1
0
Fork 0
Commit Graph

8345 Commits (3a2d1c5f9c798cda7131ad20fe42fa0dccd2a8d5)

Author SHA1 Message Date
Quỳnh Nguyễn 6ec76db926
Remove redundant boolean type casts (#12033) 2024-07-10 11:04:20 +02:00
Ilya Urvachev 03bbfdd8f4
fix(Locker): don't store transport-options.ssl within the lock-file (#12019) 2024-07-10 10:35:26 +02:00
Jordi Boggiano b2832867e6
Fix some edge cases of tilde constraints in bump command (#12038)
* Fix: Add test case for not dropping patch version for tilde

* Fix some edge cases of tilde constraints in bump command, fixes #11218

---------

Co-authored-by: Matthias Vogel <git@kanti.de>
2024-07-10 09:47:37 +02:00
Jordi Boggiano e61d4ad986
Update deps 2024-07-06 23:35:00 +02:00
Jordi Boggiano 01ce481f22
Reverting release version changes 2024-06-10 22:11:13 +02:00
Jordi Boggiano 291942978f
Release 2.7.7 2024-06-10 22:11:12 +02:00
Jordi Boggiano 04a63b324f
Add more characters for best fit encoding protection 2024-06-10 22:08:29 +02:00
Jordi Boggiano 3130a7455a
Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion 2024-06-10 21:28:19 +02:00
Jordi Boggiano ee28354ca8
Merge pull request from GHSA-47f6-5gq3-vx9c 2024-06-10 14:56:42 +02:00
Jordi Boggiano 6bd43dff85
Merge pull request from GHSA-v9qv-c7wm-wgmf 2024-06-10 14:56:13 +02:00
Jordi Boggiano fa3b9582c3
Fix secure-http check to avoid bypass using emojis 2024-06-10 14:48:02 +02:00
Jordi Boggiano 137ec17c0a
Fix empty type support in init command, fixes #11999 2024-06-10 11:37:52 +02:00
Jordi Boggiano 9dfcf62335
Fix new platform requirements from composer.json not being checked when composer.lock is outdated, fixes #11989 (#12001) 2024-05-31 17:53:52 +02:00
Jordi Boggiano dc857b4f91
Fixed PSR violations for classes not matching the namespace of a rule being hidden, fixes #11957 2024-05-31 17:52:05 +02:00
Jordi Boggiano c1be804a0c
Fix UX when a non-required plugin is still present in vendor dir (#12000)
Composer now skips it and does not prompt if it is not allowed to run, fixes #11944
2024-05-31 10:29:56 +02:00
Jordi Boggiano 37d722e73c
PHPStan/tests updates (#11996)
* Remove a bunch of inline ignores and migrate all PHPUnit assertions to static calls

* Update baseline (1573, 93)

* Update commit hash
2024-05-29 23:12:06 +02:00
Jordi Boggiano dd8af946fd
Fix tests 2024-05-29 22:08:42 +02:00
Jordi Boggiano de5f7e3241
Fix handling of zip bombs when unzipping archives 2024-05-29 15:52:07 +02:00
Jordi Boggiano 3773f77527
Fix perforce arg not being escaped correctly 2024-05-29 15:03:59 +02:00
Jordi Boggiano 3c37a67c0c
Fix Filesystem::isLocalPath including windows checks on linux 2024-05-29 13:42:19 +02:00
Stephan f38df849c2
BlockedIPs: reject job like other exceptions (#11992) 2024-05-29 13:00:27 +02:00
Jordi Boggiano f83b6b1026
Enable new phpstan option 2024-05-27 17:11:31 +02:00
Jordi Boggiano 09e616fa1d
Update phpstan 2024-05-27 15:14:10 +02:00
Krzysztof Ciszewski 81b121bbdf
Fix composer error when git config safe.bareRepository is set to explicit (#11969) 2024-05-27 14:56:27 +02:00
Ondřej Mirtes 5bb30ca170
Update PHPStan (#11976)
* Update PHPStan

* Update inline ignores to `@phpstan-ignore` with error identifier
2024-05-22 09:09:04 +02:00
Sam B d4b071bd1e
To enable to the TransportException code to be accessed in PHP < 8.1, make reflection property accessible (#11974) 2024-05-21 22:45:37 +02:00
John Stevenson 8d90eb694a
Add uopz warning from installer code (#11988) 2024-05-21 22:42:10 +02:00
Dan Wallis ede152bd65
Close style tags to avoid bleed (#11972) 2024-05-12 22:55:40 +02:00
Yanick Witschi 829e0e767f
Re-use precalculated information (#11968)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-05-08 14:27:20 +02:00
Krzysztof Ciszewski 4d7476ca30
composer#11852 fix: ability to remove autoload* keys (#11967) 2024-05-08 11:19:05 +02:00
Jordi Boggiano 2fe3244ddb
Reverting release version changes 2024-05-04 23:03:15 +02:00
Jordi Boggiano fabd995783
Release 2.7.6 2024-05-04 23:03:15 +02:00
Jordi Boggiano c2fd4d3ebb
Fix private autoloader callbacks breaking the new runtime autoloader handling code 2024-05-04 23:01:17 +02:00
Jordi Boggiano f81e84164e
Reverting release version changes 2024-05-03 16:23:40 +02:00
Jordi Boggiano 29ac9cce40
Release 2.7.5 2024-05-03 16:23:40 +02:00
Jordi Boggiano 762f2a37f5
Tweak exit code for network errors to be 100, refs #11954 2024-05-02 16:49:44 +02:00
Jordi Boggiano acf398281c
Fix transport exception not always using 255 exit code, fixes #11954 2024-05-02 16:09:13 +02:00
Jordi Boggiano bcab1c4b8e
Fix Composer autoloader being hijackable by script/plugin event handlers (#11955) 2024-04-29 11:41:33 +02:00
Jordi Boggiano d4396a85bf
Fix binary proxies having an absolute path to vendor dir when project dir is a symlink, fixes #11947 2024-04-29 11:32:47 +02:00
Jordi Boggiano 80631d2fc8
Fix one more case of unsetting a key in an object 2024-04-29 11:19:52 +02:00
Buster Neece 7c66169b7d
Add "uninstall" as alias to "remove". (#11951) 2024-04-29 11:03:03 +02:00
Jordi Boggiano 232f4e7a5c
Fix config command issue handling objects in some conditions, fixes #11945 2024-04-29 10:59:35 +02:00
maximilian-walter ea28853305
Don't show root warning for Podman containers (#11946) 2024-04-28 17:34:36 +02:00
James Titcumb 6778f1f79a
Updated array shape of php-ext options (#11950) 2024-04-28 17:28:11 +02:00
Jordi Boggiano b64e38eb86
Fix phpstan reports 2024-04-28 17:10:36 +02:00
Jordi Boggiano a7c6125ee4
Workaround curl bug in 8.7.0/8.7.1, fixes #11913 2024-04-28 17:09:38 +02:00
Jordi Boggiano 0d5549f503
Reverting release version changes 2024-04-22 21:17:04 +02:00
Jordi Boggiano a625e50598
Release 2.7.4 2024-04-22 21:17:03 +02:00
Barry vd. Heuvel b0d98b9301
Load ProxyManager before running command to fix autoload order (#11943) 2024-04-22 21:12:57 +02:00
Jordi Boggiano 9f84f0c32b
Reverting release version changes 2024-04-19 21:40:58 +02:00
Jordi Boggiano e49be96f3b
Release 2.7.3 2024-04-19 21:40:57 +02:00
Jordi Boggiano 69dc828ba7
Ensure type must be provided in init command 2024-04-19 17:27:50 +02:00
John Stevenson 70927f728e
Add FAQ about using a proxy (#11933) 2024-04-19 17:27:54 +02:00
Jordi Boggiano b0ec0f96ad
Update phpstan deps and fix a few array_filter issues 2024-04-19 17:00:50 +02:00
Jordi Boggiano 3604996464
Ensure diagnose command works even if provider-includes disappears 2024-04-19 14:20:56 +02:00
John Stevenson 41fb6146b0
Improve proxy reporting in Diagnose command (#11932) 2024-04-19 14:18:55 +02:00
John Stevenson 3cc490d4c4
Refactor proxy handling to require https_proxy (#11915)
Composer has always allowed a single http_proxy (or CGI_HTTP_PROXY)
environment variable to be used for both HTTP and HTTPS requests. But
many other tools and libraries require scheme-specific values.

The landscape is already complicated by the use of and need for upper
and lower case values, so to bring matters inline with current practice
https_proxy is now required for HTTPS requests.

The new proxy handler incorporates a transition mechanism, which allows
http_proxy to be used for all requests when https_proxy is not set and
provides a `needsTransitionWarning` method for the main application.

Moving to scheme-specific environment variables means that a user may
set a single proxy for either HTTP or HTTPS requests. To accomodate this
situation during the transition period, an https_proxy value can be set
to an empty string which will prevent http_proxy being used for HTTPS
requests.
2024-04-17 14:34:26 +02:00
Jordi Boggiano 92f641ac3d
Fix show command output to remove v prefixes on versions, making for more uniform output, fixes #11925 2024-04-15 13:23:25 +02:00
Jordi Boggiano 89f057e0df
Ensure we clear the locally configured cache dir instead of default one, fixes #11921 2024-04-15 11:49:10 +02:00
Fabrizio Balliano c5ff69ed58
Added support for buy_me_a_coffee (#11902) 2024-04-03 11:05:07 +02:00
Jordi Boggiano f01ec4a98f
Ensure integer env vars do not cause a crash, fixes #11908 2024-04-03 10:36:39 +02:00
Jordi Boggiano dd18a5fe55
Make methods chainable 2024-04-02 17:40:35 +02:00
Jordi Boggiano 9ced107af2
Ensure extension packages in platform repo have php-ext type set 2024-04-02 17:39:00 +02:00
Jordi Boggiano 94be5b5c14
Allow restricting allowed types as well, and allow configured ignored/allowed types in Installer class 2024-04-02 17:38:41 +02:00
Jordi Boggiano 2027d4975a
Fail status more softly unless -vvv is used, refs #11889 2024-03-21 11:16:56 +01:00
Jordi Boggiano bc157ebea9
Fix phpdoc for new php-ext schema 2024-03-20 22:44:48 +01:00
Jordi Boggiano 07fa4255d6
Add support for php extension packages (#11795)
* Update schema
* Validate php-ext is only set for php-ext or php-ext-zend packages
* Make sure the pool builder excludes php-ext/php-ext-zend
2024-03-20 22:04:58 +01:00
gaxweb a6947f116a
Allow for SSH URLs when using hg repository type (#11878) 2024-03-20 16:31:25 +01:00
Jordi Boggiano 75ccf6557a
Use reactphp/promise v2 compatible code 2024-03-20 12:32:54 +01:00
Jordi Boggiano 59152ad7aa
Fix phpstan errors in FileDownloader, update baseline (1642, 96) 2024-03-20 12:20:30 +01:00
Jordi Boggiano 5a1d506c77
Fix composer status command handling of failed promises, closes #11889 2024-03-20 12:20:30 +01:00
Brad Jones d00f590354
Surface the advisory ID when CVE not present. (#11892) 2024-03-19 16:24:10 +01:00
Stephan d36cd30d11
HttpDownloader: add option to prevent access to private network (#11895) 2024-03-19 16:18:59 +01:00
Jordi Boggiano 504e6c581a
Update deps and baseline (1663, 96) 2024-03-19 15:22:44 +01:00
Ayesh Karunaratne 62126e1a40
[PHP 8.4] Fix for implicit nullability deprecation (#11888)
Fixes a issue that emits a deprecation notice on PHP 8.4.

See:
 - [RFC](https://wiki.php.net/rfc/deprecate-implicitly-nullable-types)
 - [PHP 8.4: Implicitly nullable parameter declarations deprecated](https://php.watch/versions/8.4/implicitly-marking-parameter-type-nullable-deprecated)
2024-03-15 13:55:25 +01:00
Yanick Witschi 5a20dba768
Only show warning about default version when not "project" type (#11885) 2024-03-14 16:38:28 +01:00
Jordi Boggiano 2124f09d75
Fix context info being missing from output when using the IO classes as PSR-3 logger, fixes #11882 2024-03-11 17:23:06 +01:00
Jordi Boggiano 96f757f3a4
Reverting release version changes 2024-03-11 17:12:19 +01:00
Jordi Boggiano b826edb791
Release 2.7.2 2024-03-11 17:12:18 +01:00
Jordi Boggiano 57427e6227
Fix filesystem::copy with broken symlinks, refs #11864 2024-03-08 10:44:47 +01:00
Jordi Boggiano c5aa3dc021
Update deps, update baseline (1677, 97), fixes #11875 2024-03-08 09:03:23 +01:00
Pol Dellaiera 66acb84c12
Fix update --lock to avoid updating all metadata except dist/source urls and mirrors (#11850)
We now update the existing package instead of reverting changes in the updated package to ensure we keep all metadata intact, fixes #11787

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-05 11:32:40 +01:00
Jordi Boggiano 1dc2c93261
Fix ensureDirectoryExists not working when a broken symlink appears somewhere in the path, fixes #11864 2024-03-04 14:39:30 +01:00
Jordi Boggiano c42bb68aff
Optimize outdated --ignore to avoid fetching the latest package info for ignored packages, fixes #11863 2024-03-04 14:07:27 +01:00
Jordi Boggiano 133447cf51
Output tweak 2024-03-04 14:01:23 +01:00
Jordi Boggiano c3efff91f8
Fix plugins still being available in a few special contexts when running as non-interactive root, mainly create-project, refs #11854 2024-03-04 13:45:04 +01:00
Michael Newton c0b8086af5
Include PHP information when showing Composer version verbosely (#11866)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-01 10:14:41 +01:00
Pol Dellaiera a0d474f75c
Add a warning message when Composer is not able to guess the root package version (#11858)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-23 10:47:36 +01:00
Jordi Boggiano 8c61f812a4
Reverting release version changes 2024-02-09 15:26:29 +01:00
Jordi Boggiano aaf6ed5ccd
Release 2.7.1 2024-02-09 15:26:28 +01:00
Jordi Boggiano be876b47a9
Also output root plugin warning after script execution errors 2024-02-09 14:26:07 +01:00
Jordi Boggiano 690fe716c5
Output more warnings about plugins being disabled to hint that it may cause problems, fixes #11839 (#11842) 2024-02-09 11:56:25 +01:00
Jordi Boggiano 6335551cc2
Fix diagnose auditing of composer dependencies in phar files 2024-02-08 16:24:16 +01:00
Jordi Boggiano f00d3fb5ab
Reverting release version changes 2024-02-08 15:09:19 +01:00
Jordi Boggiano 96d107e2bf
Release 2.7.0 2024-02-08 15:09:19 +01:00
Jordi Boggiano 64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h

* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
Jordi Boggiano 754f2868fb
Add non-zero return codes when why-not finds a reason a package is not installable, or when why finds no reason it is there, fixes #11796 2024-02-07 22:27:58 +01:00
Dezső BICZÓ 7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-07 22:13:36 +01:00
Ayesh Karunaratne e0807d381e
Diagnose command: Add GitHub OAuth token expiration date information (#11688)
GitHub's new fine-grained tokens have a cumpulsory expiration date, and their
classic tokens also support an expiration date.

https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/

This improves the `composer diagnose` command to display the expiration
date and time if it is provided by the response headers
(via `GitHub-Authentication-Token-Expiration`).
2024-02-07 21:30:24 +01:00
Jordi Boggiano 0c99bfc8fd
Fix root aliases causing problems when auditing locked dependencies, fixes #11771 2024-02-07 11:37:50 +01:00
Jordi Boggiano fa040131b0
Add more details to event debug output, refs #11818 2024-02-07 11:18:06 +01:00
PrinsFrank fd23381391
Add arguments to command call output (#11826) 2024-02-07 11:11:16 +01:00
Kuba Werłos 7745d56c14
Do not show error that plugins have been disabled when they are already disabled (#11803) 2024-02-07 09:32:55 +01:00
Stephan 9a656854ad
ValidatingArrayLoader: fix link validation with missing name (#11830) 2024-02-06 17:18:41 +01:00
Jordi Boggiano e88c7a8987
Add support for wildcards in outdated's --ignore arg, fixes #11831 2024-02-06 17:17:25 +01:00
Derek Stephen McLean ebb6a82099
issue #11811 auth token links on separate lines (#11812)
* issue #11811 auth token links on separate lines

* 11811 - remove stray bracket

* 11811 : links on separte lines
2024-02-06 16:53:18 +01:00
Jordi Boggiano ef6c224ec2
Fix require command crashing at the end if no lock file is present, fixes #11814 2024-02-06 13:46:46 +01:00
Jordi Boggiano 0f70c0a9c9
Add detection of constraints which do not match anything in validate command, fixes #11802 (#11829) 2024-02-06 12:57:52 +01:00
Jordi Boggiano d3aeb1357f
Merge branch '2.6' 2024-01-26 17:45:05 +01:00
Jordi Boggiano 7048ff3808
Fix automatic disabling of plugins when running non-interactive as root 2024-01-26 17:44:35 +01:00
Jordi Boggiano f402517af5
Merge branch '2.6' 2024-01-26 17:27:48 +01:00
Jordi Boggiano b1bd22f37c
Fix type error 2024-01-26 17:27:42 +01:00
Jordi Boggiano 2ec8feb825
Merge branch '2.6' 2024-01-26 17:11:27 +01:00
Jordi Boggiano 952256247c
Only include installed versions class when plugins and scripts are allowed, as it is not needed otherwise 2024-01-26 17:11:16 +01:00
Jordi Boggiano 4e5be9ee7d
Emit warning instead of crashing on invalid security advisory API response, fixes #11767 2024-01-12 14:20:59 +01:00
Jordi Boggiano a29acbdd2e
Ensure repos declaring security-advisories have at least an API or a restricted set of packages to avoid too many wasteful requests 2024-01-12 13:17:05 +01:00
Jordi Boggiano 3491986ad3
Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var (#11791)
* Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var, fixes #530

* Address feedback

* Add warning in diagnose command when COMPOSER_IPRESOLVE is set
2024-01-11 17:13:54 +01:00
Jordi Boggiano c069174ac7
Merge remote-tracking branch 'origin/2.6' 2024-01-11 16:44:46 +01:00
Jordi Boggiano 75fd2bbeb2
Ensure we respect available-package-patterns and available-packages directives when fetching security advisories, fixes #11704 (#11773) 2024-01-11 16:44:27 +01:00
Jordi Boggiano 55db88f51b
Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728 2024-01-11 09:53:00 +01:00
Jordi Boggiano 3427bee1f2
🤦 2024-01-10 13:47:26 +01:00
Jordi Boggiano 10667db1ba
Only override ist url if it is not handled gracefully already 2024-01-10 13:42:01 +01:00
Jordi Boggiano 547a635287
Fix build 2024-01-10 13:34:56 +01:00
Jordi Boggiano 042a8c2128
Ensure dist url/type/checksum remain the same when doing lock hash updates, refs #11787 2024-01-10 13:33:49 +01:00
Jordi Boggiano 284821543a
Merge branch '2.6' 2024-01-08 16:10:20 +01:00
Sam L 44f02a5c86
Add COMPOSER_FUND=0 env var to disable calls for funding (#11779) 2024-01-08 15:10:49 +01:00
Jordi Boggiano be71bf056e
Fix support for versions with 4 components in VersionSelector, fixes #11716 2024-01-08 14:56:08 +01:00
Jordi Boggiano 071fbcf347
Fix warnings incorrectly being shown when using require with upper bound ignored on platform requirements, fixes #11722 (#11786) 2024-01-08 14:48:24 +01:00
Jordi Boggiano 534bc20beb
Add support for combining show --self with --installed or --locked (#11785) 2024-01-08 14:14:44 +01:00
rkpiii d00e38a038
[11744] handle missing hyphen when attempting to run self-update… (#11775)
* [11744] handle missing hyphen when attempting to run self-update command

* fix: [1744] silently fix the "self update" command
2024-01-04 17:02:34 +01:00
Quynh Anh 8246892d48
Fix PackageInterface parameter comments (#11777) 2024-01-04 14:49:27 +01:00
Jordi Boggiano efe6e44883
Perform audit on Composer and its dependencies during diagnose, fixes #11216 (#11761) 2024-01-04 10:55:59 +01:00
Jordi Boggiano 12ed21705d
Check for non-platform requirements before warning that no deps are installed on show command, fixes #11760 2023-12-22 17:48:47 +01:00
Roberto Guido 8e62977cb5
Exposing GitLab's project metadata (#11734)
* Exposing GitLab's project metadata

* Fixed check about GitLab project's metadata initialization
2023-12-20 16:50:24 +01:00
Jordi Boggiano 53a1f32061
Add --sort-by-age to show/outdated commands, and also release date for latest package in --latest mode (#11762) 2023-12-20 15:37:27 +01:00
Jordi Boggiano c8f1028ef9
Fix minor error msg issue 2023-12-20 15:16:12 +01:00
Stephan 86cd364901
Audit: add severity to plain and table output (#11702) 2023-12-19 19:11:50 +01:00
Jordi Boggiano 9b0f9b40a4
Show package source in very verbose updates, fixes #11733 (#11763) 2023-12-19 17:17:48 +01:00
Jordi Boggiano 4a209b7d3d
Fix bump command not bumping versions with a v prefix e.g. ^v2.4, fixes #11723 (#11764) 2023-12-19 17:17:32 +01:00
Jordi Boggiano 3cfd9bf51b
Ensure composer.json gets deleted after a dry run require, fixes #11747 2023-12-19 15:51:39 +01:00
Jordi Boggiano e0f75276a2
Switch default audit.abandoned to fail for 2.7 release 2023-12-18 15:02:10 +01:00
Jordi Boggiano bf6c7f8ea2
Merge branch '2.6' 2023-12-18 10:12:45 +01:00
Jordi Boggiano e14d28baec
Update deps 2023-12-18 10:11:33 +01:00
Jordi Boggiano eaa7dd46f5
Reverting release version changes 2023-12-08 18:32:27 +01:00
Jordi Boggiano 683557bd24
Release 2.6.6 2023-12-08 18:32:26 +01:00
Travis Carden aefa46dfba
Add support for "scripts-aliases" in composer.json (#11666) 2023-10-27 11:36:59 +02:00
Jordi Boggiano cc653161c3
Merge branch '2.6' 2023-10-26 11:39:41 +02:00
Dan Wallis 8c0f1e10dc
Display error instead of throwing exception when unable to update with temporary constraint (#11692) 2023-10-26 11:38:02 +02:00
Dan Wallis 81b662d388
Suggest running 'require' not 'update' if a root req fails to update (#11691) 2023-10-26 11:08:03 +02:00
Tom Klingenberg 03085c8181
Fix Git Driver to use supported Git VCS driver URL
Otherwise the URL may not be supported since 3bb191a46 (Add support for
env vars and ~ (for HOME) in repo paths for vcs and artifact
repositories, fixes #11409 (#11453), 2023-05-07)
2023-10-26 11:06:11 +02:00