Naveen
137ed52966
chore: Included githubactions in the dependabot config ( #10900 )
...
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.
Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot
GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-28 20:32:45 +02:00
Jordi Boggiano
f9db69ae1f
Merge pull request #10898 from Seldaek/meta_advisories
...
Move security advisory loading to repositories
2022-06-28 20:31:03 +02:00
Dan Wallis
d880ab68cf
Allow use of --locked with depends and prohibits ( #10834 )
...
* Allow use of --locked with depends and prohibits
* Only include other repos if not --locked
* Move logic to appease PHPStan
* Load a PlatformRepository when reading lock file
2022-06-25 17:06:58 +02:00
Jordi Boggiano
0196690ab3
Disable automatic audit at the end of install step to keep things fast, switch --no-audit to an opt-in --audit flag
2022-06-24 16:54:30 +02:00
Jordi Boggiano
8c9f82dc1e
Move security advisory loading to repositories, allows others to provider them and reduces load on packagist.org for summary advisory reports
2022-06-24 16:26:57 +02:00
Jordi Boggiano
978037fbfa
Fix build
2022-06-24 11:12:57 +02:00
Jordi Boggiano
4229c2c641
Merge branch '2.3' into main
2022-06-24 11:10:07 +02:00
Jordi Boggiano
f7e88099af
Merge branch '2.2' into 2.3
2022-06-24 11:09:45 +02:00
Stephan
6776cef441
Fix: ValidatingArrayLoader [TypeError]: strcasecmp(): Argument #1() must be of type string, int given ( #10897 )
2022-06-24 10:30:33 +02:00
Jordi Boggiano
ddecd5e328
Add hint to why-not that calling update with a temporary constraint can also help elucidate an issue
2022-06-23 21:16:12 +02:00
Jordi Boggiano
eba49147e7
Add warning when the latest version of a package cannot be auto-selected in require/init/create-project, fixes #10884 ( #10896 )
2022-06-23 14:37:04 +02:00
Jordi Boggiano
a5fdc00de1
Remove duplicate function in RootPackageInterface, fixes #10895
2022-06-23 13:39:39 +02:00
Nils Adermann
92ff8e5bc6
Audit command doc improvements ( #10893 )
2022-06-23 12:59:45 +02:00
Jordi Boggiano
658f56ff13
Fix audit command to exit with amount of advisories matched
2022-06-23 12:31:09 +02:00
Jordi Boggiano
e3c46cb2b2
Audit locked packages if update is called with --no-install, fixes #10894
2022-06-22 16:36:54 +02:00
Jordi Boggiano
611b215896
Fix PHPStan issues and a couple minor bugs in audit functionality, refs #10798
2022-06-22 15:39:51 +02:00
Guy Sartorelli
d93239ddd9
Add audit command to check for security issues ( #10798 )
...
Closes #10329
2022-06-22 15:15:01 +02:00
Mathias Reker ⚡️
d17c724f23
Php unit dedicate assert ( #10881 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2022-06-22 14:20:08 +02:00
Mathias Reker ⚡️
4131f7cf4c
Static lambda ( #10854 )
...
Lambdas not (indirect) referencing $this must be declared static.
2022-06-22 14:19:18 +02:00
Jordi Boggiano
ef276d26d6
Add upcoming fixes, refs #10871
2022-06-22 14:02:22 +02:00
Jordi Boggiano
b627816781
Merge branch '2.3' into main
2022-06-22 13:49:30 +02:00
Jordi Boggiano
30a8b82b15
Merge branch '2.2' into 2.3
2022-06-22 13:49:11 +02:00
immeëmosol
bbcadcb35e
Hint at improved merge conflict resolving ( #10840 )
2022-06-22 13:47:15 +02:00
Marek Stipek
690ab5166a
Ignoring passed arguments for @putenv, closes #10846
2022-06-22 13:40:35 +02:00
Jordi Boggiano
5730c24c92
Rethrow path repo init failures with path information, closes #10845
2022-06-22 13:30:39 +02:00
Jordi Boggiano
d132b9e6fd
Fixup
2022-06-22 13:11:28 +02:00
Jordi Boggiano
53680afb85
Merge branch '2.3' into main
2022-06-22 13:09:06 +02:00
Jordi Boggiano
81043c5691
Add git version to diagnose command, and warn if <2.24, closes #10832
2022-06-22 13:05:35 +02:00
anzago
567423e9f7
Removed blank line in missing extensions hint when having no php.ini loaded file ( #10839 )
2022-06-22 12:29:36 +02:00
Jordi Boggiano
bad3eb2cd9
Update deps, update baseline (1958, 103)
2022-06-22 09:49:09 +02:00
Jordi Boggiano
16ee2e479f
Merge branch '2.2' into 2.3
2022-06-22 09:16:23 +02:00
Jordi Boggiano
5c68c2c86d
Fix case where branches cannot be listed in GitDownloader, fixes #10888
2022-06-22 08:50:55 +02:00
naveen
14476ec2a6
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-22 08:18:22 +02:00
Jordi Boggiano
b025971bb8
Add missing strict type decl, closes #10863
2022-06-22 08:17:18 +02:00
Mathias Reker ⚡️
279b518518
No useless sprintf ( #10878 )
...
There must be no sprintf calls with only the first argument.
2022-06-21 21:19:09 +02:00
Mathias Reker ⚡️
4714fd5a7b
No useless return ( #10877 )
...
There should not be an empty return statement at the end of a function.
2022-06-21 21:17:47 +02:00
Mathias Reker ⚡️
805b7f12f9
No alias functions ( #10864 )
...
Primary functions shall be used instead of aliases.
2022-06-21 21:16:04 +02:00
Jordi Boggiano
e8530699c3
Add --strict-psr flag to dump-autoload to fail the process if psr violations were detected, fixes #10241 ( #10886 )
2022-06-20 13:57:20 +02:00
Jordi Boggiano
c2046566fc
Merge pull request #10885 from Seldaek/classmapgen
...
Make use of composer/class-map-generator and deprecate ClassMapGenerator class
2022-06-20 13:47:26 +02:00
Jordi Boggiano
3a945ac70f
Delete ClassMapGenerator tests which are not needed anymore
2022-06-19 14:08:02 +02:00
Jordi Boggiano
7d4d941392
Make use of new composer/class-map-generator package and build up BC layer
2022-06-19 14:02:24 +02:00
Ayesh Karunaratne
3e844cc48f
`composer bump` - Fix typo in the warning message ( #10841 )
...
Change warning text 'Alternatively you can use --dev-only to only bump dependencies within "require-dev"'
that said `--dev` instead of `--dev-only`.
2022-06-12 21:44:03 +02:00
Chris Reed
03fbcdbf07
Fix exported path with space in binary installer proxy ( #10836 )
2022-06-10 21:56:11 +02:00
Jordi Boggiano
6186d0c1d5
Add --gc flag to cache-cache command and ability to GC vcs/repo caches, fixes #7834 ( #10826 )
2022-06-09 11:46:00 +02:00
Jordi Boggiano
0fd845eeaf
Add --major-only flag to outdated/show commands to restrict the list to packages with major updates available, fixes #10439 ( #10827 )
2022-06-09 11:45:32 +02:00
Jordi Boggiano
70f2dd6edd
Add bump command to bump requirements to the currently installed version, fixes #7273 ( #10829 )
2022-06-09 11:43:59 +02:00
Jordi Boggiano
73fd0f22e8
Fix phpstan 8.1 build
2022-06-08 20:03:59 +02:00
Jordi Boggiano
203ec4b485
Update baseline (1947, 103)
2022-06-08 15:07:38 +02:00
Jordi Boggiano
e9b44b4499
Document files autoloading order, fixes #10509
2022-06-07 15:27:54 +02:00
Carsten Brandt
7cf3b01631
Added documentation about HTTP Bearer Auth ( #10780 )
...
Bearer Auth has been added here:
- 548505f103
- f964b83018
- #8671
- #8642
but it was not documented in this file.
2022-06-07 14:04:04 +02:00