089972db87
Generate build provenance attestation during release
...
This will simplify secure installation of composer in GitHub Actions to two
calls to `gh` cli with no need to manually import any PGP signing keys:
gh release --repo composer/composer download --pattern composer.phar
gh attestation verify --repo composer/composer composer.phar
Given that the current PGP signing key is stored as a GitHub Action secret,
this type of attestation is no less secure than the existing PGP signing.
2025-01-08 15:46:13 +01:00
b89036c1f8
Merge pull request #12261 from Seldaek/use_phar_running
...
Make use of Phar::running() to get the current phar path
2025-01-08 14:22:32 +01:00
e751c8e4eb
Fix new phpstan error
2025-01-08 14:09:14 +01:00
e81df52e53
Make use of Phar::running() to get the current phar path
2025-01-08 13:46:52 +01:00
fb397acaa0
Reverting release version changes
2024-12-11 11:57:45 +01:00
112e37d1dc
Release 2.8.4
2024-12-11 11:57:47 +01:00
1175bf52ac
Update changelog
2024-12-11 11:57:31 +01:00
6e0cb6cae0
Fix tests
2024-12-11 11:39:34 +01:00
8eedfd0ecb
Hide publish errors entirely with --no-check-publish instead of downgrading to warning, fixes #12196
2024-12-11 11:32:30 +01:00
99430ca669
Avoid returning failing status code if the composer audit fails in diagnose command, refs #12196
2024-12-11 11:29:49 +01:00
ace7a3ffa8
Update deps
2024-12-11 10:53:22 +01:00
144e8f8a34
Fix create-project when passed with a path repo to disable symlinks by default
...
Fixes #12222
2024-12-11 10:51:37 +01:00
6a9336fa9c
Merge pull request #12233 from Seldaek/fix_duplicates
...
Fixed InstalledVersions returning duplicates in some instances
2024-12-11 10:40:36 +01:00
45436c0a20
Fixed InstalledVersions returning duplicates in some instances
...
Fixes #12225
2024-12-11 10:25:10 +01:00
a383632641
Merge pull request #12230 from Seldaek/duplicate_errors
...
Fixes #12214
2024-12-11 09:26:04 +01:00
3a2d1c5f9c
Update logic
2024-12-11 09:24:40 +01:00
5cb9733588
Fix bug when plugin defines multiple PluginInterface classes ( #12226 )
2024-12-10 16:49:33 +01:00
008129be49
Avoid duplicate errors in the output, fixes #12214
2024-12-10 16:37:56 +01:00
eefa012204
Add OS families to `php-ext` config options for PIE ( #12218 )
2024-12-09 14:37:10 +01:00
bbab31b564
Fix bump-after-update when passing inline constraints, fixes #12223
2024-12-09 14:27:05 +01:00
666dc93fcc
Update docs for `audit` command ( #12220 )
2024-12-01 13:26:21 +01:00
74f68adeb1
fix(docs): Audit command dependency from custom repositories ( #12212 )
2024-11-27 16:31:32 +01:00
302ecf824c
Update wording of process-timeout description ( #12211 )
...
Cleans up the description of process-timeout to better separate the config setting from the static helper for script commands.
2024-11-27 16:30:21 +01:00
5eeba719d3
Fix type
2024-11-26 17:10:11 +01:00
2e7b006134
Add missing type annotation
2024-11-26 14:52:33 +01:00
59b63bc231
Validate license data more thoroughly
2024-11-26 14:49:36 +01:00
cc820306eb
Ensure installed.php data is sorted deterministically, fixes #12197
2024-11-25 16:23:10 +01:00
dc2844cc72
disable multiplexing for some versions of curl ( #12207 )
...
* disable multiplexing for some versions of curl
I'm behind a corporate proxy and was hitting a `Curl 2 (...) [CONN-1-0] send: no filter connected` error when trying to download some packages.
Some google research led me to https://github.com/rust-lang/cargo/issues/12202 and its fix https://github.com/rust-lang/cargo/pull/12234 .
This PR backports this fix to composer.
> In certain versions of libcurl when proxy is in use with HTTP/2
multiplexing, connections will continue stacking up. This was
fixed in libcurl 8.0.0 in curl/curl@821f6e2
* fix has proxy condition
2024-11-25 15:03:36 +01:00
e468b73cb2
Use a bitmask to produce deterministic exit codes for the "audit" command ( #12203 )
...
* Use a bitmask to produce deterministic exit codes for the "audit" command
* Rename consts, small cleanups
---------
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-11-25 14:30:31 +01:00
38cb4bfe71
GitLab: adjust links to profile/user-settings ( #12205 )
2024-11-21 09:16:24 +01:00
aee3bd14db
Add build-path to php-ext config options for PIE ( #12206 )
...
* Add build-path to php-ext config options
* Use phpstan- prefix for shape definitions
2024-11-21 08:52:30 +01:00
9fb833f97e
Reverting release version changes
2024-11-17 13:13:04 +01:00
2a7c71266b
Release 2.8.3
2024-11-17 13:13:04 +01:00
8f87ab3ea0
Update changelog
2024-11-17 13:12:53 +01:00
580f0006d6
Ensure we run git commands for bin/compile inside the root of the git repo, refs #12194
2024-11-15 14:08:32 +01:00
2e83ead40c
Allow react/promise 2.x again, fixes #12188
2024-11-15 13:53:30 +01:00
23d1030c73
phpstan type fixes
2024-11-14 11:54:11 +01:00
8f24b67c3c
Try to fix lowest deps tests
2024-11-14 11:47:19 +01:00
a7a14ea860
Show root package version in error output for circular dependencies for added clarity
2024-11-14 11:26:58 +01:00
f1163bdbd4
Avoid updating the lock hash if there is no lock
2024-11-14 11:05:32 +01:00
a39f57bcd7
Update deps
2024-11-14 11:05:18 +01:00
1e7857d682
Update docs with hint for avast disabling
2024-11-14 10:50:54 +01:00
3dc279cf66
Stop relying on OS to find executables on Windows, and migrate most Process calls to array syntax ( #12180 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-11-06 13:49:06 +01:00
5a75d32414
Reverting release version changes
2024-10-29 16:12:11 +01:00
6e543d0318
Release 2.8.2
2024-10-29 16:12:11 +01:00
f956683418
Update changelog
2024-10-29 16:12:00 +01:00
e02f7ba58b
Fix parsing of comments in arrays of sponsor info, fixes composer/packagist#1473
2024-10-28 21:58:03 +01:00
e0ed22bbd0
Warn/throw when we detect git safe.directory errors ( #12178 )
...
Fixes #12158
Fixes #12160
2024-10-28 21:37:38 +01:00
1f0d012845
Add hint how ambiguous class issues can be resolved, refs #6221 ( #12179 )
2024-10-28 21:37:23 +01:00
5c3f6e070d
Remove SignalHandler from Application to fix issues handling ctrl-C inside prompts
...
Fixes #12106
2024-10-28 16:30:35 +01:00
Tim Düsterhus