From 067101dbf52a1e3c64f35f8135566abca98548fe Mon Sep 17 00:00:00 2001 From: Matthias Van Woensel <3532563+matthiaz@users.noreply.github.com> Date: Thu, 9 Apr 2020 09:58:34 +0200 Subject: [PATCH 1/4] Only send GitHub API token to api.github.com domain (#8747) --- src/Composer/Util/RemoteFilesystem.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Composer/Util/RemoteFilesystem.php b/src/Composer/Util/RemoteFilesystem.php index 9328d5bdd..f9113d03f 100644 --- a/src/Composer/Util/RemoteFilesystem.php +++ b/src/Composer/Util/RemoteFilesystem.php @@ -277,7 +277,7 @@ class RemoteFilesystem if (isset($options['github-token'])) { // only add the access_token if it is actually a github URL (in case we were redirected to S3) - if (preg_match('{^https?://([a-z0-9-]+\.)*github\.com/}', $fileUrl)) { + if (preg_match('{^https?://api\.github\.com/}', $fileUrl)) { $options['http']['header'][] = 'Authorization: token '.$options['github-token']; } unset($options['github-token']); From ccc8829ed963c8add98a60d88ad3ae6d8e7f11de Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Thu, 9 Apr 2020 15:17:30 +0200 Subject: [PATCH 2/4] Allow forcing self-update to stick to 1.x or 2.x using --1 and --2 flags, fixes #8753 --- src/Composer/Command/SelfUpdateCommand.php | 10 +++++++++- src/Composer/SelfUpdate/Versions.php | 12 +++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/src/Composer/Command/SelfUpdateCommand.php b/src/Composer/Command/SelfUpdateCommand.php index 0dba48e28..daaab2b97 100644 --- a/src/Composer/Command/SelfUpdateCommand.php +++ b/src/Composer/Command/SelfUpdateCommand.php @@ -51,6 +51,8 @@ class SelfUpdateCommand extends BaseCommand new InputOption('stable', null, InputOption::VALUE_NONE, 'Force an update to the stable channel'), new InputOption('preview', null, InputOption::VALUE_NONE, 'Force an update to the preview channel'), new InputOption('snapshot', null, InputOption::VALUE_NONE, 'Force an update to the snapshot channel'), + new InputOption('1', null, InputOption::VALUE_NONE, 'Force an update to the stable channel, but only use 1.x versions'), + new InputOption('2', null, InputOption::VALUE_NONE, 'Force an update to the stable channel, but only use 2.x versions'), new InputOption('set-channel-only', null, InputOption::VALUE_NONE, 'Only store the channel as the default one and then exit'), )) ->setHelp( @@ -82,9 +84,10 @@ EOT $versionsUtil = new Versions($config, $remoteFilesystem); // switch channel if requested - foreach (array('stable', 'preview', 'snapshot') as $channel) { + foreach (Versions::CHANNELS as $channel) { if ($input->getOption($channel)) { $versionsUtil->setChannel($channel); + break; } } @@ -123,9 +126,14 @@ EOT } $latest = $versionsUtil->getLatest(); + $latestStable = $versionsUtil->getLatest('stable'); $latestVersion = $latest['version']; $updateVersion = $input->getArgument('version') ?: $latestVersion; + if (is_numeric($channel) && substr($latestStable['version'], 0, 1) !== $channel) { + $io->writeError('Warning: You forced the install of '.$latestVersion.' via --'.$channel.', but '.$latestStable['version'].' is the latest stable version. Updating to it via composer self-update --stable is recommended.'); + } + if (preg_match('{^[0-9a-f]{40}$}', $updateVersion) && $updateVersion !== $latestVersion) { $io->writeError('You can not update to a specific SHA-1 as those phars are not available for download'); diff --git a/src/Composer/SelfUpdate/Versions.php b/src/Composer/SelfUpdate/Versions.php index b619bda16..f6f31b249 100644 --- a/src/Composer/SelfUpdate/Versions.php +++ b/src/Composer/SelfUpdate/Versions.php @@ -21,6 +21,8 @@ use Composer\Json\JsonFile; */ class Versions { + const CHANNELS = array('stable', 'preview', 'snapshot', '1', '2'); + private $rfs; private $config; private $channel; @@ -50,21 +52,21 @@ class Versions public function setChannel($channel) { - if (!in_array($channel, array('stable', 'preview', 'snapshot'), true)) { - throw new \InvalidArgumentException('Invalid channel '.$channel.', must be one of: stable, preview, snapshot'); + if (!in_array($channel, self::CHANNELS, true)) { + throw new \InvalidArgumentException('Invalid channel '.$channel.', must be one of: ' . implode(', ', self::CHANNELS)); } $channelFile = $this->config->get('home').'/update-channel'; $this->channel = $channel; - file_put_contents($channelFile, $channel.PHP_EOL); + file_put_contents($channelFile, (is_numeric($channel) ? 'stable' : $channel).PHP_EOL); } - public function getLatest() + public function getLatest($channel = null) { $protocol = extension_loaded('openssl') ? 'https' : 'http'; $versions = JsonFile::parseJson($this->rfs->getContents('getcomposer.org', $protocol . '://getcomposer.org/versions', false)); - foreach ($versions[$this->getChannel()] as $version) { + foreach ($versions[$channel ?: $this->getChannel()] as $version) { if ($version['min-php'] <= PHP_VERSION_ID) { return $version; } From b79f2b5e0f4eb8d5b772afe406e9b09c97102493 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Thu, 9 Apr 2020 15:43:47 +0200 Subject: [PATCH 3/4] Make sure scripts calling composer call the correct composer binary even if the project requires composer/composer, fixes #8748 --- src/Composer/EventDispatcher/EventDispatcher.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Composer/EventDispatcher/EventDispatcher.php b/src/Composer/EventDispatcher/EventDispatcher.php index a5797fdae..2e9b03c80 100644 --- a/src/Composer/EventDispatcher/EventDispatcher.php +++ b/src/Composer/EventDispatcher/EventDispatcher.php @@ -547,7 +547,10 @@ class EventDispatcher if (is_dir($binDir)) { $binDir = realpath($binDir); if (isset($_SERVER[$pathStr]) && !preg_match('{(^|'.PATH_SEPARATOR.')'.preg_quote($binDir).'($|'.PATH_SEPARATOR.')}', $_SERVER[$pathStr])) { - $_SERVER[$pathStr] = $binDir.PATH_SEPARATOR.getenv($pathStr); + // prepend the COMPOSER_BINARY dir to the path to make sure that scripts running "composer" will run the expected composer + // from current path resolution, even if bin-dir contains composer too because the project requires composer/composer + // see https://github.com/composer/composer/issues/8748 + $_SERVER[$pathStr] = dirname(getenv('COMPOSER_BINARY')).PATH_SEPARATOR.$binDir.PATH_SEPARATOR.getenv($pathStr); putenv($pathStr.'='.$_SERVER[$pathStr]); } } From a4cd422a522a586529642a6e9ba929996e2b0141 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Thu, 9 Apr 2020 16:05:43 +0200 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a0e4c0d6d..b5178e417 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +### [1.10.2] 2020-04-09 + + * Added --1 flag to `self-update` command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released + * Fixed path repository symlinks being made relative when the repo url is defined as absolute paths + * Fixed potential issues when using "composer ..." in scripts and composer/composer was also required in the project + * Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs + * Fixed handling of malformed info in fund command + * Fixed Symfony5 compatibility issues in a few commands + ### [1.10.1] 2020-03-13 * Fixed path repository warning on empty path when using wildcards @@ -824,6 +833,7 @@ * Initial release +[1.10.2]: https://github.com/composer/composer/compare/1.10.1...1.10.2 [1.10.1]: https://github.com/composer/composer/compare/1.10.0...1.10.1 [1.10.0]: https://github.com/composer/composer/compare/1.10.0-RC...1.10.0 [1.10.0-RC]: https://github.com/composer/composer/compare/1.9.3...1.10.0-RC