Merge branch '2.3' into main

CHANGELOG.md

@@ -1,3 +1,13 @@
+### [2.3.7] 2022-06-06
+
+  * Fixed a few PHPStan ConfigReturnTypeExtension bugs
+  * Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#10814)
+  * Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
+  * Fixed bin proxies to allow a proxy to include another one safely (#10823)
+  * Fixed openssl 3.x version parsing as it is now semver compliant
+  * Fixed type error when a json file cannot be read (#10818)
+  * Fixed parsing of multi-line arrays in funding.yml (#10784)
+
 ### [2.3.6] 2022-06-01
 
   * Added `Composer\PHPStan\ConfigReturnTypeExtension` to improve return types of `Config::get()` which you can also use in plugins CI (#10635)
@@ -84,6 +94,16 @@
   * Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
   * Performance improvement in pool optimization step (#10585)
 
+### [2.2.14] 2022-06-06
+
+  * Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
+  * Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
+  * Fixed bin proxies to allow a proxy to include another one safely (#10823)
+  * Fixed gitlab-token JSON schema definition (#10800)
+  * Fixed openssl 3.x version parsing as it is now semver compliant
+  * Fixed type error when a json file cannot be read (#10818)
+  * Fixed parsing of multi-line arrays in funding.yml (#10784)
+
 ### [2.2.13] 2022-05-25
 
   * Fixed invalid credentials loop when setting up GitLab token (#10748)
@@ -1522,6 +1542,7 @@
 
   * Initial release
 
+[2.3.7]: https://github.com/composer/composer/compare/2.3.6...2.3.7
 [2.3.6]: https://github.com/composer/composer/compare/2.3.5...2.3.6
 [2.3.5]: https://github.com/composer/composer/compare/2.3.4...2.3.5
 [2.3.4]: https://github.com/composer/composer/compare/2.3.3...2.3.4
@@ -1531,6 +1552,7 @@
 [2.3.0]: https://github.com/composer/composer/compare/2.3.0-RC2...2.3.0
 [2.3.0-RC2]: https://github.com/composer/composer/compare/2.3.0-RC1...2.3.0-RC2
 [2.3.0-RC1]: https://github.com/composer/composer/compare/2.2.9...2.3.0-RC1
+[2.2.14]: https://github.com/composer/composer/compare/2.2.13...2.2.14
 [2.2.13]: https://github.com/composer/composer/compare/2.2.12...2.2.13
 [2.2.12]: https://github.com/composer/composer/compare/2.2.11...2.2.12
 [2.2.11]: https://github.com/composer/composer/compare/2.2.10...2.2.11

composer.json

@@ -63,6 +63,11 @@
     "extra": {
         "branch-alias": {
             "dev-main": "2.4-dev"
+        },
+        "phpstan": {
+            "includes": [
+                "phpstan/rules.neon"
+            ]
         }
     },
     "autoload": {

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "d5c4595c89878e938186d057052a82d1",
+    "content-hash": "5626ea61968f46e5aad29824224a8783",
     "packages": [
         {
             "name": "composer/ca-bundle",

doc/articles/plugins.md

@@ -339,6 +339,25 @@ depend on other packages can function correctly, a runtime autoloader is created
 a plugin is loaded. That autoloader is only configured to load with the plugin dependencies,
 so you may not have access to all the packages which are installed.
 
+## Static Analysis support
+
+As of Composer 2.3.7 we ship a `phpstan/rules.neon` PHPStan config file, which provides additional error checking when working on Composer plugins.
+
+### Usage with [PHPStan Extension Installer][13]
+
+The necessary configuration files are automatically loaded, in case your plugin projects declares a dependency to `phpstan/extension-installer`.
+
+### Alternative manual installation
+
+To make use of it, your Composer plugin project needs a [PHPStan config file][12], which includes the `phpstan/rules.neon` file:
+
+```
+includes:
+	- vendor/composer/composer/phpstan/rules.neon
+
+// your remaining config..
+```
+
 [1]: ../04-schema.md#type
 [2]: ../04-schema.md#extra
 [3]: https://github.com/composer/composer/blob/main/src/Composer/Plugin/PluginInterface.php
@@ -350,3 +369,5 @@ so you may not have access to all the packages which are installed.
 [9]: https://github.com/composer/composer/blob/main/src/Composer/Plugin/Capability/CommandProvider.php
 [10]: https://symfony.com/doc/current/components/console.html
 [11]: https://github.com/composer/composer/blob/main/src/Composer/Util/SyncHelper.php
+[12]: https://phpstan.org/config-reference#multiple-files
+[13]: https://github.com/phpstan/extension-installer#usage

phpstan/baseline.neon

@@ -2970,11 +2970,6 @@ parameters:
 			count: 1
 			path: ../src/Composer/Json/JsonFile.php
 
-		-
-			message: "#^Parameter \\#1 \\$json of static method Composer\\\\Json\\\\JsonFile\\:\\:parseJson\\(\\) expects string\\|null, string\\|false\\|null given\\.$#"
-			count: 1
-			path: ../src/Composer/Json/JsonFile.php
-
 		-
 			message: "#^Parameter \\#1 \\$json of static method Composer\\\\Json\\\\JsonFile\\:\\:validateSyntax\\(\\) expects string, string\\|false given\\.$#"
 			count: 1

src/Composer/Installer/BinaryInstaller.php

@@ -379,7 +379,10 @@ if (PHP_VERSION_ID < 80000) {
         }
     }
 
-    if (function_exists('stream_wrapper_register') && stream_wrapper_register('phpvfscomposer', 'Composer\BinProxyWrapper')) {
+    if (
+        (function_exists('stream_get_wrappers') && in_array('phpvfscomposer', stream_get_wrappers(), true))
+        || (function_exists('stream_wrapper_register') && stream_wrapper_register('phpvfscomposer', 'Composer\BinProxyWrapper'))
+    ) {
         include("phpvfscomposer://" . $binPathExported);
         exit(0);
     }

src/Composer/Installer/LibraryInstaller.php

@@ -91,7 +91,19 @@ class LibraryInstaller implements InstallerInterface, BinaryPresenceInterface
             return true;
         }
 
-        return (Platform::isWindows() && $this->filesystem->isJunction($installPath)) || is_link($installPath);
+        if (Platform::isWindows() && $this->filesystem->isJunction($installPath)) {
+            return true;
+        }
+
+        if (is_link($installPath)) {
+            if (realpath($installPath) === false) {
+                return false;
+            }
+
+            return true;
+        }
+
+        return false;
     }
 
     /**

src/Composer/Json/JsonFile.php

@@ -114,6 +114,10 @@ class JsonFile
             throw new \RuntimeException('Could not read '.$this->path."\n\n".$e->getMessage());
         }
 
+        if ($json === false) {
+            throw new \RuntimeException('Could not read '.$this->path);
+        }
+
         return static::parseJson($json, $this->path);
     }
 

src/Composer/Platform/Version.php

@@ -32,11 +32,16 @@ class Version
             return null;
         }
 
+        // OpenSSL 1 used 1.2.3a style versioning, 3+ uses semver
+        $patch = '';
+        if (version_compare($matches['version'], '3.0.0', '<')) {
+            $patch = '.'.self::convertAlphaVersionToIntVersion($matches['patch']);
+        }
+
         $isFips = strpos($matches['suffix'], 'fips') !== false;
         $suffix = strtr('-'.ltrim($matches['suffix'], '-'), array('-fips' => '', '-pre' => '-alpha'));
-        $patch = self::convertAlphaVersionToIntVersion($matches['patch']);
 
-        return rtrim($matches['version'].'.'.$patch.$suffix, '-');
+        return rtrim($matches['version'].$patch.$suffix, '-');
     }
 
     /**

src/Composer/Repository/Vcs/GitHubDriver.php

@@ -234,6 +234,10 @@ class GitHubDriver extends VcsDriver
         foreach (Preg::split('{\r?\n}', $funding) as $line) {
             $line = trim($line);
             if (Preg::isMatch('{^(\w+)\s*:\s*(.+)$}', $line, $match)) {
+                if ($match[2] === '[') {
+                    $key = $match[1];
+                    continue;
+                }
                 if (Preg::isMatch('{^\[(.*)\](?:\s*#.*)?$}', $match[2], $match2)) {
                     foreach (array_map('trim', Preg::split('{[\'"]?\s*,\s*[\'"]?}', $match2[1])) as $item) {
                         $result[] = array('type' => $match[1], 'url' => trim($item, '"\' '));
@@ -244,8 +248,13 @@ class GitHubDriver extends VcsDriver
                 $key = null;
             } elseif (Preg::isMatch('{^(\w+)\s*:\s*#\s*$}', $line, $match)) {
                 $key = $match[1];
-            } elseif ($key && Preg::isMatch('{^-\s*(.+)(\s+#.*)?$}', $line, $match)) {
+            } elseif ($key && (
+                Preg::isMatch('{^-\s*(.+)(\s+#.*)?$}', $line, $match)
+                || Preg::isMatch('{^(.+),(\s*#.*)?$}', $line, $match)
+            )) {
                 $result[] = array('type' => $key, 'url' => trim($match[1], '"\' '));
+            } elseif ($key && $line === ']') {
+                $key = null;
             }
         }
 

tests/Composer/Test/Platform/VersionTest.php

@@ -70,6 +70,9 @@ class VersionTest extends TestCase
             array('1.2.3za', '1.2.3.27'),
             array('1.2.3zy', '1.2.3.51'),
             array('1.2.3zz', '1.2.3.52'),
+            // 3.x
+            array('3.0.0', '3.0.0', false, '3.0.0.0'),
+            array('3.2.4-dev', '3.2.4-dev', false, '3.2.4.0-dev'),
         );
     }