Stephan
c33aafaa04
Merge pull request from GHSA-x7cr-6qr6-2hh6
...
* GitDriver: filter branch names starting with a - character
* GitDriver: getFileContent prevent identifiers starting with a -
* HgDriver: prevent invalid identifiers and prevent file from running commands
* HgDriver: filter branches starting with a - character
2022-04-13 16:38:19 +02:00
John Stevenson
906442117c
Carriage returns are ignored by cmd
2021-10-13 14:54:37 +01:00
John Stevenson
0783b043d2
Fix Windows escaping in tests
2021-10-10 17:02:22 +01:00
John Stevenson
8f974fe741
Improve Windows escaping
2021-10-10 16:24:49 +01:00
Jordi Boggiano
ca5e2f8d50
Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf
2021-10-05 09:39:50 +02:00
Jordi Boggiano
a02802b109
Warn 1.x users when a package is not found that it may be due to our deprecation policy
2021-06-08 21:12:49 +02:00
Jordi Boggiano
083b73515d
Merge pull request from GHSA-h5h8-pc6h-jvvx
...
* Fix external process calls to avoid user input being able to pass extra parameters
* Tweak some fixes
2021-04-27 13:00:40 +02:00
Jordi Boggiano
37c5e9961c
Merge remote-tracking branch 'nicolas-grekas/path-version' into 1.10
2021-01-27 15:20:38 +01:00
Jordi Boggiano
92313447d6
Filter out exclude-from-classmap rules to avoid generating very long regexes, fixes #9487
2021-01-27 15:10:32 +01:00
Nicolas Grekas
725b33ee5a
Handle "versions" option in PathRepository, remove support for "branch-version"
2021-01-27 14:28:26 +01:00
Nicolas Grekas
079e501ac8
Revert "Merge pull request #9273 from nicolas-grekas/dev-version"
...
This reverts commit d2d606ced2
, reversing
changes made to 4a8dbcd145
.
2021-01-27 14:03:44 +01:00
Nils Adermann
e868996bdd
Validate: Warn about providing or replacing packages you require
2020-10-23 22:02:13 +02:00
Nicolas Grekas
4feed8b85c
Fix parsing "branch-version"
2020-10-13 15:43:12 +02:00
Nicolas Grekas
893fbfcb89
Add support for "extra.branch-version"
2020-10-13 13:56:18 +02:00
Jordi Boggiano
6698e0bafa
Merge remote-tracking branch 'naderman/version-guess-remotes' into 1.10
2020-10-08 14:01:25 +02:00
Nicolas Grekas
f9913205dd
Fix VcsRepositoryTest
2020-10-08 11:06:39 +02:00
Nils Adermann
89afb823b6
VersionGuesser: Add test for remote version guess
2020-10-07 15:21:04 +02:00
Nils Adermann
92722a9a4c
VersionGuesser: Fix root package loader test which relies on git cmd in guesser
2020-10-07 15:11:08 +02:00
Nils Adermann
db2f09a361
VersionGuesser: Update tests to match new git command generated
2020-10-07 14:25:55 +02:00
Jordi Boggiano
00f712a7c4
Revert "Allow specifying a version requirement for CLDR"
2020-07-30 21:00:43 +02:00
Lars Strojny
5a02ea6a96
Check that class exists
2020-07-30 14:29:48 +02:00
Lars Strojny
404dea61c2
Allow specifying a version requirement for the relevant CLDR
2020-07-29 19:32:53 +02:00
Jordi Boggiano
fb7fc4a4ca
Fix git tests
2020-06-17 16:59:43 +02:00
Jordi Boggiano
93d4cf6f91
Add --no-show-signature where git supports it, fixes #8966
2020-06-17 16:37:06 +02:00
Graham Campbell
fa799970ad
Replace whitelist with allow list
2020-06-07 22:15:09 +01:00
Alessandro Lai
270c7c3262
Backport validation support for composer-runtime-api ( #8842 )
...
Fixes #8841
2020-04-28 16:04:00 +02:00
Carsten Brandt
960fa4b205
Allow duplicate dashes in package names
...
fixes #8749
1.10 implementation of #8750
2020-04-10 19:01:06 +02:00
Aaron Johnson
33479f00ab
Add backticks to test.
2020-03-12 23:20:10 -04:00
Jordi Boggiano
3e82542812
Fix test
2020-03-10 17:11:19 +01:00
Jordi Boggiano
6d3d7c39ac
Merge pull request #8621 from remorhaz/master
...
Fix incorrect --no-dev handling of replaced packages
2020-02-28 23:49:09 +01:00
Jordi Boggiano
0b9c658bef
Add plugin-api-version used to generate a lock file in itself
2020-02-28 10:21:24 +01:00
remorhaz
8df263a756
Test added for issue #8622 fix
2020-02-26 17:39:54 +02:00
Nils Adermann
d665ea7ea9
After update and install commands display how many packages want funding
2020-02-14 10:08:36 +01:00
Nils Adermann
5c4f524d6a
Add funding field to composer.json
...
You can specify a list of funding options each with a type and URL. The
type is used to specify the kind of funding or the platform through
which funding is possible.
2020-02-14 10:08:35 +01:00
Jordi Boggiano
4d74f5ba95
Fix exclude-from-classmap handling to avoid foo matching foo* directories, fixes #8563 , refs #8575
2020-02-12 10:23:03 +01:00
Jordi Boggiano
c7ba751319
Merge commit 'refs/pull/8575/head' of github.com:composer/composer
2020-02-12 10:11:58 +01:00
Jordi Boggiano
02433c3659
Merge pull request #8565 from glaubinix/t/create-project-add-repository
...
Create project: add option to add the repository to the composer.json
2020-02-11 13:47:34 +01:00
Jordi Boggiano
31068b7bed
Merge pull request #8594 from IonBazan/downgrading-dry-run
...
Distinguish between updates and downgrades in dry-run
2020-02-11 10:49:09 +01:00
Ion Bazan
11ae757e99
fix risky tests
2020-02-11 17:27:56 +08:00
Ion Bazan
a180f48921
Distinguish between updates and downgrades in dry-run
2020-02-11 16:35:35 +08:00
Stephan Vock
2a564a9f36
Create project: add option to add the repository to the composer.json
2020-02-10 16:46:28 +00:00
Jordi Boggiano
5843a282bc
Merge pull request #8562 from adrianosferreira/fix-archive-format-cli
...
Uses config data from Composer object whenever possible on ArchiveCommand
2020-02-10 17:26:26 +01:00
Adriano Ferreira
97d077c43b
Uses config data from Composer object whenever possible on ArchiveCommand
...
It was previously blindly getting a new instance from the factory thus ignoring what is on Composer object config data.
2020-02-10 13:15:58 -02:00
Ion Bazan
a9bace37f6
fix windows build
2020-02-07 15:18:18 +08:00
Ion Bazan
58b34d13e8
fix risky tests (without any assertion)
2020-02-07 14:35:07 +08:00
Ion Bazan
db32d6bc18
do not use env
2020-02-07 13:07:01 +08:00
Ion Bazan
a2137d5263
use Symfony PHPUnit Bridge
2020-02-07 12:22:22 +08:00
Jeroen Versteeg
cabf373bf4
Added test for exclude-from-classmap (see issue #8563 )
2020-02-04 12:57:26 +01:00
Jordi Boggiano
fb93036a70
Fix putenv to avoid leaving the environment in a dirty state
2020-01-28 14:22:11 +01:00
Adriano Ferreira
acc040f745
Append the bin dir on each listener iteration
...
The "composer install" can create the vendor/dir folders and be used as a script item on composer.json. Having another script running after it that relies on vendor/bir binaries (such as phpunit) will cause it to not find the binary. This fix addresses the issue by trying to append the path on each script iteration.
2020-01-20 08:11:08 -02:00