1
0
Fork 0
Commit Graph

12373 Commits (1a3474c4e7c465fc0f5010028ef675868bb888cd)

Author SHA1 Message Date
dependabot[bot] 77de19dcaa
Bump actions/checkout from 3 to 4 (#11621)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-07 14:47:04 +02:00
Jordi Boggiano 75ae504b2c
Reverting release version changes 2023-09-03 14:09:16 +02:00
Jordi Boggiano 623e5e1de0
Release 2.6.2 2023-09-03 14:09:15 +02:00
Jordi Boggiano 3033c0f3a9
Update changelog 2023-09-03 14:08:56 +02:00
Michael Voříšek 40244dc228
Revert "Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562)" (#11617)
This reverts commit 9c25633d6d.
2023-09-03 13:39:48 +02:00
Jordi Boggiano 98a588eb90
Avoid COMPOSER env being set if not necessary as it can cause issues with scripts, fixes #11613, refs #11493 2023-09-03 11:13:54 +02:00
Uladzimir Tsykun 90cbb144b2
Fix exit code 5 on composer require/create-project command (#11616) 2023-09-03 10:54:07 +02:00
Jordi Boggiano d221d5c69a
Reverting release version changes 2023-09-01 13:53:09 +02:00
Jordi Boggiano ee851d6b6b
Release 2.6.1 2023-09-01 13:53:08 +02:00
Jordi Boggiano b4617c94e6
Update changelog 2023-09-01 13:52:54 +02:00
Jordi Boggiano 5fae76ce67
Revert "Allow executing binaries which are not marked executable via shell proxies (#11557)"
This reverts commit c1f2964105.
2023-09-01 13:50:20 +02:00
Jordi Boggiano 9ab8ef5a71
Reverting release version changes 2023-09-01 10:07:51 +02:00
Jordi Boggiano ea4222fad9
Release 2.6.0 2023-09-01 10:07:50 +02:00
Jordi Boggiano 416b43b401
Update changelog 2023-09-01 10:05:37 +02:00
Jordi Boggiano 7dc5666f33
Avoid failing the require command if the audit step failed 2023-09-01 10:05:13 +02:00
Dezső BICZÓ 0ab4dfba7c
Change audit.ignore behavior before 2.6.0 (#11605)
* Still report ignored security advisories

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-01 10:04:31 +02:00
Jordi Boggiano b6fe941911
Update changelog 2023-08-31 16:09:07 +02:00
Damien Carrier e0abc40ded
Add test for `ArchiveCommand` with package name (#11551)
* test(ArchiveCommand): Add test for ArchiveCommand with package name

* fix : using explicit variable name for eventDispatcher Mock

---------

Co-authored-by: Damien Carrier <damien.carrier@alximy.io>
2023-08-31 13:46:43 +02:00
Jordi Boggiano e1587cf698
Update deps 2023-08-31 11:52:55 +02:00
ಠ_ಠ 1a2bd38764
allow bumping for patch level version constraints fixes #11579 (#11590) 2023-08-31 11:05:49 +02:00
Travis Carden 1c4ac1c437
Add `dumpautoload --dry-run` option (#11608) 2023-08-31 10:35:02 +02:00
Martin Herndl 6fd145f01e
Allow --strict-psr in `DumpAutoloadCommand` also with --classmap-authoritative (#11607) 2023-08-30 21:43:16 +02:00
Martin Herndl 02e4a2d1a3
Add test case for `DumpAutoloadCommand` with failing --strict-psr check (#11606) 2023-08-30 21:42:45 +02:00
Tom Klingenberg db53c65986
COMPOSER_DISABLE_NETWORK aware `diagnose` checks; SKIP output (#11597)
Make `diagnose` checks aware of COMPOSER_DISABLE_NETWORK (true) and skip
Composer network operations that would otherwise spill stack traces into
diagnostic messages and taint the result as error while the check itself
is not applicable/useful within the environment.

`COMPOSER_DISABLE_NETWORK` was released with [2.0.0-alpha1] and intro-
duced in fc03ab9bb (Add COMPOSER_DISABLE_NETWORK env var for debugging,
2019-01-14).

The previous behaviour was to exit with a status of two (2), denoting an
error.

The new behaviour is to exit with a status of zero (0), showing the
successful skipping of diagnostics that can only be run when Composer
network is enabled - not disabled.

SKIP output is updated and streamlined.

NOTE: The "prime" Value

It is irrelevant for diagnose checks, as all diagnostic checks that
spilled were with the HTTP Downloader and the check is aligned (both
"1" or "prime" values disable):

    (bool) Platform::getEnv('COMPOSER_DISABLE_NETWORK')

NOTE: Not Affected

 * The `allow_url_fopen` diagnostic check, platform related
 * The `disable-tls` setting related HTTP Downloader creation warning

[2.0.0-alpha1]: <https://getcomposer.org/changelog/2.0.0-alpha1> "released 2020-06-03"
2023-08-30 21:35:59 +02:00
Christophe Coevoet 83771ce9ba
Fix the mtime of the vendor folder when running composer install (#11593)
When splitting the logic between the lock file management and the vendor
folder management in composer 2.0, the logic playing nice with make was
broken by running the logic based on operations performed in the lock
file instead of operations performed in the vendor folder.
2023-08-30 18:05:58 +02:00
Fábio 25f4854ad7
Fix typo 03-cli.md (#11587) 2023-08-30 18:03:12 +02:00
Martin Herndl 879524d8e3
Add tests for DumpAutoloadCommand (#11581) 2023-08-30 16:09:05 +02:00
Juliette bb1aa8432f
GH Actions: run against PHP 8.3 (#11601)
* GH Actions: run against PHP 8.3

What with PHP 8.3 being close to the first RC, I'd like to suggest enabling runs against PHP 8.3 for the linting and test runs.

* Linting passes on PHP 8.3, so I propose to not allow new failures to be introduced there.
* The test runs, however, do not pass against PHP 8.3, so I'm marking those as `experimental` for now to allow for fixing the issue(s).

As for the compatibility issues (based on the test runs):
* PR 11599 fixes all known deprecation notices.
* There is, however, one test failure, which I'm not exactly sure how to fix, so I'm leaving this for the maintainers to decide upon.
    Details:
    Prior to PHP 8.3, `ReflectionMethod` could set a `private` method on a parent class to accessible. This is no longer possible in PHP 8.3 since php/php-src 9470 and breaks the `Composer\Test\Repository\ComposerRepositoryTest::testWhatProvides` test.
    Also see: https://3v4l.org/8YcIk/rfc#vgit.master

* GH Actions: update addition of PHP 8.3

* Don't add PHP 8.3 to the `lint` workflow.
* Replace the PHP 8.2 extra builds instead of adding to them for `test`.
* Don't allow builds to fail.

---------

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
2023-08-30 15:53:45 +02:00
Jordi Boggiano 52f52dd636
Disable color output in tests by default to avoid issues on windows, fixes #11598 2023-08-30 15:02:59 +02:00
Juliette 80b02cdef9
CONTRIBUTING: remove outdated suggestion (#11600)
This doesn't appear to be needed anymore since 2a771dfb2d.

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
2023-08-30 14:09:14 +02:00
Fábio 388485b98a
Update 05-repositories.md (#11603) 2023-08-30 11:46:40 +02:00
Juliette 5af6151493
PHP 8.3 | ComposerRepositoryTest: fix test failure (#11602)
Prior to PHP 8.3, ReflectionMethod could set a private method on a parent class to accessible. This is no longer possible in PHP 8.3 since php/php-src 9470 and breaks the Composer\Test\Repository\ComposerRepositoryTest::testWhatProvides test.
Also see: https://3v4l.org/8YcIk/rfc#vgit.master

Fixed now.

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
Co-authored-by: Christophe Coevoet <stof@notk.org>
2023-08-30 11:43:12 +02:00
Juliette 512690dba4
PHP 8.3 | Tests: fix deprecation notices (#11599)
* PHP 8.3 | ZipDownloaderTest: fix deprecation notice

Calling `ReflectionProperty::setValue()` with only one argument (to set a static property) is deprecated.
Passing `null` as the first (`$object`) parameter will work cross-version.

As the `ZipDownloaderTest::setPrivateProperty()` method has a `null` default value for the `$obj` parameter anyway, this means the if/else toggle can be removed.

Ref: https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures#reflectionpropertysetvalue

* PHP 8.3 | InstalledVersionsTest: fix deprecation notice

Calling `ReflectionProperty::setValue()` with only one argument (to set a static property) is deprecated.
Passing `null` as the first (`$object`) parameter will work cross-version.

Ref: https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures#reflectionpropertysetvalue

---------

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
2023-08-30 11:42:33 +02:00
Jordi Boggiano 094fb6cd70
Fix support for react/promise 2.x 2023-08-30 11:38:36 +02:00
Jordi Boggiano bbd2c9613e
Fix uncaught promises when doing synchronous file downloads that fail, fixes #11563 2023-08-30 11:19:47 +02:00
Jordi Boggiano 83792838c9
Fix problem output bug when purely numeric versions are condensed 2023-08-30 10:45:57 +02:00
Stephan 5062338079
Audit: ignores configured repository options (#11173)
* Audit: ignores configured repository options

* ComposerRepository: add test case to assert that repo http options are used to make security advisory POST request
2023-08-29 15:16:34 +02:00
Rober Díaz 4137bf38ad
Tests for base dependency command (#11547)
* add a test case for "not provided a required parameter"

* add a test cases for "not provided locked file"

* cleanup for case provider

* add a test case for "package existence"

* add a test case for "warning when dependencies are not installed"

* fix the test case for "warning when dependencies are not installed"

* add a test case for "package was not found in the project"

* add a test cases for `why-not` command

- also they were fixed docblocks

* add a test cases for `why` command

* versions were added to dependency objects

* it was avoided HEREDOC due it seems to be failing in PHP 7.2

* it was avoided mismatches due different platforms EOL

* it was used full output instead of an array of messages (to avoid EOL isues)

* it increased code coverage to 97%

* All test case docblocks were corrected according to CR feedback

* ensure that `why-not` should say that an installed package requires an incompatible version of the inspected package
2023-08-29 15:06:19 +02:00
Dane Powell c9a4b2db11
Fix #11507: phpstan/rules.neon missing from archives (#11586) 2023-08-29 14:17:16 +02:00
Tom Klingenberg f605389dc3
Minor Typo CHANGELOG.md 2.3.0-RC1 release (#11583)
- ..._PLATFOR_... -> ..._PLATFORM_... (missing M)

- Backticks style to streamlined with other environment parameters around.
2023-08-16 14:05:14 +02:00
Jordi Boggiano 95dca79fc2
Output error message in verbose mode before asking for credentials, fixes #11570 2023-08-04 11:06:00 +02:00
Jordi Boggiano 7ffcaacd08
Fix ignored config merging when audit is present but ignored isnt 2023-08-04 11:05:59 +02:00
Nate Devereux c5baa37cdf
Update Silverstripe casing (#11565) 2023-08-03 11:28:29 +02:00
Dan Wallis 9c25633d6d
Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562) 2023-08-02 11:55:24 +02:00
Jordi Boggiano f4738d97b7
Add support for Application::setCatchErrors in symfony 6.4+, refs symfony/symfony#50420 2023-07-28 19:33:33 +02:00
Tom Klingenberg ff70ab7ce9
Minor Typo CHANGELOG.md 2.5.8 release (#11564)
ICU CDLR -> ICU CLDR (issue has correct title).
2023-07-26 08:19:20 +02:00
Michael Voříšek f752a9e358
Unify wording in docs (#11545) 2023-07-21 14:47:54 +02:00
Jordi Boggiano 0cdabcc4ee
Add audit.ignored config setting to ignore security advisories by id or CVE id, fixes #11298 (#11556) 2023-07-21 14:36:38 +02:00
Dan Wallis 7f78decad7
Fix PHPStan after running autoloader tests (#11558) 2023-07-21 14:34:59 +02:00
Julian Liebig a6c7b0b327
Retry download if curl error 55 is encountered (#11543) 2023-07-21 14:29:56 +02:00