1
0
Fork 0
Commit Graph

8174 Commits (7e9bc82017eb7e47d333dcf0512c1b92da306794)

Author SHA1 Message Date
Brad Jones d00f590354
Surface the advisory ID when CVE not present. (#11892) 2024-03-19 16:24:10 +01:00
Stephan d36cd30d11
HttpDownloader: add option to prevent access to private network (#11895) 2024-03-19 16:18:59 +01:00
Jordi Boggiano 504e6c581a
Update deps and baseline (1663, 96) 2024-03-19 15:22:44 +01:00
Ayesh Karunaratne 62126e1a40
[PHP 8.4] Fix for implicit nullability deprecation (#11888)
Fixes a issue that emits a deprecation notice on PHP 8.4.

See:
 - [RFC](https://wiki.php.net/rfc/deprecate-implicitly-nullable-types)
 - [PHP 8.4: Implicitly nullable parameter declarations deprecated](https://php.watch/versions/8.4/implicitly-marking-parameter-type-nullable-deprecated)
2024-03-15 13:55:25 +01:00
Yanick Witschi 5a20dba768
Only show warning about default version when not "project" type (#11885) 2024-03-14 16:38:28 +01:00
Jordi Boggiano 2124f09d75
Fix context info being missing from output when using the IO classes as PSR-3 logger, fixes #11882 2024-03-11 17:23:06 +01:00
Jordi Boggiano 96f757f3a4
Reverting release version changes 2024-03-11 17:12:19 +01:00
Jordi Boggiano b826edb791
Release 2.7.2 2024-03-11 17:12:18 +01:00
Jordi Boggiano 57427e6227
Fix filesystem::copy with broken symlinks, refs #11864 2024-03-08 10:44:47 +01:00
Jordi Boggiano c5aa3dc021
Update deps, update baseline (1677, 97), fixes #11875 2024-03-08 09:03:23 +01:00
Pol Dellaiera 66acb84c12
Fix update --lock to avoid updating all metadata except dist/source urls and mirrors (#11850)
We now update the existing package instead of reverting changes in the updated package to ensure we keep all metadata intact, fixes #11787

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-05 11:32:40 +01:00
Jordi Boggiano 1dc2c93261
Fix ensureDirectoryExists not working when a broken symlink appears somewhere in the path, fixes #11864 2024-03-04 14:39:30 +01:00
Jordi Boggiano c42bb68aff
Optimize outdated --ignore to avoid fetching the latest package info for ignored packages, fixes #11863 2024-03-04 14:07:27 +01:00
Jordi Boggiano 133447cf51
Output tweak 2024-03-04 14:01:23 +01:00
Jordi Boggiano c3efff91f8
Fix plugins still being available in a few special contexts when running as non-interactive root, mainly create-project, refs #11854 2024-03-04 13:45:04 +01:00
Michael Newton c0b8086af5
Include PHP information when showing Composer version verbosely (#11866)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-01 10:14:41 +01:00
Pol Dellaiera a0d474f75c
Add a warning message when Composer is not able to guess the root package version (#11858)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-23 10:47:36 +01:00
Jordi Boggiano 8c61f812a4
Reverting release version changes 2024-02-09 15:26:29 +01:00
Jordi Boggiano aaf6ed5ccd
Release 2.7.1 2024-02-09 15:26:28 +01:00
Jordi Boggiano be876b47a9
Also output root plugin warning after script execution errors 2024-02-09 14:26:07 +01:00
Jordi Boggiano 690fe716c5
Output more warnings about plugins being disabled to hint that it may cause problems, fixes #11839 (#11842) 2024-02-09 11:56:25 +01:00
Jordi Boggiano 6335551cc2
Fix diagnose auditing of composer dependencies in phar files 2024-02-08 16:24:16 +01:00
Jordi Boggiano f00d3fb5ab
Reverting release version changes 2024-02-08 15:09:19 +01:00
Jordi Boggiano 96d107e2bf
Release 2.7.0 2024-02-08 15:09:19 +01:00
Jordi Boggiano 64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h

* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
Jordi Boggiano 754f2868fb
Add non-zero return codes when why-not finds a reason a package is not installable, or when why finds no reason it is there, fixes #11796 2024-02-07 22:27:58 +01:00
Dezső BICZÓ 7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-07 22:13:36 +01:00
Ayesh Karunaratne e0807d381e
Diagnose command: Add GitHub OAuth token expiration date information (#11688)
GitHub's new fine-grained tokens have a cumpulsory expiration date, and their
classic tokens also support an expiration date.

https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/

This improves the `composer diagnose` command to display the expiration
date and time if it is provided by the response headers
(via `GitHub-Authentication-Token-Expiration`).
2024-02-07 21:30:24 +01:00
Jordi Boggiano 0c99bfc8fd
Fix root aliases causing problems when auditing locked dependencies, fixes #11771 2024-02-07 11:37:50 +01:00
Jordi Boggiano fa040131b0
Add more details to event debug output, refs #11818 2024-02-07 11:18:06 +01:00
PrinsFrank fd23381391
Add arguments to command call output (#11826) 2024-02-07 11:11:16 +01:00
Kuba Werłos 7745d56c14
Do not show error that plugins have been disabled when they are already disabled (#11803) 2024-02-07 09:32:55 +01:00
Stephan 9a656854ad
ValidatingArrayLoader: fix link validation with missing name (#11830) 2024-02-06 17:18:41 +01:00
Jordi Boggiano e88c7a8987
Add support for wildcards in outdated's --ignore arg, fixes #11831 2024-02-06 17:17:25 +01:00
Derek Stephen McLean ebb6a82099
issue #11811 auth token links on separate lines (#11812)
* issue #11811 auth token links on separate lines

* 11811 - remove stray bracket

* 11811 : links on separte lines
2024-02-06 16:53:18 +01:00
Jordi Boggiano ef6c224ec2
Fix require command crashing at the end if no lock file is present, fixes #11814 2024-02-06 13:46:46 +01:00
Jordi Boggiano 0f70c0a9c9
Add detection of constraints which do not match anything in validate command, fixes #11802 (#11829) 2024-02-06 12:57:52 +01:00
Jordi Boggiano d3aeb1357f
Merge branch '2.6' 2024-01-26 17:45:05 +01:00
Jordi Boggiano 7048ff3808
Fix automatic disabling of plugins when running non-interactive as root 2024-01-26 17:44:35 +01:00
Jordi Boggiano f402517af5
Merge branch '2.6' 2024-01-26 17:27:48 +01:00
Jordi Boggiano b1bd22f37c
Fix type error 2024-01-26 17:27:42 +01:00
Jordi Boggiano 2ec8feb825
Merge branch '2.6' 2024-01-26 17:11:27 +01:00
Jordi Boggiano 952256247c
Only include installed versions class when plugins and scripts are allowed, as it is not needed otherwise 2024-01-26 17:11:16 +01:00
Jordi Boggiano 4e5be9ee7d
Emit warning instead of crashing on invalid security advisory API response, fixes #11767 2024-01-12 14:20:59 +01:00
Jordi Boggiano a29acbdd2e
Ensure repos declaring security-advisories have at least an API or a restricted set of packages to avoid too many wasteful requests 2024-01-12 13:17:05 +01:00
Jordi Boggiano 3491986ad3
Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var (#11791)
* Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var, fixes #530

* Address feedback

* Add warning in diagnose command when COMPOSER_IPRESOLVE is set
2024-01-11 17:13:54 +01:00
Jordi Boggiano c069174ac7
Merge remote-tracking branch 'origin/2.6' 2024-01-11 16:44:46 +01:00
Jordi Boggiano 75fd2bbeb2
Ensure we respect available-package-patterns and available-packages directives when fetching security advisories, fixes #11704 (#11773) 2024-01-11 16:44:27 +01:00
Jordi Boggiano 55db88f51b
Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728 2024-01-11 09:53:00 +01:00
Jordi Boggiano 3427bee1f2
🤦 2024-01-10 13:47:26 +01:00