1
0
Fork 0
Commit Graph

8215 Commits (2fe3244ddb68aa5260844a57c18ff027e279b83d)

Author SHA1 Message Date
Quynh Anh 8246892d48
Fix PackageInterface parameter comments (#11777) 2024-01-04 14:49:27 +01:00
Jordi Boggiano efe6e44883
Perform audit on Composer and its dependencies during diagnose, fixes #11216 (#11761) 2024-01-04 10:55:59 +01:00
Jordi Boggiano 12ed21705d
Check for non-platform requirements before warning that no deps are installed on show command, fixes #11760 2023-12-22 17:48:47 +01:00
Roberto Guido 8e62977cb5
Exposing GitLab's project metadata (#11734)
* Exposing GitLab's project metadata

* Fixed check about GitLab project's metadata initialization
2023-12-20 16:50:24 +01:00
Jordi Boggiano 53a1f32061
Add --sort-by-age to show/outdated commands, and also release date for latest package in --latest mode (#11762) 2023-12-20 15:37:27 +01:00
Jordi Boggiano c8f1028ef9
Fix minor error msg issue 2023-12-20 15:16:12 +01:00
Stephan 86cd364901
Audit: add severity to plain and table output (#11702) 2023-12-19 19:11:50 +01:00
Jordi Boggiano 9b0f9b40a4
Show package source in very verbose updates, fixes #11733 (#11763) 2023-12-19 17:17:48 +01:00
Jordi Boggiano 4a209b7d3d
Fix bump command not bumping versions with a v prefix e.g. ^v2.4, fixes #11723 (#11764) 2023-12-19 17:17:32 +01:00
Jordi Boggiano 3cfd9bf51b
Ensure composer.json gets deleted after a dry run require, fixes #11747 2023-12-19 15:51:39 +01:00
Jordi Boggiano e0f75276a2
Switch default audit.abandoned to fail for 2.7 release 2023-12-18 15:02:10 +01:00
Jordi Boggiano bf6c7f8ea2
Merge branch '2.6' 2023-12-18 10:12:45 +01:00
Jordi Boggiano e14d28baec
Update deps 2023-12-18 10:11:33 +01:00
Jordi Boggiano eaa7dd46f5
Reverting release version changes 2023-12-08 18:32:27 +01:00
Jordi Boggiano 683557bd24
Release 2.6.6 2023-12-08 18:32:26 +01:00
Travis Carden aefa46dfba
Add support for "scripts-aliases" in composer.json (#11666) 2023-10-27 11:36:59 +02:00
Jordi Boggiano cc653161c3
Merge branch '2.6' 2023-10-26 11:39:41 +02:00
Dan Wallis 8c0f1e10dc
Display error instead of throwing exception when unable to update with temporary constraint (#11692) 2023-10-26 11:38:02 +02:00
Dan Wallis 81b662d388
Suggest running 'require' not 'update' if a root req fails to update (#11691) 2023-10-26 11:08:03 +02:00
Tom Klingenberg 03085c8181
Fix Git Driver to use supported Git VCS driver URL
Otherwise the URL may not be supported since 3bb191a46 (Add support for
env vars and ~ (for HOME) in repo paths for vcs and artifact
repositories, fixes #11409 (#11453), 2023-05-07)
2023-10-26 11:06:11 +02:00
Jordi Boggiano 899dcedf66
Add --minimal-changes mode to perform partial updates --with-dependencies while changing only what is necessary in other dependencies (#11665) 2023-10-26 10:25:04 +02:00
Dan Wallis 7a09e05560
Bump wildcard constraints to >=current (#11694) 2023-10-25 18:04:52 +02:00
Jordi Boggiano c66894278c
Bump dev version to 2.7, fix issues with symfony 7 2023-10-25 17:13:36 +02:00
Dan Wallis c827c93b62
Use global constant if available for libpq version (#11684) 2023-10-11 14:19:31 +02:00
Jordi Boggiano d2bd9836a6
Reverting release version changes 2023-10-06 10:11:53 +02:00
Jordi Boggiano 4b0fe89db9
Release 2.6.5 2023-10-06 10:11:52 +02:00
Uladzimir Tsykun 3e22e1ceda
Fix error when vendor dir contains broken symlinks (#11670) 2023-10-06 09:53:39 +02:00
Jordi Boggiano cb363b0e84
Fix autoload generator dump() non-BC signature change in 2.6.4 2023-10-06 09:34:10 +02:00
Jordi Boggiano 64c5bdd55b
Reverting release version changes 2023-09-29 10:54:48 +02:00
Jordi Boggiano d75d17c16a
Release 2.6.4 2023-09-29 10:54:47 +02:00
Pol Dellaiera b608b8e87e
feat: improve Composer's output reproducibility (#11663)
* AutoloadGenerator: add `Locker` parameter to the `dump` method
* AutoloadGenerator: do not create a random hash, re-use the one from the lock file if it exists
* FileSystem: make sure `safeCopy` copy also the file time metadata
2023-09-28 11:43:52 +02:00
Jordi Boggiano 892eaacedf
Optimize show -a by loading only the requested package (#11659)
Fixes #11648
2023-09-27 11:28:33 +02:00
Yanick Witschi f6ce8349c5
Use CompilingMatcher in DefaultPolicy for performance reasons (#11638)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-27 09:08:29 +02:00
Dezső BICZÓ 755de04bf5
Fix abandoned package list JSON serialization (#11647)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-26 14:23:45 +02:00
Jordi Boggiano 39faacbca9
Reverting release version changes 2023-09-15 09:38:22 +02:00
Jordi Boggiano ff477832e6
Release 2.6.3 2023-09-15 09:38:22 +02:00
Jordi Boggiano e3484c8581
Add audit.abandoned warnings for abandoned packages, fixes #11623 (#11639) 2023-09-14 11:30:09 +02:00
Jordi Boggiano 3bc72f75cb
Fix build, update deps 2023-09-13 18:17:28 +02:00
wgevaert e2f5afd4cd
Add warning when duplicate "files" autoload rules are detected (#11109)
Co-authored-by: Wout Gevaert <wout@wikibase.nl>
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-13 14:11:00 +02:00
Yanick Witschi 5474dc9b5b
Fixed replaced packages being incorrectly missing when unlocked by an old version (#11629)
Co-authored-by: Nils Adermann <naderman@naderman.de>
2023-09-13 10:42:47 +02:00
Jason McCreary 1e4966c313
Get realpath for `ZipArchive` (#11636) 2023-09-13 09:59:22 +02:00
Jordi Boggiano 1ac0ea8739
Retry curl receive errors when connection reset by peer, fixes #11622 2023-09-12 10:10:53 +02:00
Jordi Boggiano 755e89fc91
Fix loading of root aliases on path repo packages when doing partial updates, fixes #11630 (#11632) 2023-09-11 17:45:19 +02:00
Christophe Coevoet 087b21d687
Fix the promise resolution for the cleanup logic (#11620) 2023-09-11 17:40:43 +02:00
Jordi Boggiano 75ae504b2c
Reverting release version changes 2023-09-03 14:09:16 +02:00
Jordi Boggiano 623e5e1de0
Release 2.6.2 2023-09-03 14:09:15 +02:00
Michael Voříšek 40244dc228
Revert "Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562)" (#11617)
This reverts commit 9c25633d6d.
2023-09-03 13:39:48 +02:00
Jordi Boggiano 98a588eb90
Avoid COMPOSER env being set if not necessary as it can cause issues with scripts, fixes #11613, refs #11493 2023-09-03 11:13:54 +02:00
Uladzimir Tsykun 90cbb144b2
Fix exit code 5 on composer require/create-project command (#11616) 2023-09-03 10:54:07 +02:00
Jordi Boggiano d221d5c69a
Reverting release version changes 2023-09-01 13:53:09 +02:00
Jordi Boggiano ee851d6b6b
Release 2.6.1 2023-09-01 13:53:08 +02:00
Jordi Boggiano 5fae76ce67
Revert "Allow executing binaries which are not marked executable via shell proxies (#11557)"
This reverts commit c1f2964105.
2023-09-01 13:50:20 +02:00
Jordi Boggiano 9ab8ef5a71
Reverting release version changes 2023-09-01 10:07:51 +02:00
Jordi Boggiano ea4222fad9
Release 2.6.0 2023-09-01 10:07:50 +02:00
Jordi Boggiano 7dc5666f33
Avoid failing the require command if the audit step failed 2023-09-01 10:05:13 +02:00
Dezső BICZÓ 0ab4dfba7c
Change audit.ignore behavior before 2.6.0 (#11605)
* Still report ignored security advisories

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-01 10:04:31 +02:00
ಠ_ಠ 1a2bd38764
allow bumping for patch level version constraints fixes #11579 (#11590) 2023-08-31 11:05:49 +02:00
Travis Carden 1c4ac1c437
Add `dumpautoload --dry-run` option (#11608) 2023-08-31 10:35:02 +02:00
Martin Herndl 6fd145f01e
Allow --strict-psr in `DumpAutoloadCommand` also with --classmap-authoritative (#11607) 2023-08-30 21:43:16 +02:00
Tom Klingenberg db53c65986
COMPOSER_DISABLE_NETWORK aware `diagnose` checks; SKIP output (#11597)
Make `diagnose` checks aware of COMPOSER_DISABLE_NETWORK (true) and skip
Composer network operations that would otherwise spill stack traces into
diagnostic messages and taint the result as error while the check itself
is not applicable/useful within the environment.

`COMPOSER_DISABLE_NETWORK` was released with [2.0.0-alpha1] and intro-
duced in fc03ab9bb (Add COMPOSER_DISABLE_NETWORK env var for debugging,
2019-01-14).

The previous behaviour was to exit with a status of two (2), denoting an
error.

The new behaviour is to exit with a status of zero (0), showing the
successful skipping of diagnostics that can only be run when Composer
network is enabled - not disabled.

SKIP output is updated and streamlined.

NOTE: The "prime" Value

It is irrelevant for diagnose checks, as all diagnostic checks that
spilled were with the HTTP Downloader and the check is aligned (both
"1" or "prime" values disable):

    (bool) Platform::getEnv('COMPOSER_DISABLE_NETWORK')

NOTE: Not Affected

 * The `allow_url_fopen` diagnostic check, platform related
 * The `disable-tls` setting related HTTP Downloader creation warning

[2.0.0-alpha1]: <https://getcomposer.org/changelog/2.0.0-alpha1> "released 2020-06-03"
2023-08-30 21:35:59 +02:00
Christophe Coevoet 83771ce9ba
Fix the mtime of the vendor folder when running composer install (#11593)
When splitting the logic between the lock file management and the vendor
folder management in composer 2.0, the logic playing nice with make was
broken by running the logic based on operations performed in the lock
file instead of operations performed in the vendor folder.
2023-08-30 18:05:58 +02:00
Jordi Boggiano 094fb6cd70
Fix support for react/promise 2.x 2023-08-30 11:38:36 +02:00
Jordi Boggiano bbd2c9613e
Fix uncaught promises when doing synchronous file downloads that fail, fixes #11563 2023-08-30 11:19:47 +02:00
Jordi Boggiano 83792838c9
Fix problem output bug when purely numeric versions are condensed 2023-08-30 10:45:57 +02:00
Stephan 5062338079
Audit: ignores configured repository options (#11173)
* Audit: ignores configured repository options

* ComposerRepository: add test case to assert that repo http options are used to make security advisory POST request
2023-08-29 15:16:34 +02:00
Jordi Boggiano 95dca79fc2
Output error message in verbose mode before asking for credentials, fixes #11570 2023-08-04 11:06:00 +02:00
Jordi Boggiano 7ffcaacd08
Fix ignored config merging when audit is present but ignored isnt 2023-08-04 11:05:59 +02:00
Dan Wallis 9c25633d6d
Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562) 2023-08-02 11:55:24 +02:00
Jordi Boggiano f4738d97b7
Add support for Application::setCatchErrors in symfony 6.4+, refs symfony/symfony#50420 2023-07-28 19:33:33 +02:00
Jordi Boggiano 0cdabcc4ee
Add audit.ignored config setting to ignore security advisories by id or CVE id, fixes #11298 (#11556) 2023-07-21 14:36:38 +02:00
Julian Liebig a6c7b0b327
Retry download if curl error 55 is encountered (#11543) 2023-07-21 14:29:56 +02:00
David Zülke 3e9c148b63
Fix trailing whitespace in 'composer show -N' (#11536)
The name column was always padded to maximum width, even if no other columns were printed.

This makes it difficult to use the output e.g. in pipelines.

Fixed for all possible columns, and with tests for two cases (regular show and show outdated).
2023-07-21 11:29:38 +02:00
David Zülke 07f706e57d
Fix 'composer show --platform <package>' erroring if no composer.json is present (#11533)
Sort of related to #11046 (although this is not a regression, but didn't work before, either)
2023-07-21 11:28:36 +02:00
Stephan cf8ea3c70e
GitHubDriver: better handle empty composer.json file (#11552) 2023-07-21 11:09:32 +02:00
David Zülke 8f49166ec6
Fix lib-curl-openssl parsing for SecureTransport (#11534)
On macOS, if libcurl is built against SecureTransport, the platform repository will contain an invalid package name:

    % composer show --platform | grep curl
    ext-curl                           8.2.7    The curl PHP extension
    lib-curl                           8.1.2    The curl library
    lib-curl-(securetransport) openssl 3.1.1    curl (securetransport) openss...
    lib-curl-libssh2                   1.11.0   curl libssh2 version
    lib-curl-zlib                      1.2.11   curl zlib version

This change fixes it:

    % bin/composer show --platform | grep curl
    lib-curl                 8.1.2              The curl library
    lib-curl-libssh2         1.11.0             curl libssh2 version
    lib-curl-securetransport 3.1.1              curl (securetransport) openssl ...
    lib-curl-zlib            1.2.11             curl zlib version

(second column width difference comes from the Composer dev version number)
2023-07-21 11:06:03 +02:00
Attia A. Ahmed ce876e7a6f
Fix broken junctions leading to installation failure on Windows (#11550) 2023-07-21 10:59:59 +02:00
Jordi Boggiano e7016b00a9
Upgrade to react/promise 3.0.0 (#10429) 2023-07-20 12:52:28 +02:00
Brian French c1f2964105
Allow executing binaries which are not marked executable via shell proxies (#11557) 2023-07-19 17:38:21 +02:00
Jordi Boggiano 82bc8cf94e
Update deps 2023-07-19 14:57:22 +02:00
MaximAL 1c9fbeb978
Preserve indentation when writing JSON files (#11390)
Refs #11341
2023-07-19 14:13:06 +02:00
Agostino Fiscale 16d1b11c26
Add homepage links in why/why-not commands (#11308) 2023-07-19 11:28:17 +02:00
Helmut Hummel 68b7a07187
Feature: Allow local directory paths in repository of type composer (#11526)
Fixes: #11519
2023-07-18 11:44:53 +02:00
Jordi Boggiano 2b18799c44
Fix problem output of exact constraints to state more clearly that only those versions are matched (#11521)
Fixes #11479
2023-06-23 13:13:20 +02:00
Jordi Boggiano 1db0a47080
Add prompt to require command if a package name is not found but there are similar names that could be used (#11284)
fixes #11279
2023-06-23 11:15:03 +02:00
Jordi Boggiano 196ac10505
Remove dead code 2023-06-23 10:57:56 +02:00
Jordi Boggiano 06b4923c47
Add fallback dist type extension to temp archive files for URLs without extension, fixes #11513 (#11520) 2023-06-22 16:30:48 +02:00
Jordi Boggiano bbea3e5284
Merge branch '2.5' 2023-06-09 17:13:53 +02:00
Jordi Boggiano 7b03fa1ba3
Reverting release version changes 2023-06-09 17:13:22 +02:00
Jordi Boggiano 4c51614616
Release 2.5.8 2023-06-09 17:13:21 +02:00
Jordi Boggiano 3f385d466f
Update types some more, refs #11500 2023-06-09 17:13:09 +02:00
Jordi Boggiano c12b551d3a
Update type declarations on ClassLoader, fixes #11482 (#11500) 2023-06-08 16:30:13 +02:00
Jordi Boggiano 7f6de36354
Fix typo 2023-06-07 16:35:29 +02:00
Jordi Boggiano ff67cdf6e6
Ignore ICU CDLR version fetching when ICU cannot initialize the resource bundle, fixes #11492 2023-06-07 16:19:44 +02:00
Jordi Boggiano 3ae662f4c7
Fix EventDispatcher on windows picking bat files when using "@php binary", fixes #11490 2023-06-07 15:19:44 +02:00
Andreas Schempp ebd0a60411
Force CreateProjectCommand to use the installed composer.json (#11493) 2023-06-07 12:44:50 +02:00
Jordi Boggiano 1d51f34957
Update baseline (1700, 94) 2023-06-07 08:50:57 +02:00
Jordi Boggiano 6a11574ba6
Merge branch '2.5' 2023-06-07 08:14:20 +02:00
Pol Dellaiera 16bdfe4dae
refactor: update `SyncHelper::downloadAndInstallPackageSync` (#11496)
* refactor: Widen `SyncHelper::downloadAndInstallPackageSync` parameter signature

* chore: bump `PluginInterface::PLUGIN_API_VERSION` to `2.6.0`
2023-06-06 23:32:39 +02:00
Dezső BICZÓ 8c18de5a41
Handle better nullable file parameter (#11486)
* Handle better nullable file parameter

Closes #11483

* CS fix
2023-06-06 23:27:55 +02:00
Pol Dellaiera 45977c7cb1
refactor: update `SyncHelper` (#11485)
Get rid of 3 PHPStan issues
2023-06-06 15:25:54 +02:00
Dan Wallis 3b5976667c
Simplify property assignment (#11488) 2023-06-06 14:26:14 +02:00
Jordi Boggiano 902a153741
Fix regression in edge cases where root package gets added to a repository already during the install process, fixes #11495 2023-06-06 14:02:29 +02:00
Sergii Shymko 52caea70d4
Refactor downloader package dist path parsing (#11471) 2023-06-06 13:54:17 +02:00
Jordi Boggiano 52f6f74b7c
Merge branch '2.5' 2023-05-24 15:00:53 +02:00
Jordi Boggiano 7d6c76ee79
Reverting release version changes 2023-05-24 15:00:43 +02:00
Jordi Boggiano d477018d3f
Release 2.5.7 2023-05-24 15:00:40 +02:00
Jordi Boggiano 33c293aec3
Fix autoload regression with metapackage dependencies (#11481)
fixes #11480

introduced by #11455
2023-05-24 14:58:11 +02:00
Jordi Boggiano 4893b67efa
Reverting release version changes 2023-05-24 09:14:24 +02:00
Jordi Boggiano f7c05db8b0
Release 2.5.6 2023-05-24 09:14:18 +02:00
Jordi Boggiano 5a96e6ae13
Merge branch '2.5' 2023-05-23 23:49:53 +02:00
Jordi Boggiano 23654389da
Fix lock file verification to take into account root provider/replacers and output mismatches there more clearly, fixes #11458 (#11475) 2023-05-23 23:15:07 +02:00
Stefan Grootscholten 9d965b9c65
Fix authentication issues with private bitbucket repos (#11464) 2023-05-23 23:14:11 +02:00
Jørn Støylen 9885d23e2a
Ensure stripos() receives a string
If file_get_contents() returns false, stripos() will throw a TypeError.
Casting to string prevents this from happening.

Closes #11470
2023-05-23 21:11:23 +02:00
Jordi Boggiano 24361ae654
Merge branch '2.5' 2023-05-23 16:25:24 +02:00
Jordi Boggiano e51d755a08
Fix numeric default-branches with v prefix (e.g. v2.x-dev) being treated as non-numeric and receiving an alias like e.g. dev-main 2023-05-23 16:25:08 +02:00
Jordi Boggiano 3a48e39375
Return null for install path for metapackages instead of an empty path which then resolves to the root package's path (#11455)
Fixes #11389
2023-05-14 13:46:46 +02:00
Jordi Boggiano 54808d9bde
Merge branch '2.5' 2023-05-08 14:50:48 +02:00
Dezső BICZÓ 57a48df34e
Support advisories from multiple repositories for the same package (#11436) 2023-05-07 15:12:04 +02:00
Jordi Boggiano a79eef2949
Fix class renaming in plugin manager 2023-05-07 14:53:17 +02:00
Jordi Boggiano 2b58f2c625
Fix getmypid being required as it is not always available, fixes #11401 2023-05-07 14:48:34 +02:00
Jordi Boggiano bf5ae27b93
Fix support for readonly classes as plugins, fixes #11404 2023-05-07 14:39:25 +02:00
Jordi Boggiano 3bb191a464
Add support for env vars and ~ (for HOME) in repo paths for vcs and artifact repositories, fixes #11409 (#11453) 2023-05-07 13:53:32 +02:00
Jordi Boggiano e28a5675b7
Fixed binary proxies to return whatever the original binary returns as well, fixes #11416 (#11454) 2023-05-05 22:24:59 +02:00
Jordi Boggiano cbb7319963
Merge branch '2.5' 2023-05-05 14:16:14 +02:00
Jordi Boggiano 2d2d22d0ec
Fix lock file being more recent than vendor dir when require guesses the constraint after resolution, fixes #11405 2023-05-05 14:15:27 +02:00
Nils Adermann 595559f68d
Remove optional package loading to simplify pool builder (#11450)
Instead we just directly check if any currently loaded package requires
the package to be loaded optionally.
2023-05-02 23:59:36 +02:00
Yanick Witschi 9ced20fd0d Take the short cut 2023-05-02 23:11:20 +02:00
Yanick Witschi 995b806dfe Optimize PoolBuilder to not load replaced targets if not required 2023-05-02 22:10:18 +02:00
Jason Woods 010bad5428 fix: If a replacer is updated to a version that no longer replaces, the replaced package is not loaded 2023-05-02 22:07:57 +02:00
Stephan 11879ea737
ArrayLoader: handle invalid support value (#11440) 2023-04-26 15:26:45 +02:00
David Zülke e0c1ad1448
PlatformRepository library support for libpq (from ext-pq) and librdkafka (from ext-rdkafka) (#11418)
* libpq library version info for ext-pq

* librdkafka library version info for ext-rdkafka

Computes from RD_KAFKA_VERSION, faster than output buffering
2023-04-25 13:59:36 +02:00
Jordi Boggiano 776ff2ea51
Merge branch '2.5' 2023-03-21 11:53:54 +01:00
Jordi Boggiano 766628a8d4
Reverting release version changes 2023-03-21 11:50:06 +01:00
Jordi Boggiano c7cffaad16
Release 2.5.5 2023-03-21 11:50:05 +01:00
Jordi Boggiano 8b0a185d5d
Fixed display of empty objects showing [] instead of {} in config command, fixes #11302 2023-03-21 11:17:55 +01:00
Jordi Boggiano 91b7b0ff3b
Fixed querying of default config values, and fix source display for them, and fix bools to show as bools, fixes #11302 2023-03-21 11:07:57 +01:00
Jordi Boggiano 3988fe2c9c
Fix svndriver type error 2023-03-21 10:50:22 +01:00
Jordi Boggiano 5f298ae294
Merge branch '2.5' 2023-03-21 10:45:40 +01:00
Jordi Boggiano 5c3d8f35db
Update deps, fix phpstan issues, update baseline (1711, 49) 2023-03-21 10:36:42 +01:00
Jordi Boggiano 62f12abcb1
Fix return type of InstalledVersions::getInstalled, fixes #11304 2023-03-21 09:55:28 +01:00
Jordi Boggiano d3adecf583
Fix github header handling to be case insensitive, fixes rate limit extraction (#11366) 2023-03-20 21:42:28 +01:00
Stephan 685a2e6be2
Composer support string (#11386)
* GitHubDriver: fix support is set to string

* GitLabDriver: fix support is set to string

* BitbucketDriver: fix support is set to string

* Fix PHPStan
2023-03-20 20:18:19 +01:00
Edgaras Janušauskas f41abfca34
Add platform check for 64-bit PHP (#11334) 2023-03-20 16:08:12 +01:00
Wim Leers 5d2d513f97
Follow-up for #5205: fix high concurrency race condition
Composer would fail with an
```
PHP temp directory (/tmp) does not exist or is not writable to Composer. Set sys_temp_dir in your php.ini
```
error when used in parallel. Because it is checking if a file with `md5(microtime())` can be created, which is not sufficiently unique when used in parallel.

Since each Composer instance runs in its own process, this can easily be mitigated by not just partitioning based on time of use, but also based on process ID.

Original investigation: https://www.drupal.org/project/automatic_updates/issues/3338789#comment-14961390
2023-03-17 13:55:30 +01:00
AnrDaemon 3b16937bae
Pick higher revision number to guarantee successful file retrieval (#11350) 2023-03-17 10:23:02 +01:00
Uladzimir Tsykun 32366bc37d
Fix basic auth infinite loop (#11320) 2023-03-17 09:13:11 +01:00
Jordi Boggiano 1a3f98601f
Merge branch '2.5' 2023-03-15 22:56:15 +01:00
Jordi Boggiano b8f82b244c
Escape % chars in user input before passing to sprintf, fixes #11359 2023-03-15 22:53:29 +01:00
Ion Bazan 0ba7e0dcbd
Exit with non-zero code if post-install audit fails (#11362) 2023-03-15 22:11:23 +01:00
Ben Ramsey cd137ee29b
Add security to support options (#11271)
This support option allows projects to specify a URL to the project's
vulnerability disclosure policy (VDP).
2023-03-10 22:28:10 +01:00