public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
9,024 Commits
3 Branches
206 Tags
52 MiB
Commit Graph

5897 Commits (0783b043d2f392b4b21e77cf0abed8bedcd04cd6)

Author SHA1 Message Date
John Stevenson 8f974fe741 Improve Windows escaping 2021-10-10 16:24:49 +01:00
Jordi Boggiano ca5e2f8d50
Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf 2021-10-05 09:39:50 +02:00
Jordi Boggiano a02802b109
Warn 1.x users when a package is not found that it may be due to our deprecation policy 2021-06-08 21:12:49 +02:00
Jordi Boggiano 083b73515d
Merge pull request from GHSA-h5h8-pc6h-jvvx 
* Fix external process calls to avoid user input being able to pass extra parameters

* Tweak some fixes
 2021-04-27 13:00:40 +02:00
Jordi Boggiano 96acad1e45
Update github token pattern to match their latest updates 2021-04-01 09:13:32 +02:00
Jordi Boggiano 54889ca109
Document GH token usage and also make sure we redact them in Process debug output, refs #9757 2021-03-09 21:37:43 +01:00
Ayesh Karunaratne dc83ba93f3
Update GitHub token pattern 
GitHub is updating the format of auth tokens from `a-z0-9` to `A-Za-z0-9` ([notice](https://github.blog/changelog/2021-03-04-authentication-token-format-updates/)).
I'm not sure why `.` is allowed, but I dare not to remove it. In this PR, the token validation regex is updated to allow `A-Za-z0-9` instead of the current all lower-case `a-z` and disallowed `_`.
 2021-03-09 17:17:35 +01:00
Jordi Boggiano abcf9e993b
Fix processes silently ignoring the CWD when it does not exist, refs #9694 2021-02-11 12:57:01 +01:00
Jordi Boggiano 37c5e9961c
Merge remote-tracking branch 'nicolas-grekas/path-version' into 1.10 2021-01-27 15:20:38 +01:00
Jordi Boggiano 92313447d6
Filter out exclude-from-classmap rules to avoid generating very long regexes, fixes #9487 2021-01-27 15:10:32 +01:00
Nicolas Grekas 725b33ee5a Handle "versions" option in PathRepository, remove support for "branch-version" 2021-01-27 14:28:26 +01:00
Nicolas Grekas 079e501ac8 Revert "Merge pull request #9273 from nicolas-grekas/dev-version" 
This reverts commit d2d606ced2, reversing
changes made to 4a8dbcd145.
 2021-01-27 14:03:44 +01:00
Jordi Boggiano 2cb9630320
Fix $_SERVER var not being updated when using putenv, refs b80038804f and fixes #9372 2021-01-26 15:54:21 +01:00
Jordi Boggiano f25271ee22
Add missing file to v1 phar 2020-12-04 09:05:58 +01:00
Fabien Villepinte 4e8ca92b6f Fix error with binaries in PHP8 2020-12-02 13:15:16 +00:00
Jordi Boggiano 444b91a3ce
Add docs, refs #9422 2020-11-05 16:37:51 +01:00
Marco Sirabella 7f936d7dbc
Ignore failures on preg_match for user supplied regex 
Fixes #7440

See: https://stackoverflow.com/a/12941133/6381767
 2020-10-30 17:56:18 +01:00
Jordi Boggiano 78797df5f8
Fix bitbucket handling, fixes #9369 2020-10-30 17:28:30 +01:00
Jordi Boggiano 04e5d725f4
Add docs 2020-10-27 20:53:54 +01:00
Jordi Boggiano 8925b4f596
Attempt fixing handling of root aliases when composer 1 reads composer 2 lock files, fixes #9337 2020-10-25 12:45:33 +01:00
Jordi Boggiano 25496c199d
Update link to composer 2 release notes 2020-10-24 09:43:02 +02:00
Jordi Boggiano 28c7e38411
Merge remote-tracking branch 'stof/fix_why_not' into 1.10 2020-10-24 09:39:09 +02:00
Nils Adermann e868996bdd Validate: Warn about providing or replacing packages you require 2020-10-23 22:02:13 +02:00
Christophe Coevoet 3dd7e829b9 Fix support of provided packages in the why-not command 
The version provided by such a rule is defined by the constraint of the
rule, not by the package version.
 2020-10-22 19:54:03 +02:00
Nils Adermann dacc21e54f
Merge pull request #9158 from infabo/patch-1 
Fix symlink check
 2020-10-22 16:04:27 +02:00
terry.kern 0466add822 Also use channel string for update message 
https://github.com/composer/composer/pull/9305#issuecomment-714381153
 2020-10-22 14:41:16 +02:00
TerryKern e68b52697b Improve readability of version info message 
Instead of:

> You are already using composer version 1.10.15 (1 channel).

it shows:

> You are already using composer version 1.10.15 (1.x channel).
 2020-10-22 11:54:59 +02:00
Ingo Fabbri 750172dc4c
Fix symlink check 
Given you have a symlink in one of your path repositories and mirroring-strategy enabled.

```bash
lrwxrwxrwx 1 inf inf    8 27. Aug 17:41 Create.html -> New.html
-rw-r--r-- 1 inf inf  750 27. Aug 17:24 Edit.html
-rw-r--r-- 1 inf inf    0 27. Aug 17:24 List.html
-rw-r--r-- 1 inf inf 5064 27. Aug 17:24 New.html
-rw-r--r-- 1 inf inf  716 27. Aug 17:24 Show.html
```

`$file->getLinkTarget()` just returns a relative path in this example. It does not return an absolute normalized path.
`$sources` is always a normalized path.

`strpos` can never be `0`.

Use `$file->getRealPath()` to fix the strpos-check.
 2020-10-15 14:17:53 +02:00
Nicolas Grekas 4feed8b85c Fix parsing "branch-version" 2020-10-13 15:43:12 +02:00
Jordi Boggiano d2d606ced2
Merge pull request #9273 from nicolas-grekas/dev-version 
Add support for "extra.branch-version"
 2020-10-13 14:02:41 +02:00
Nicolas Grekas 893fbfcb89 Add support for "extra.branch-version" 2020-10-13 13:56:18 +02:00
Jordi Boggiano bc1cb1636d
Remove dead code, fixes #9277 2020-10-12 15:22:21 +02:00
Jordi Boggiano 6bf136489f
Ignore the COMPOSER env var when executing global scope commands, fixes #9259 2020-10-12 10:53:35 +02:00
Jordi Boggiano 159bb84fa6
Allow running the config command to disable tls even if openssl is not present, fixes #9198 2020-10-12 08:16:36 +02:00
Jordi Boggiano 28fe3baf9c
Disable secure-http automatically when disable-tls is enabled, fixes #9235 2020-10-12 07:57:14 +02:00
Jordi Boggiano 791bbc80a4
Backport some fixes from 2.0, and fix sorting to sort remote branches after local ones, refs #9270 2020-10-08 14:26:04 +02:00
Jordi Boggiano 6698e0bafa
Merge remote-tracking branch 'naderman/version-guess-remotes' into 1.10 2020-10-08 14:01:25 +02:00
Nils Adermann b3c465d55a VersionGuesser: local branches still need to be considered 2020-10-07 15:10:20 +02:00
Nils Adermann ad643d9957 VersionGuesser: Analyze remote origin and upstream branches too 2020-10-07 14:21:22 +02:00
Grégoire Pineau bfb4abfb56
Fixed description of StatusCommand: It do list all changes in vendor, not only for "source" ones 
I tested it, and even with "dist" packages, the status command is able to find modified vendor 
(And that's amazing, thanks)
 2020-10-02 10:11:47 +02:00
Jordi Boggiano d6b39b4c55
Fix syntax error & improve handling 2020-09-24 11:35:38 +02:00
Christophe Coevoet bcd8a73e8c
Fix support for running diagnose without openssl 
The diagnose command already warns when openssl is not available. But the command was failing later when displaying the Openssl version.
 2020-09-22 18:49:53 +02:00
Jordi Boggiano 4a02768591
Fail hard if an invalid root alias is detected 2020-09-09 11:44:05 +02:00
Jordi Boggiano e6b45e853a
Fix status command handling of symlinks, and especially broken ones, fixes #9169 2020-09-07 13:54:14 +02:00
Alexander M. Turek fc961dce70 Call call_user_func_array() with a numeric arguments array. 2020-09-03 23:26:09 +02:00
Stephan 773635e355 ComposerRepository: avoid notice if includes do not provide a sha1 2020-09-01 12:21:36 +01:00
Jordi Boggiano b847c4dc3a
Validate licenses correctly even when proprietary is combined with some other license, fixes #9144 2020-08-25 08:58:43 +02:00
johnstevenson 3be62a9fda Fix openssl_free_key deprecation notice in PHP 8 2020-08-14 17:45:41 +01:00
Jordi Boggiano 00f712a7c4
Revert "Allow specifying a version requirement for CLDR" 2020-07-30 21:00:43 +02:00
Jordi Boggiano 387e828993
Promote next major version when running stable self-update, and prevent self-update from automatically upgrading to the next major release 2020-07-30 16:32:29 +02:00