naveen
14476ec2a6
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-22 08:18:22 +02:00
Chris Reed
03fbcdbf07
Fix exported path with space in binary installer proxy ( #10836 )
2022-06-10 21:56:11 +02:00
Jordi Boggiano
ba2ce37cd9
Reverting release version changes
2022-06-06 16:32:51 +02:00
Jordi Boggiano
8c7a2d200b
Release 2.2.14
2022-06-06 16:32:50 +02:00
Jordi Boggiano
7cb994fade
Update changelog
2022-06-06 16:32:44 +02:00
Stephan Jorek
fbc85dede8
allow chained proxy-binary php-inclusions ( #10823 )
...
* allow chained proxy-binary php-inclusion by skipping redundant “phpvfscomposer” stream-wrapper registration
2022-06-06 16:14:54 +02:00
Jordi Boggiano
e3527ea37f
Detect broken symlinks when checking for a package's presence, fixes #6708
2022-06-06 15:22:49 +02:00
Jordi Boggiano
a76a1c9fc2
Fix parsing of multi-line arrays in funding yml, fixes #10784
2022-06-06 14:49:37 +02:00
Fabien Villepinte
1e9210f7b1
Fix TypeError when a JSON file can not be read ( #10818 )
2022-06-04 15:20:58 +02:00
Jordi Boggiano
15f7d24e7e
Parse openssl 3 versions cleaner
2022-06-02 21:17:44 +02:00
Jordi Boggiano
3ead6c0119
Backport schema fixes for gitlab-token, fixes #10800
2022-06-01 21:32:29 +02:00
Nicolas Hedger
70a7b592e9
Fix JSON schema regex pattern ( #10811 )
2022-06-01 21:23:07 +02:00
Matronator
313142c6cd
Escape forward slash in `properties.name`
2022-06-01 21:06:22 +02:00
Jan Tojnar
955194f896
docs: Fix inconsist semver operator suggestion ( #10810 )
...
Using caret over tilde is better since it behaves the same as in npm:
https://jubianchi.github.io/semver-check/#/constraint/~3.0
But when this change was introduced in https://github.com/composer/composer/pull/5396 ,
it was not complete.
2022-05-31 13:24:38 +02:00
Jordi Boggiano
5d353716d3
Reverting release version changes
2022-05-25 21:37:26 +02:00
Jordi Boggiano
de11c9819a
Release 2.2.13
2022-05-25 21:37:25 +02:00
Jordi Boggiano
86dcc7ac23
Update changelog
2022-05-25 21:36:44 +02:00
Jordi Boggiano
10d3895f18
Ensure that dotfiles can be excluded, fixes #8866
2022-05-24 22:14:17 +02:00
Jordi Boggiano
25542aca70
Update baseline
2022-05-24 21:26:37 +02:00
Jordi Boggiano
654ecc759a
Check that symlink function exists before using it in path repo, fixes #10786
2022-05-24 21:21:47 +02:00
Jordi Boggiano
d131be009d
Update deps
2022-05-24 14:46:47 +02:00
Jordi Boggiano
44a52e4157
Fix backtracking in name validation regex
2022-05-24 14:32:18 +02:00
John Stevenson
2837585e47
Fix cmd splitting paths on commas ( #10775 )
2022-05-12 21:13:55 +02:00
Jordi Boggiano
aeb204bb1d
Fix race condition where multiple http requests requiring auth end up failing, fixes #10763
2022-05-11 13:06:59 +02:00
Jordi Boggiano
1d0fa93495
Fix lock:false still outputting lock file changes
2022-05-11 09:42:13 +02:00
Nicolas Grekas
c27dca83ef
Fix deprecated syntax since PHP 8.2 ( #10766 )
2022-05-08 10:39:36 +02:00
Jordi Boggiano
1cdc43d9de
Merge pull request #10748 from glaubinix/f/gitlab-auth
...
GitLab: handle infinite loop during composer install
2022-04-29 12:07:01 +02:00
Stephan Vock
d40c3a89c0
GitLab: add warning in case GitLab authentication is misconfigured
2022-04-28 21:37:45 +01:00
Stephan Vock
89721ab322
GitLab: detect invalid token setup and attempt to automatically resolve the issue for the user
2022-04-28 21:17:05 +01:00
Stephan Vock
3b4a3d63bf
GitLab: prevent invalid loop during composer install with invalid credentials
2022-04-28 21:16:16 +01:00
Jordi Boggiano
20d11bfdfb
Display the stored channel when choosing a specific channel in self-update, fixes #10719
2022-04-14 11:25:44 +02:00
Jordi Boggiano
b0b364af19
E_TOO_MANY_BRANCHES
2022-04-13 17:24:39 +02:00
Jordi Boggiano
9a62ef7ff2
Add missing return type
2022-04-13 17:07:33 +02:00
Jordi Boggiano
699956867d
Reverting release version changes
2022-04-13 16:42:26 +02:00
Jordi Boggiano
ba61e768b4
Release 2.2.12
2022-04-13 16:42:25 +02:00
Jordi Boggiano
a1f9baa118
Fix 5.3/5.4 builds
2022-04-13 16:42:12 +02:00
Jordi Boggiano
2ba8758b30
Update changelog
2022-04-13 16:00:31 +02:00
Stephan
2c40c53637
Merge pull request from GHSA-x7cr-6qr6-2hh6
...
* GitDriver: filter branch names starting with a - character
* GitDriver: getFileContent prevent identifiers starting with a -
* HgDriver: prevent invalid identifiers and prevent file from running commands
* HgDriver: filter branches starting with a - character
2022-04-13 15:54:58 +02:00
Jordi Boggiano
915b97fc39
Fix docs
2022-04-13 15:22:18 +02:00
Jordi Boggiano
d64e32c991
Merge remote-tracking branch 'ktomk/patch-validate-no-check-lock' into 2.2
2022-04-13 15:21:36 +02:00
Jordi Boggiano
0a8dfe6ef7
Clarify that autoloader-suffix should be a non-empty-string, fixes #10720 ( #10725 )
2022-04-13 15:17:07 +02:00
Jordi Boggiano
bb0edce095
Fixed lock file being used when lock:false is in config, refs #10715 ( #10726 )
2022-04-13 14:52:13 +02:00
Tom Klingenberg
939c998baf
validate lock-file if configured ( #10715 , --check-lock)
...
if no lock-file is configured, turn lock file validation errors into
warnings (implicit --no-check-lock) unless those are explicitly promoted
via the new --check-lock option.
- `{"config": {"lock": false}}` is an implicit `--no-check-lock` for
composer validate.
- `--check-lock` overrides an (implicit or explicit) `--no-check-lock`,
always.
issue: #10715
2022-04-12 22:30:41 +02:00
Jordi Boggiano
9bfd059420
Fix curl downloader to retry in case of DNS resolution failure, fixes #10716
2022-04-07 15:56:23 +02:00
Jordi Boggiano
d7f0733959
Detect exec failures in compile script, refs #10693
2022-04-02 13:04:27 +02:00
Jordi Boggiano
1cc23e1a8b
🤦♂️
2022-04-02 13:04:03 +02:00
Jordi Boggiano
6b330b7456
Fix tests
2022-04-02 12:58:29 +02:00
Jordi Boggiano
34fa266114
Fix windows build
2022-04-02 12:48:02 +02:00
Jordi Boggiano
96f087a273
Remove unnecessary realpath which can fail, closes #10694
2022-04-02 12:45:27 +02:00
Jordi Boggiano
0985501602
Fix windows build
2022-04-02 12:38:23 +02:00