1
0
Fork 0
Commit Graph

8089 Commits (3e22e1ceda0d794c114bb4688c3fd533908b3842)

Author SHA1 Message Date
Uladzimir Tsykun 3e22e1ceda
Fix error when vendor dir contains broken symlinks (#11670) 2023-10-06 09:53:39 +02:00
Jordi Boggiano cb363b0e84
Fix autoload generator dump() non-BC signature change in 2.6.4 2023-10-06 09:34:10 +02:00
Jordi Boggiano 64c5bdd55b
Reverting release version changes 2023-09-29 10:54:48 +02:00
Jordi Boggiano d75d17c16a
Release 2.6.4 2023-09-29 10:54:47 +02:00
Pol Dellaiera b608b8e87e
feat: improve Composer's output reproducibility (#11663)
* AutoloadGenerator: add `Locker` parameter to the `dump` method
* AutoloadGenerator: do not create a random hash, re-use the one from the lock file if it exists
* FileSystem: make sure `safeCopy` copy also the file time metadata
2023-09-28 11:43:52 +02:00
Jordi Boggiano 892eaacedf
Optimize show -a by loading only the requested package (#11659)
Fixes #11648
2023-09-27 11:28:33 +02:00
Yanick Witschi f6ce8349c5
Use CompilingMatcher in DefaultPolicy for performance reasons (#11638)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-27 09:08:29 +02:00
Dezső BICZÓ 755de04bf5
Fix abandoned package list JSON serialization (#11647)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-26 14:23:45 +02:00
Jordi Boggiano 39faacbca9
Reverting release version changes 2023-09-15 09:38:22 +02:00
Jordi Boggiano ff477832e6
Release 2.6.3 2023-09-15 09:38:22 +02:00
Jordi Boggiano e3484c8581
Add audit.abandoned warnings for abandoned packages, fixes #11623 (#11639) 2023-09-14 11:30:09 +02:00
Jordi Boggiano 3bc72f75cb
Fix build, update deps 2023-09-13 18:17:28 +02:00
wgevaert e2f5afd4cd
Add warning when duplicate "files" autoload rules are detected (#11109)
Co-authored-by: Wout Gevaert <wout@wikibase.nl>
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-13 14:11:00 +02:00
Yanick Witschi 5474dc9b5b
Fixed replaced packages being incorrectly missing when unlocked by an old version (#11629)
Co-authored-by: Nils Adermann <naderman@naderman.de>
2023-09-13 10:42:47 +02:00
Jason McCreary 1e4966c313
Get realpath for `ZipArchive` (#11636) 2023-09-13 09:59:22 +02:00
Jordi Boggiano 1ac0ea8739
Retry curl receive errors when connection reset by peer, fixes #11622 2023-09-12 10:10:53 +02:00
Jordi Boggiano 755e89fc91
Fix loading of root aliases on path repo packages when doing partial updates, fixes #11630 (#11632) 2023-09-11 17:45:19 +02:00
Christophe Coevoet 087b21d687
Fix the promise resolution for the cleanup logic (#11620) 2023-09-11 17:40:43 +02:00
Jordi Boggiano 75ae504b2c
Reverting release version changes 2023-09-03 14:09:16 +02:00
Jordi Boggiano 623e5e1de0
Release 2.6.2 2023-09-03 14:09:15 +02:00
Michael Voříšek 40244dc228
Revert "Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562)" (#11617)
This reverts commit 9c25633d6d.
2023-09-03 13:39:48 +02:00
Jordi Boggiano 98a588eb90
Avoid COMPOSER env being set if not necessary as it can cause issues with scripts, fixes #11613, refs #11493 2023-09-03 11:13:54 +02:00
Uladzimir Tsykun 90cbb144b2
Fix exit code 5 on composer require/create-project command (#11616) 2023-09-03 10:54:07 +02:00
Jordi Boggiano d221d5c69a
Reverting release version changes 2023-09-01 13:53:09 +02:00
Jordi Boggiano ee851d6b6b
Release 2.6.1 2023-09-01 13:53:08 +02:00
Jordi Boggiano 5fae76ce67
Revert "Allow executing binaries which are not marked executable via shell proxies (#11557)"
This reverts commit c1f2964105.
2023-09-01 13:50:20 +02:00
Jordi Boggiano 9ab8ef5a71
Reverting release version changes 2023-09-01 10:07:51 +02:00
Jordi Boggiano ea4222fad9
Release 2.6.0 2023-09-01 10:07:50 +02:00
Jordi Boggiano 7dc5666f33
Avoid failing the require command if the audit step failed 2023-09-01 10:05:13 +02:00
Dezső BICZÓ 0ab4dfba7c
Change audit.ignore behavior before 2.6.0 (#11605)
* Still report ignored security advisories

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-01 10:04:31 +02:00
ಠ_ಠ 1a2bd38764
allow bumping for patch level version constraints fixes #11579 (#11590) 2023-08-31 11:05:49 +02:00
Travis Carden 1c4ac1c437
Add `dumpautoload --dry-run` option (#11608) 2023-08-31 10:35:02 +02:00
Martin Herndl 6fd145f01e
Allow --strict-psr in `DumpAutoloadCommand` also with --classmap-authoritative (#11607) 2023-08-30 21:43:16 +02:00
Tom Klingenberg db53c65986
COMPOSER_DISABLE_NETWORK aware `diagnose` checks; SKIP output (#11597)
Make `diagnose` checks aware of COMPOSER_DISABLE_NETWORK (true) and skip
Composer network operations that would otherwise spill stack traces into
diagnostic messages and taint the result as error while the check itself
is not applicable/useful within the environment.

`COMPOSER_DISABLE_NETWORK` was released with [2.0.0-alpha1] and intro-
duced in fc03ab9bb (Add COMPOSER_DISABLE_NETWORK env var for debugging,
2019-01-14).

The previous behaviour was to exit with a status of two (2), denoting an
error.

The new behaviour is to exit with a status of zero (0), showing the
successful skipping of diagnostics that can only be run when Composer
network is enabled - not disabled.

SKIP output is updated and streamlined.

NOTE: The "prime" Value

It is irrelevant for diagnose checks, as all diagnostic checks that
spilled were with the HTTP Downloader and the check is aligned (both
"1" or "prime" values disable):

    (bool) Platform::getEnv('COMPOSER_DISABLE_NETWORK')

NOTE: Not Affected

 * The `allow_url_fopen` diagnostic check, platform related
 * The `disable-tls` setting related HTTP Downloader creation warning

[2.0.0-alpha1]: <https://getcomposer.org/changelog/2.0.0-alpha1> "released 2020-06-03"
2023-08-30 21:35:59 +02:00
Christophe Coevoet 83771ce9ba
Fix the mtime of the vendor folder when running composer install (#11593)
When splitting the logic between the lock file management and the vendor
folder management in composer 2.0, the logic playing nice with make was
broken by running the logic based on operations performed in the lock
file instead of operations performed in the vendor folder.
2023-08-30 18:05:58 +02:00
Jordi Boggiano 094fb6cd70
Fix support for react/promise 2.x 2023-08-30 11:38:36 +02:00
Jordi Boggiano bbd2c9613e
Fix uncaught promises when doing synchronous file downloads that fail, fixes #11563 2023-08-30 11:19:47 +02:00
Jordi Boggiano 83792838c9
Fix problem output bug when purely numeric versions are condensed 2023-08-30 10:45:57 +02:00
Stephan 5062338079
Audit: ignores configured repository options (#11173)
* Audit: ignores configured repository options

* ComposerRepository: add test case to assert that repo http options are used to make security advisory POST request
2023-08-29 15:16:34 +02:00
Jordi Boggiano 95dca79fc2
Output error message in verbose mode before asking for credentials, fixes #11570 2023-08-04 11:06:00 +02:00
Jordi Boggiano 7ffcaacd08
Fix ignored config merging when audit is present but ignored isnt 2023-08-04 11:05:59 +02:00
Dan Wallis 9c25633d6d
Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562) 2023-08-02 11:55:24 +02:00
Jordi Boggiano f4738d97b7
Add support for Application::setCatchErrors in symfony 6.4+, refs symfony/symfony#50420 2023-07-28 19:33:33 +02:00
Jordi Boggiano 0cdabcc4ee
Add audit.ignored config setting to ignore security advisories by id or CVE id, fixes #11298 (#11556) 2023-07-21 14:36:38 +02:00
Julian Liebig a6c7b0b327
Retry download if curl error 55 is encountered (#11543) 2023-07-21 14:29:56 +02:00
David Zülke 3e9c148b63
Fix trailing whitespace in 'composer show -N' (#11536)
The name column was always padded to maximum width, even if no other columns were printed.

This makes it difficult to use the output e.g. in pipelines.

Fixed for all possible columns, and with tests for two cases (regular show and show outdated).
2023-07-21 11:29:38 +02:00
David Zülke 07f706e57d
Fix 'composer show --platform <package>' erroring if no composer.json is present (#11533)
Sort of related to #11046 (although this is not a regression, but didn't work before, either)
2023-07-21 11:28:36 +02:00
Stephan cf8ea3c70e
GitHubDriver: better handle empty composer.json file (#11552) 2023-07-21 11:09:32 +02:00
David Zülke 8f49166ec6
Fix lib-curl-openssl parsing for SecureTransport (#11534)
On macOS, if libcurl is built against SecureTransport, the platform repository will contain an invalid package name:

    % composer show --platform | grep curl
    ext-curl                           8.2.7    The curl PHP extension
    lib-curl                           8.1.2    The curl library
    lib-curl-(securetransport) openssl 3.1.1    curl (securetransport) openss...
    lib-curl-libssh2                   1.11.0   curl libssh2 version
    lib-curl-zlib                      1.2.11   curl zlib version

This change fixes it:

    % bin/composer show --platform | grep curl
    lib-curl                 8.1.2              The curl library
    lib-curl-libssh2         1.11.0             curl libssh2 version
    lib-curl-securetransport 3.1.1              curl (securetransport) openssl ...
    lib-curl-zlib            1.2.11             curl zlib version

(second column width difference comes from the Composer dev version number)
2023-07-21 11:06:03 +02:00
Attia A. Ahmed ce876e7a6f
Fix broken junctions leading to installation failure on Windows (#11550) 2023-07-21 10:59:59 +02:00