1
0
Fork 0
Commit Graph

11990 Commits (7dfe4a38c86233eeb8420e701c715270dbe99d8b)

Author SHA1 Message Date
Jordi Boggiano 618fcb800b
Merge branch '2.2' into 2.3 2022-07-01 12:05:18 +02:00
Jordi Boggiano f14b02b9c9
Reverting release version changes 2022-07-01 12:01:26 +02:00
Jordi Boggiano 509dcbd4f8
Release 2.2.15 2022-07-01 12:01:26 +02:00
Jordi Boggiano c3bb27960b
Fix other issues with readonly caches, refs #10906 2022-07-01 11:55:43 +02:00
Jordi Boggiano f8324e0524
Fix support for read-only caches where the filesystem is not writable (fixes #10906) 2022-07-01 11:50:26 +02:00
Jordi Boggiano 143e42269a
Update changelog 2022-07-01 11:43:12 +02:00
Jordi Boggiano ac7a6e3326
Update docs, refs #10909 2022-07-01 11:35:50 +02:00
Tom Klingenberg 7adcf9f14c
Fix TypeError (#10904)
Fix string type requirement in case of NULL value:

    [TypeError]                                                                                                                                                                  
    Composer\Command\InitCommand::parseAuthorString(): Argument #1 ($author) must be of type string, null given, called in phar:///composer.phar/src/Composer/Command/InitCommand.php on line 345
2022-07-01 11:33:15 +02:00
Tom Klingenberg f1dd325e14
Fix TypeError (#10904)
Fix string type requirement in case of NULL value:

    [TypeError]                                                                                                                                                                  
    Composer\Command\InitCommand::parseAuthorString(): Argument #1 ($author) must be of type string, null given, called in phar:///composer.phar/src/Composer/Command/InitCommand.php on line 345
2022-07-01 11:23:04 +02:00
Tom Klingenberg 7ab4306c78
Fix TypeError (#10904)
Fix string type requirement in case of NULL value:

    [TypeError]                                                                                                                                                                  
    Composer\Command\InitCommand::parseAuthorString(): Argument #1 ($author) must be of type string, null given, called in phar:///composer.phar/src/Composer/Command/InitCommand.php on line 345
2022-07-01 11:15:29 +02:00
Andreas Schempp 424547bb70
Correctly merge boolean flag of allow-plugin config (#10909) 2022-07-01 11:08:35 +02:00
Jordi Boggiano 1812862d5e
Update phpstan to latest, update baseline (1909, 103) 2022-06-30 17:07:18 +02:00
dependabot[bot] 51db9e823c
Bump actions/cache from 2 to 3 (#10902)
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-30 15:17:38 +02:00
Jordi Boggiano efd426f8bb
Extract some common logic for filtering away dev requirements into a RepositoryUtils 2022-06-30 15:05:34 +02:00
Jordi Boggiano de9996d4c4 Output exception class when audit fails 2022-06-30 14:28:16 +02:00
Naveen 137ed52966
chore: Included githubactions in the dependabot config (#10900)
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-28 20:32:45 +02:00
Jordi Boggiano f9db69ae1f
Merge pull request #10898 from Seldaek/meta_advisories
Move security advisory loading to repositories
2022-06-28 20:31:03 +02:00
Dan Wallis d880ab68cf
Allow use of --locked with depends and prohibits (#10834)
* Allow use of --locked with depends and prohibits

* Only include other repos if not --locked

* Move logic to appease PHPStan

* Load a PlatformRepository when reading lock file
2022-06-25 17:06:58 +02:00
Jordi Boggiano 0196690ab3
Disable automatic audit at the end of install step to keep things fast, switch --no-audit to an opt-in --audit flag 2022-06-24 16:54:30 +02:00
Jordi Boggiano 8c9f82dc1e
Move security advisory loading to repositories, allows others to provider them and reduces load on packagist.org for summary advisory reports 2022-06-24 16:26:57 +02:00
Jordi Boggiano 978037fbfa
Fix build 2022-06-24 11:12:57 +02:00
Jordi Boggiano 4229c2c641
Merge branch '2.3' into main 2022-06-24 11:10:07 +02:00
Jordi Boggiano f7e88099af
Merge branch '2.2' into 2.3 2022-06-24 11:09:45 +02:00
Stephan 6776cef441
Fix: ValidatingArrayLoader [TypeError]: strcasecmp(): Argument #1() must be of type string, int given (#10897) 2022-06-24 10:30:33 +02:00
Jordi Boggiano ddecd5e328
Add hint to why-not that calling update with a temporary constraint can also help elucidate an issue 2022-06-23 21:16:12 +02:00
Jordi Boggiano eba49147e7
Add warning when the latest version of a package cannot be auto-selected in require/init/create-project, fixes #10884 (#10896) 2022-06-23 14:37:04 +02:00
Jordi Boggiano a5fdc00de1
Remove duplicate function in RootPackageInterface, fixes #10895 2022-06-23 13:39:39 +02:00
Nils Adermann 92ff8e5bc6
Audit command doc improvements (#10893) 2022-06-23 12:59:45 +02:00
Jordi Boggiano 658f56ff13
Fix audit command to exit with amount of advisories matched 2022-06-23 12:31:09 +02:00
Jordi Boggiano e3c46cb2b2
Audit locked packages if update is called with --no-install, fixes #10894 2022-06-22 16:36:54 +02:00
Jordi Boggiano 611b215896
Fix PHPStan issues and a couple minor bugs in audit functionality, refs #10798 2022-06-22 15:39:51 +02:00
Guy Sartorelli d93239ddd9
Add audit command to check for security issues (#10798)
Closes #10329
2022-06-22 15:15:01 +02:00
Mathias Reker ⚡️ d17c724f23
Php unit dedicate assert (#10881)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2022-06-22 14:20:08 +02:00
Mathias Reker ⚡️ 4131f7cf4c
Static lambda (#10854)
Lambdas not (indirect) referencing $this must be declared static.
2022-06-22 14:19:18 +02:00
Jordi Boggiano ef276d26d6
Add upcoming fixes, refs #10871 2022-06-22 14:02:22 +02:00
Jordi Boggiano b627816781
Merge branch '2.3' into main 2022-06-22 13:49:30 +02:00
Jordi Boggiano 30a8b82b15
Merge branch '2.2' into 2.3 2022-06-22 13:49:11 +02:00
immeëmosol bbcadcb35e
Hint at improved merge conflict resolving (#10840) 2022-06-22 13:47:15 +02:00
Marek Stipek 690ab5166a
Ignoring passed arguments for @putenv, closes #10846 2022-06-22 13:40:35 +02:00
Jordi Boggiano 5730c24c92
Rethrow path repo init failures with path information, closes #10845 2022-06-22 13:30:39 +02:00
Jordi Boggiano d132b9e6fd
Fixup 2022-06-22 13:11:28 +02:00
Jordi Boggiano 53680afb85
Merge branch '2.3' into main 2022-06-22 13:09:06 +02:00
Jordi Boggiano 81043c5691
Add git version to diagnose command, and warn if <2.24, closes #10832 2022-06-22 13:05:35 +02:00
anzago 567423e9f7
Removed blank line in missing extensions hint when having no php.ini loaded file (#10839) 2022-06-22 12:29:36 +02:00
Jordi Boggiano bad3eb2cd9
Update deps, update baseline (1958, 103) 2022-06-22 09:49:09 +02:00
Jordi Boggiano 16ee2e479f
Merge branch '2.2' into 2.3 2022-06-22 09:16:23 +02:00
Jordi Boggiano 5c68c2c86d
Fix case where branches cannot be listed in GitDownloader, fixes #10888 2022-06-22 08:50:55 +02:00
naveen 14476ec2a6
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-22 08:18:22 +02:00
Jordi Boggiano b025971bb8
Add missing strict type decl, closes #10863 2022-06-22 08:17:18 +02:00
Mathias Reker ⚡️ 279b518518
No useless sprintf (#10878)
There must be no sprintf calls with only the first argument.
2022-06-21 21:19:09 +02:00