1
0
Fork 0
Commit Graph

11409 Commits (44f9b8040e0ad761e0fd6560fe39a000b8a90893)

Author SHA1 Message Date
naveen 14476ec2a6
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-22 08:18:22 +02:00
Chris Reed 03fbcdbf07
Fix exported path with space in binary installer proxy (#10836) 2022-06-10 21:56:11 +02:00
Jordi Boggiano ba2ce37cd9
Reverting release version changes 2022-06-06 16:32:51 +02:00
Jordi Boggiano 8c7a2d200b
Release 2.2.14 2022-06-06 16:32:50 +02:00
Jordi Boggiano 7cb994fade
Update changelog 2022-06-06 16:32:44 +02:00
Stephan Jorek fbc85dede8
allow chained proxy-binary php-inclusions (#10823)
* allow chained proxy-binary php-inclusion by skipping redundant “phpvfscomposer” stream-wrapper registration
2022-06-06 16:14:54 +02:00
Jordi Boggiano e3527ea37f
Detect broken symlinks when checking for a package's presence, fixes #6708 2022-06-06 15:22:49 +02:00
Jordi Boggiano a76a1c9fc2
Fix parsing of multi-line arrays in funding yml, fixes #10784 2022-06-06 14:49:37 +02:00
Fabien Villepinte 1e9210f7b1
Fix TypeError when a JSON file can not be read (#10818) 2022-06-04 15:20:58 +02:00
Jordi Boggiano 15f7d24e7e
Parse openssl 3 versions cleaner 2022-06-02 21:17:44 +02:00
Jordi Boggiano 3ead6c0119
Backport schema fixes for gitlab-token, fixes #10800 2022-06-01 21:32:29 +02:00
Nicolas Hedger 70a7b592e9
Fix JSON schema regex pattern (#10811) 2022-06-01 21:23:07 +02:00
Matronator 313142c6cd
Escape forward slash in `properties.name` 2022-06-01 21:06:22 +02:00
Jan Tojnar 955194f896
docs: Fix inconsist semver operator suggestion (#10810)
Using caret over tilde is better since it behaves the same as in npm:
https://jubianchi.github.io/semver-check/#/constraint/~3.0
But when this change was introduced in https://github.com/composer/composer/pull/5396,
it was not complete.
2022-05-31 13:24:38 +02:00
Jordi Boggiano 5d353716d3
Reverting release version changes 2022-05-25 21:37:26 +02:00
Jordi Boggiano de11c9819a
Release 2.2.13 2022-05-25 21:37:25 +02:00
Jordi Boggiano 86dcc7ac23
Update changelog 2022-05-25 21:36:44 +02:00
Jordi Boggiano 10d3895f18
Ensure that dotfiles can be excluded, fixes #8866 2022-05-24 22:14:17 +02:00
Jordi Boggiano 25542aca70
Update baseline 2022-05-24 21:26:37 +02:00
Jordi Boggiano 654ecc759a
Check that symlink function exists before using it in path repo, fixes #10786 2022-05-24 21:21:47 +02:00
Jordi Boggiano d131be009d
Update deps 2022-05-24 14:46:47 +02:00
Jordi Boggiano 44a52e4157
Fix backtracking in name validation regex 2022-05-24 14:32:18 +02:00
John Stevenson 2837585e47
Fix cmd splitting paths on commas (#10775) 2022-05-12 21:13:55 +02:00
Jordi Boggiano aeb204bb1d
Fix race condition where multiple http requests requiring auth end up failing, fixes #10763 2022-05-11 13:06:59 +02:00
Jordi Boggiano 1d0fa93495
Fix lock:false still outputting lock file changes 2022-05-11 09:42:13 +02:00
Nicolas Grekas c27dca83ef
Fix deprecated syntax since PHP 8.2 (#10766) 2022-05-08 10:39:36 +02:00
Jordi Boggiano 1cdc43d9de
Merge pull request #10748 from glaubinix/f/gitlab-auth
GitLab: handle infinite loop during composer install
2022-04-29 12:07:01 +02:00
Stephan Vock d40c3a89c0
GitLab: add warning in case GitLab authentication is misconfigured 2022-04-28 21:37:45 +01:00
Stephan Vock 89721ab322
GitLab: detect invalid token setup and attempt to automatically resolve the issue for the user 2022-04-28 21:17:05 +01:00
Stephan Vock 3b4a3d63bf
GitLab: prevent invalid loop during composer install with invalid credentials 2022-04-28 21:16:16 +01:00
Jordi Boggiano 20d11bfdfb
Display the stored channel when choosing a specific channel in self-update, fixes #10719 2022-04-14 11:25:44 +02:00
Jordi Boggiano b0b364af19
E_TOO_MANY_BRANCHES 2022-04-13 17:24:39 +02:00
Jordi Boggiano 9a62ef7ff2
Add missing return type 2022-04-13 17:07:33 +02:00
Jordi Boggiano 699956867d
Reverting release version changes 2022-04-13 16:42:26 +02:00
Jordi Boggiano ba61e768b4
Release 2.2.12 2022-04-13 16:42:25 +02:00
Jordi Boggiano a1f9baa118
Fix 5.3/5.4 builds 2022-04-13 16:42:12 +02:00
Jordi Boggiano 2ba8758b30
Update changelog 2022-04-13 16:00:31 +02:00
Stephan 2c40c53637
Merge pull request from GHSA-x7cr-6qr6-2hh6
* GitDriver: filter branch names starting with a - character

* GitDriver: getFileContent prevent identifiers starting with a -

* HgDriver: prevent invalid identifiers and prevent file from running commands

* HgDriver: filter branches starting with a - character
2022-04-13 15:54:58 +02:00
Jordi Boggiano 915b97fc39
Fix docs 2022-04-13 15:22:18 +02:00
Jordi Boggiano d64e32c991
Merge remote-tracking branch 'ktomk/patch-validate-no-check-lock' into 2.2 2022-04-13 15:21:36 +02:00
Jordi Boggiano 0a8dfe6ef7
Clarify that autoloader-suffix should be a non-empty-string, fixes #10720 (#10725) 2022-04-13 15:17:07 +02:00
Jordi Boggiano bb0edce095
Fixed lock file being used when lock:false is in config, refs #10715 (#10726) 2022-04-13 14:52:13 +02:00
Tom Klingenberg 939c998baf validate lock-file if configured (#10715, --check-lock)
if no lock-file is configured, turn lock file validation errors into
warnings (implicit --no-check-lock) unless those are explicitly promoted
via the new --check-lock option.

- `{"config": {"lock": false}}` is an implicit `--no-check-lock` for
  composer validate.
- `--check-lock` overrides an (implicit or explicit) `--no-check-lock`,
  always.

issue: #10715
2022-04-12 22:30:41 +02:00
Jordi Boggiano 9bfd059420
Fix curl downloader to retry in case of DNS resolution failure, fixes #10716 2022-04-07 15:56:23 +02:00
Jordi Boggiano d7f0733959
Detect exec failures in compile script, refs #10693 2022-04-02 13:04:27 +02:00
Jordi Boggiano 1cc23e1a8b
🤦‍♂️ 2022-04-02 13:04:03 +02:00
Jordi Boggiano 6b330b7456
Fix tests 2022-04-02 12:58:29 +02:00
Jordi Boggiano 34fa266114
Fix windows build 2022-04-02 12:48:02 +02:00
Jordi Boggiano 96f087a273
Remove unnecessary realpath which can fail, closes #10694 2022-04-02 12:45:27 +02:00
Jordi Boggiano 0985501602
Fix windows build 2022-04-02 12:38:23 +02:00