1
0
Fork 0
Commit Graph

2863 Commits (5aa7b03b9d6cd0b20b32733298b6e97a2b11b287)

Author SHA1 Message Date
Jordi Boggiano 5aa7b03b9d
Fix test 2024-06-10 15:09:06 +02:00
Jordi Boggiano 6bd43dff85
Merge pull request from GHSA-v9qv-c7wm-wgmf 2024-06-10 14:56:13 +02:00
Jordi Boggiano fa3b9582c3
Fix secure-http check to avoid bypass using emojis 2024-06-10 14:48:02 +02:00
Jordi Boggiano 9dfcf62335
Fix new platform requirements from composer.json not being checked when composer.lock is outdated, fixes #11989 (#12001) 2024-05-31 17:53:52 +02:00
Jordi Boggiano dc857b4f91
Fixed PSR violations for classes not matching the namespace of a rule being hidden, fixes #11957 2024-05-31 17:52:05 +02:00
Jordi Boggiano c1be804a0c
Fix UX when a non-required plugin is still present in vendor dir (#12000)
Composer now skips it and does not prompt if it is not allowed to run, fixes #11944
2024-05-31 10:29:56 +02:00
Jordi Boggiano 37d722e73c
PHPStan/tests updates (#11996)
* Remove a bunch of inline ignores and migrate all PHPUnit assertions to static calls

* Update baseline (1573, 93)

* Update commit hash
2024-05-29 23:12:06 +02:00
Jordi Boggiano dd8af946fd
Fix tests 2024-05-29 22:08:42 +02:00
Jordi Boggiano 3773f77527
Fix perforce arg not being escaped correctly 2024-05-29 15:03:59 +02:00
Jordi Boggiano f83b6b1026
Enable new phpstan option 2024-05-27 17:11:31 +02:00
Ondřej Mirtes 5bb30ca170
Update PHPStan (#11976)
* Update PHPStan

* Update inline ignores to `@phpstan-ignore` with error identifier
2024-05-22 09:09:04 +02:00
Krzysztof Ciszewski 4d7476ca30
composer#11852 fix: ability to remove autoload* keys (#11967) 2024-05-08 11:19:05 +02:00
Jordi Boggiano 80631d2fc8
Fix one more case of unsetting a key in an object 2024-04-29 11:19:52 +02:00
Jordi Boggiano 232f4e7a5c
Fix config command issue handling objects in some conditions, fixes #11945 2024-04-29 10:59:35 +02:00
Jordi Boggiano b0ec0f96ad
Update phpstan deps and fix a few array_filter issues 2024-04-19 17:00:50 +02:00
John Stevenson 3cc490d4c4
Refactor proxy handling to require https_proxy (#11915)
Composer has always allowed a single http_proxy (or CGI_HTTP_PROXY)
environment variable to be used for both HTTP and HTTPS requests. But
many other tools and libraries require scheme-specific values.

The landscape is already complicated by the use of and need for upper
and lower case values, so to bring matters inline with current practice
https_proxy is now required for HTTPS requests.

The new proxy handler incorporates a transition mechanism, which allows
http_proxy to be used for all requests when https_proxy is not set and
provides a `needsTransitionWarning` method for the main application.

Moving to scheme-specific environment variables means that a user may
set a single proxy for either HTTP or HTTPS requests. To accomodate this
situation during the transition period, an https_proxy value can be set
to an empty string which will prevent http_proxy being used for HTTPS
requests.
2024-04-17 14:34:26 +02:00
Jordi Boggiano 92f641ac3d
Fix show command output to remove v prefixes on versions, making for more uniform output, fixes #11925 2024-04-15 13:23:25 +02:00
Jordi Boggiano b12a88b7f3
Fix call 2024-03-22 09:29:43 +01:00
Jordi Boggiano 54870a78c4
Add a new test to confirm that show --direct <name> works with direct dependents/dev-dependents 2024-03-21 16:59:41 +01:00
Jordi Boggiano 07fa4255d6
Add support for php extension packages (#11795)
* Update schema
* Validate php-ext is only set for php-ext or php-ext-zend packages
* Make sure the pool builder excludes php-ext/php-ext-zend
2024-03-20 22:04:58 +01:00
Jordi Boggiano 94fe294545
Fix self-update tests on releases 2024-03-11 17:32:50 +01:00
Pol Dellaiera 66acb84c12
Fix update --lock to avoid updating all metadata except dist/source urls and mirrors (#11850)
We now update the existing package instead of reverting changes in the updated package to ensure we keep all metadata intact, fixes #11787

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-05 11:32:40 +01:00
Jordi Boggiano d7cdb28b28
Try to fix CI 2024-02-23 10:54:34 +01:00
Pol Dellaiera a0d474f75c
Add a warning message when Composer is not able to guess the root package version (#11858)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-23 10:47:36 +01:00
Yuto Takakura 1b7a71f7e7
Add tests for SelfUpdateCommand (#11816)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-21 20:59:50 +01:00
Jordi Boggiano 64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h

* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
theoboldalex 7a6bb18e21
Adds a test for no dev (#11833) 2024-02-08 11:06:34 +01:00
Jordi Boggiano 67d80e1c9d
Fix php7.2 2024-02-07 22:44:22 +01:00
Jordi Boggiano df8f9f05a3
Update tests 2024-02-07 22:37:22 +01:00
Dezső BICZÓ 7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-07 22:13:36 +01:00
theoboldalex 338bc16a11
test: Covers audit of pkg with no sec advisories (#11789) 2024-02-07 11:40:29 +01:00
Stephan 9a656854ad
ValidatingArrayLoader: fix link validation with missing name (#11830) 2024-02-06 17:18:41 +01:00
Jordi Boggiano 0f70c0a9c9
Add detection of constraints which do not match anything in validate command, fixes #11802 (#11829) 2024-02-06 12:57:52 +01:00
Jordi Boggiano 55db88f51b
Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728 2024-01-11 09:53:00 +01:00
Jordi Boggiano 284821543a
Merge branch '2.6' 2024-01-08 16:10:20 +01:00
Sam L 44f02a5c86
Add COMPOSER_FUND=0 env var to disable calls for funding (#11779) 2024-01-08 15:10:49 +01:00
Jordi Boggiano be71bf056e
Fix support for versions with 4 components in VersionSelector, fixes #11716 2024-01-08 14:56:08 +01:00
Jordi Boggiano 071fbcf347
Fix warnings incorrectly being shown when using require with upper bound ignored on platform requirements, fixes #11722 (#11786) 2024-01-08 14:48:24 +01:00
Jordi Boggiano 534bc20beb
Add support for combining show --self with --installed or --locked (#11785) 2024-01-08 14:14:44 +01:00
theoboldalex 3be0ca8467
Adds a test for invalid arg combo (#11783) 2024-01-08 11:03:34 +01:00
Jordi Boggiano 53a1f32061
Add --sort-by-age to show/outdated commands, and also release date for latest package in --latest mode (#11762) 2023-12-20 15:37:27 +01:00
Stephan 86cd364901
Audit: add severity to plain and table output (#11702) 2023-12-19 19:11:50 +01:00
Jordi Boggiano 9b0f9b40a4
Show package source in very verbose updates, fixes #11733 (#11763) 2023-12-19 17:17:48 +01:00
Jordi Boggiano 4a209b7d3d
Fix bump command not bumping versions with a v prefix e.g. ^v2.4, fixes #11723 (#11764) 2023-12-19 17:17:32 +01:00
theoboldalex aaff0ae4df
Adds a test for UpdateCommand (#11724)
* test: Interactive mode should throw if no package

* PHPStan fix. Missing return type on test method
2023-12-08 18:26:05 +01:00
Travis Carden aefa46dfba
Add support for "scripts-aliases" in composer.json (#11666) 2023-10-27 11:36:59 +02:00
Jordi Boggiano cc653161c3
Merge branch '2.6' 2023-10-26 11:39:41 +02:00
Dan Wallis 8c0f1e10dc
Display error instead of throwing exception when unable to update with temporary constraint (#11692) 2023-10-26 11:38:02 +02:00
Dan Wallis 81b662d388
Suggest running 'require' not 'update' if a root req fails to update (#11691) 2023-10-26 11:08:03 +02:00
Jordi Boggiano 899dcedf66
Add --minimal-changes mode to perform partial updates --with-dependencies while changing only what is necessary in other dependencies (#11665) 2023-10-26 10:25:04 +02:00