m', $branches) && Preg::isMatch('{^\s+composer/v'.preg_quote($branch).'$}m', $branches)) { + if (null !== $branches && !Preg::isMatch('{^\s+composer/'.preg_quote($branch).'$}m', $branches) && Preg::isMatch('{^\s+composer/v'.preg_quote($branch).'$}m', $branches)) { $branch = 'v' . $branch; } diff --git a/src/Composer/Installer/BinaryInstaller.php b/src/Composer/Installer/BinaryInstaller.php index 11f561fbb..203b62494 100644 --- a/src/Composer/Installer/BinaryInstaller.php +++ b/src/Composer/Installer/BinaryInstaller.php @@ -437,7 +437,7 @@ if [ -d /proc/cygdrive ]; then esac fi -export COMPOSER_RUNTIME_BIN_DIR=\$(cd "\${self%[/\\\\]*}" > /dev/null; pwd) +export COMPOSER_RUNTIME_BIN_DIR="\$(cd "\${self%[/\\\\]*}" > /dev/null; pwd)" # If bash is sourcing this file, we have to source the target as well bashSource="\$BASH_SOURCE" diff --git a/src/Composer/Util/AuthHelper.php b/src/Composer/Util/AuthHelper.php index 85bfe7608..db41c694f 100644 --- a/src/Composer/Util/AuthHelper.php +++ b/src/Composer/Util/AuthHelper.php @@ -192,9 +192,9 @@ class AuthHelper // fail if the console is not interactive if (!$this->io->isInteractive()) { if ($statusCode === 401) { - $message = "The '" . $url . "' URL required authentication.\nYou must be using the interactive console to authenticate"; + $message = "The '" . $url . "' URL required authentication (HTTP 401).\nYou must be using the interactive console to authenticate"; } elseif ($statusCode === 403) { - $message = "The '" . $url . "' URL could not be accessed: " . $reason; + $message = "The '" . $url . "' URL could not be accessed (HTTP 403): " . $reason; } else { $message = "Unknown error code '" . $statusCode . "', reason: " . $reason; } @@ -210,7 +210,7 @@ class AuthHelper return array('retry' => true, 'storeAuth' => false); } - throw new TransportException("Invalid credentials for '" . $url . "', aborting.", $statusCode); + throw new TransportException("Invalid credentials (HTTP $statusCode) for '$url', aborting.", $statusCode); } $this->io->writeError(' Authentication required ('.$origin.'):');