The [GitHub documentation][1] for FUNDING.yml specifically notes that if a
custom URL is in the Array format, and includes `:` then it must be
quoted.
From this we can infer that the custom URL does not have to contain a
`:` at all.
The example for a Custom URL also gives an example of an unquoted URL
without any `:` character:
```
custom: ["https://www.paypal.me/octocat", octocat.com]
```
However if a repository uses a URL in this format it is currently
rejected because it does not specify a scheme. Furthermore the
`parse_url` method treats the `octocat.com` example as a path and not a
host. The same is true for URLs such as
`octocat.com/funding/example.html`.
This patch adds an additional allowance for the URL filter to capture
the case where a URL has no scheme or host, but does have a path.
[1]: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository#about-funding-files
Prior to PHP 8.3, ReflectionMethod could set a private method on a parent class to accessible. This is no longer possible in PHP 8.3 since php/php-src 9470 and breaks the Composer\Test\Repository\ComposerRepositoryTest::testWhatProvides test.
Also see: https://3v4l.org/8YcIk/rfc#vgit.master
Fixed now.
Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
Co-authored-by: Christophe Coevoet <stof@notk.org>
* Audit: ignores configured repository options
* ComposerRepository: add test case to assert that repo http options are used to make security advisory POST request
On macOS, if libcurl is built against SecureTransport, the platform repository will contain an invalid package name:
% composer show --platform | grep curl
ext-curl 8.2.7 The curl PHP extension
lib-curl 8.1.2 The curl library
lib-curl-(securetransport) openssl 3.1.1 curl (securetransport) openss...
lib-curl-libssh2 1.11.0 curl libssh2 version
lib-curl-zlib 1.2.11 curl zlib version
This change fixes it:
% bin/composer show --platform | grep curl
lib-curl 8.1.2 The curl library
lib-curl-libssh2 1.11.0 curl libssh2 version
lib-curl-securetransport 3.1.1 curl (securetransport) openssl ...
lib-curl-zlib 1.2.11 curl zlib version
(second column width difference comes from the Composer dev version number)
The behavior in FilterRepository is currently correct, but not explicitly tested.
Also add a test that ensures both filters can't be there simultaneously.
* GitHubDriver: fix support is set to string
* GitLabDriver: fix support is set to string
* BitbucketDriver: fix support is set to string
* Fix PHPStan
* GitDriver: filter branch names starting with a - character
* GitDriver: getFileContent prevent identifiers starting with a -
* HgDriver: prevent invalid identifiers and prevent file from running commands
* HgDriver: filter branches starting with a - character
The initial clone determined what the default branch of the cache git repository was. Changing it on the remote didn't have any impact on the local data. However, cloning it on a different machine would then store a different default branch on that machine. This could lead to different results for the same command on different machines.
* Parallellize the branch comparisons to speed up bootstrapping/version guessing when on a feature branch, fixes#10568
* Allow ProcessExecutorMock to function with async calls