1
0
Fork 0
Commit Graph

12371 Commits (57427e6227f3bd9093daedab2a64feeb6cced4fa)

Author SHA1 Message Date
Jordi Boggiano 8c9f82dc1e
Move security advisory loading to repositories, allows others to provider them and reduces load on packagist.org for summary advisory reports 2022-06-24 16:26:57 +02:00
Jordi Boggiano 978037fbfa
Fix build 2022-06-24 11:12:57 +02:00
Jordi Boggiano 4229c2c641
Merge branch '2.3' into main 2022-06-24 11:10:07 +02:00
Jordi Boggiano f7e88099af
Merge branch '2.2' into 2.3 2022-06-24 11:09:45 +02:00
Stephan 6776cef441
Fix: ValidatingArrayLoader [TypeError]: strcasecmp(): Argument #1() must be of type string, int given (#10897) 2022-06-24 10:30:33 +02:00
Jordi Boggiano ddecd5e328
Add hint to why-not that calling update with a temporary constraint can also help elucidate an issue 2022-06-23 21:16:12 +02:00
Jordi Boggiano eba49147e7
Add warning when the latest version of a package cannot be auto-selected in require/init/create-project, fixes #10884 (#10896) 2022-06-23 14:37:04 +02:00
Jordi Boggiano a5fdc00de1
Remove duplicate function in RootPackageInterface, fixes #10895 2022-06-23 13:39:39 +02:00
Nils Adermann 92ff8e5bc6
Audit command doc improvements (#10893) 2022-06-23 12:59:45 +02:00
Jordi Boggiano 658f56ff13
Fix audit command to exit with amount of advisories matched 2022-06-23 12:31:09 +02:00
Jordi Boggiano e3c46cb2b2
Audit locked packages if update is called with --no-install, fixes #10894 2022-06-22 16:36:54 +02:00
Jordi Boggiano 611b215896
Fix PHPStan issues and a couple minor bugs in audit functionality, refs #10798 2022-06-22 15:39:51 +02:00
Guy Sartorelli d93239ddd9
Add audit command to check for security issues (#10798)
Closes #10329
2022-06-22 15:15:01 +02:00
Mathias Reker ⚡️ d17c724f23
Php unit dedicate assert (#10881)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2022-06-22 14:20:08 +02:00
Mathias Reker ⚡️ 4131f7cf4c
Static lambda (#10854)
Lambdas not (indirect) referencing $this must be declared static.
2022-06-22 14:19:18 +02:00
Jordi Boggiano ef276d26d6
Add upcoming fixes, refs #10871 2022-06-22 14:02:22 +02:00
Jordi Boggiano b627816781
Merge branch '2.3' into main 2022-06-22 13:49:30 +02:00
Jordi Boggiano 30a8b82b15
Merge branch '2.2' into 2.3 2022-06-22 13:49:11 +02:00
immeëmosol bbcadcb35e
Hint at improved merge conflict resolving (#10840) 2022-06-22 13:47:15 +02:00
Marek Stipek 690ab5166a
Ignoring passed arguments for @putenv, closes #10846 2022-06-22 13:40:35 +02:00
Jordi Boggiano 5730c24c92
Rethrow path repo init failures with path information, closes #10845 2022-06-22 13:30:39 +02:00
Jordi Boggiano d132b9e6fd
Fixup 2022-06-22 13:11:28 +02:00
Jordi Boggiano 53680afb85
Merge branch '2.3' into main 2022-06-22 13:09:06 +02:00
Jordi Boggiano 81043c5691
Add git version to diagnose command, and warn if <2.24, closes #10832 2022-06-22 13:05:35 +02:00
anzago 567423e9f7
Removed blank line in missing extensions hint when having no php.ini loaded file (#10839) 2022-06-22 12:29:36 +02:00
Jordi Boggiano bad3eb2cd9
Update deps, update baseline (1958, 103) 2022-06-22 09:49:09 +02:00
Jordi Boggiano 16ee2e479f
Merge branch '2.2' into 2.3 2022-06-22 09:16:23 +02:00
Jordi Boggiano 5c68c2c86d
Fix case where branches cannot be listed in GitDownloader, fixes #10888 2022-06-22 08:50:55 +02:00
naveen 14476ec2a6
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-22 08:18:22 +02:00
Jordi Boggiano b025971bb8
Add missing strict type decl, closes #10863 2022-06-22 08:17:18 +02:00
Mathias Reker ⚡️ 279b518518
No useless sprintf (#10878)
There must be no sprintf calls with only the first argument.
2022-06-21 21:19:09 +02:00
Mathias Reker ⚡️ 4714fd5a7b
No useless return (#10877)
There should not be an empty return statement at the end of a function.
2022-06-21 21:17:47 +02:00
Mathias Reker ⚡️ 805b7f12f9
No alias functions (#10864)
Primary functions shall be used instead of aliases.
2022-06-21 21:16:04 +02:00
Jordi Boggiano e8530699c3
Add --strict-psr flag to dump-autoload to fail the process if psr violations were detected, fixes #10241 (#10886) 2022-06-20 13:57:20 +02:00
Jordi Boggiano c2046566fc
Merge pull request #10885 from Seldaek/classmapgen
Make use of composer/class-map-generator and deprecate ClassMapGenerator class
2022-06-20 13:47:26 +02:00
Jordi Boggiano 3a945ac70f
Delete ClassMapGenerator tests which are not needed anymore 2022-06-19 14:08:02 +02:00
Jordi Boggiano 7d4d941392
Make use of new composer/class-map-generator package and build up BC layer 2022-06-19 14:02:24 +02:00
Ayesh Karunaratne 3e844cc48f
`composer bump` - Fix typo in the warning message (#10841)
Change warning text 'Alternatively you can use --dev-only to only bump dependencies within "require-dev"'
that said `--dev` instead of `--dev-only`.
2022-06-12 21:44:03 +02:00
Chris Reed 03fbcdbf07
Fix exported path with space in binary installer proxy (#10836) 2022-06-10 21:56:11 +02:00
Jordi Boggiano 6186d0c1d5
Add --gc flag to cache-cache command and ability to GC vcs/repo caches, fixes #7834 (#10826) 2022-06-09 11:46:00 +02:00
Jordi Boggiano 0fd845eeaf
Add --major-only flag to outdated/show commands to restrict the list to packages with major updates available, fixes #10439 (#10827) 2022-06-09 11:45:32 +02:00
Jordi Boggiano 70f2dd6edd
Add bump command to bump requirements to the currently installed version, fixes #7273 (#10829) 2022-06-09 11:43:59 +02:00
Jordi Boggiano 73fd0f22e8
Fix phpstan 8.1 build 2022-06-08 20:03:59 +02:00
Jordi Boggiano 203ec4b485
Update baseline (1947, 103) 2022-06-08 15:07:38 +02:00
Jordi Boggiano e9b44b4499
Document files autoloading order, fixes #10509 2022-06-07 15:27:54 +02:00
Carsten Brandt 7cf3b01631
Added documentation about HTTP Bearer Auth (#10780)
Bearer Auth has been added here:

- 548505f103
- f964b83018
- #8671
- #8642

but it was not documented in this file.
2022-06-07 14:04:04 +02:00
Jordi Boggiano ab1de96fcb
Do not verify rate limit OK as part of test as these might randomly fail 2022-06-06 17:01:31 +02:00
Jordi Boggiano 367012513d
Merge branch '2.3' into main 2022-06-06 16:49:52 +02:00
Jordi Boggiano b39608753b
Reverting release version changes 2022-06-06 16:43:28 +02:00
Jordi Boggiano 10cd375cf8
Release 2.3.7 2022-06-06 16:43:28 +02:00