Jordi Boggiano
9ced107af2
Ensure extension packages in platform repo have php-ext type set
2024-04-02 17:39:00 +02:00
Jordi Boggiano
94be5b5c14
Allow restricting allowed types as well, and allow configured ignored/allowed types in Installer class
2024-04-02 17:38:41 +02:00
Jordi Boggiano
2027d4975a
Fail status more softly unless -vvv is used, refs #11889
2024-03-21 11:16:56 +01:00
Jordi Boggiano
bc157ebea9
Fix phpdoc for new php-ext schema
2024-03-20 22:44:48 +01:00
Jordi Boggiano
07fa4255d6
Add support for php extension packages ( #11795 )
...
* Update schema
* Validate php-ext is only set for php-ext or php-ext-zend packages
* Make sure the pool builder excludes php-ext/php-ext-zend
2024-03-20 22:04:58 +01:00
gaxweb
a6947f116a
Allow for SSH URLs when using hg repository type ( #11878 )
2024-03-20 16:31:25 +01:00
Jordi Boggiano
75ccf6557a
Use reactphp/promise v2 compatible code
2024-03-20 12:32:54 +01:00
Jordi Boggiano
59152ad7aa
Fix phpstan errors in FileDownloader, update baseline (1642, 96)
2024-03-20 12:20:30 +01:00
Jordi Boggiano
5a1d506c77
Fix composer status command handling of failed promises, closes #11889
2024-03-20 12:20:30 +01:00
Brad Jones
d00f590354
Surface the advisory ID when CVE not present. ( #11892 )
2024-03-19 16:24:10 +01:00
Stephan
d36cd30d11
HttpDownloader: add option to prevent access to private network ( #11895 )
2024-03-19 16:18:59 +01:00
Jordi Boggiano
504e6c581a
Update deps and baseline (1663, 96)
2024-03-19 15:22:44 +01:00
Ayesh Karunaratne
62126e1a40
[PHP 8.4] Fix for implicit nullability deprecation ( #11888 )
...
Fixes a issue that emits a deprecation notice on PHP 8.4.
See:
- [RFC](https://wiki.php.net/rfc/deprecate-implicitly-nullable-types )
- [PHP 8.4: Implicitly nullable parameter declarations deprecated](https://php.watch/versions/8.4/implicitly-marking-parameter-type-nullable-deprecated )
2024-03-15 13:55:25 +01:00
Yanick Witschi
5a20dba768
Only show warning about default version when not "project" type ( #11885 )
2024-03-14 16:38:28 +01:00
Jordi Boggiano
2124f09d75
Fix context info being missing from output when using the IO classes as PSR-3 logger, fixes #11882
2024-03-11 17:23:06 +01:00
Jordi Boggiano
96f757f3a4
Reverting release version changes
2024-03-11 17:12:19 +01:00
Jordi Boggiano
b826edb791
Release 2.7.2
2024-03-11 17:12:18 +01:00
Jordi Boggiano
57427e6227
Fix filesystem::copy with broken symlinks, refs #11864
2024-03-08 10:44:47 +01:00
Jordi Boggiano
c5aa3dc021
Update deps, update baseline (1677, 97), fixes #11875
2024-03-08 09:03:23 +01:00
Pol Dellaiera
66acb84c12
Fix update --lock to avoid updating all metadata except dist/source urls and mirrors ( #11850 )
...
We now update the existing package instead of reverting changes in the updated package to ensure we keep all metadata intact, fixes #11787
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-05 11:32:40 +01:00
Jordi Boggiano
1dc2c93261
Fix ensureDirectoryExists not working when a broken symlink appears somewhere in the path, fixes #11864
2024-03-04 14:39:30 +01:00
Jordi Boggiano
c42bb68aff
Optimize outdated --ignore to avoid fetching the latest package info for ignored packages, fixes #11863
2024-03-04 14:07:27 +01:00
Jordi Boggiano
133447cf51
Output tweak
2024-03-04 14:01:23 +01:00
Jordi Boggiano
c3efff91f8
Fix plugins still being available in a few special contexts when running as non-interactive root, mainly create-project, refs #11854
2024-03-04 13:45:04 +01:00
Michael Newton
c0b8086af5
Include PHP information when showing Composer version verbosely ( #11866 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-01 10:14:41 +01:00
Pol Dellaiera
a0d474f75c
Add a warning message when Composer is not able to guess the root package version ( #11858 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-23 10:47:36 +01:00
Jordi Boggiano
8c61f812a4
Reverting release version changes
2024-02-09 15:26:29 +01:00
Jordi Boggiano
aaf6ed5ccd
Release 2.7.1
2024-02-09 15:26:28 +01:00
Jordi Boggiano
be876b47a9
Also output root plugin warning after script execution errors
2024-02-09 14:26:07 +01:00
Jordi Boggiano
690fe716c5
Output more warnings about plugins being disabled to hint that it may cause problems, fixes #11839 ( #11842 )
2024-02-09 11:56:25 +01:00
Jordi Boggiano
6335551cc2
Fix diagnose auditing of composer dependencies in phar files
2024-02-08 16:24:16 +01:00
Jordi Boggiano
f00d3fb5ab
Reverting release version changes
2024-02-08 15:09:19 +01:00
Jordi Boggiano
96d107e2bf
Release 2.7.0
2024-02-08 15:09:19 +01:00
Jordi Boggiano
64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h
...
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h
* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
Jordi Boggiano
754f2868fb
Add non-zero return codes when why-not finds a reason a package is not installable, or when why finds no reason it is there, fixes #11796
2024-02-07 22:27:58 +01:00
Dezső BICZÓ
7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var ( #11794 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-07 22:13:36 +01:00
Ayesh Karunaratne
e0807d381e
Diagnose command: Add GitHub OAuth token expiration date information ( #11688 )
...
GitHub's new fine-grained tokens have a cumpulsory expiration date, and their
classic tokens also support an expiration date.
https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/
This improves the `composer diagnose` command to display the expiration
date and time if it is provided by the response headers
(via `GitHub-Authentication-Token-Expiration`).
2024-02-07 21:30:24 +01:00
Jordi Boggiano
0c99bfc8fd
Fix root aliases causing problems when auditing locked dependencies, fixes #11771
2024-02-07 11:37:50 +01:00
Jordi Boggiano
fa040131b0
Add more details to event debug output, refs #11818
2024-02-07 11:18:06 +01:00
PrinsFrank
fd23381391
Add arguments to command call output ( #11826 )
2024-02-07 11:11:16 +01:00
Kuba Werłos
7745d56c14
Do not show error that plugins have been disabled when they are already disabled ( #11803 )
2024-02-07 09:32:55 +01:00
Stephan
9a656854ad
ValidatingArrayLoader: fix link validation with missing name ( #11830 )
2024-02-06 17:18:41 +01:00
Jordi Boggiano
e88c7a8987
Add support for wildcards in outdated's --ignore arg, fixes #11831
2024-02-06 17:17:25 +01:00
Derek Stephen McLean
ebb6a82099
issue #11811 auth token links on separate lines ( #11812 )
...
* issue #11811 auth token links on separate lines
* 11811 - remove stray bracket
* 11811 : links on separte lines
2024-02-06 16:53:18 +01:00
Jordi Boggiano
ef6c224ec2
Fix require command crashing at the end if no lock file is present, fixes #11814
2024-02-06 13:46:46 +01:00
Jordi Boggiano
0f70c0a9c9
Add detection of constraints which do not match anything in validate command, fixes #11802 ( #11829 )
2024-02-06 12:57:52 +01:00
Jordi Boggiano
d3aeb1357f
Merge branch '2.6'
2024-01-26 17:45:05 +01:00
Jordi Boggiano
7048ff3808
Fix automatic disabling of plugins when running non-interactive as root
2024-01-26 17:44:35 +01:00
Jordi Boggiano
f402517af5
Merge branch '2.6'
2024-01-26 17:27:48 +01:00
Jordi Boggiano
b1bd22f37c
Fix type error
2024-01-26 17:27:42 +01:00
Jordi Boggiano
2ec8feb825
Merge branch '2.6'
2024-01-26 17:11:27 +01:00
Jordi Boggiano
952256247c
Only include installed versions class when plugins and scripts are allowed, as it is not needed otherwise
2024-01-26 17:11:16 +01:00
Jordi Boggiano
4e5be9ee7d
Emit warning instead of crashing on invalid security advisory API response, fixes #11767
2024-01-12 14:20:59 +01:00
Jordi Boggiano
a29acbdd2e
Ensure repos declaring security-advisories have at least an API or a restricted set of packages to avoid too many wasteful requests
2024-01-12 13:17:05 +01:00
Jordi Boggiano
3491986ad3
Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var ( #11791 )
...
* Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var, fixes #530
* Address feedback
* Add warning in diagnose command when COMPOSER_IPRESOLVE is set
2024-01-11 17:13:54 +01:00
Jordi Boggiano
c069174ac7
Merge remote-tracking branch 'origin/2.6'
2024-01-11 16:44:46 +01:00
Jordi Boggiano
75fd2bbeb2
Ensure we respect available-package-patterns and available-packages directives when fetching security advisories, fixes #11704 ( #11773 )
2024-01-11 16:44:27 +01:00
Jordi Boggiano
55db88f51b
Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728
2024-01-11 09:53:00 +01:00
Jordi Boggiano
3427bee1f2
🤦
2024-01-10 13:47:26 +01:00
Jordi Boggiano
10667db1ba
Only override ist url if it is not handled gracefully already
2024-01-10 13:42:01 +01:00
Jordi Boggiano
547a635287
Fix build
2024-01-10 13:34:56 +01:00
Jordi Boggiano
042a8c2128
Ensure dist url/type/checksum remain the same when doing lock hash updates, refs #11787
2024-01-10 13:33:49 +01:00
Jordi Boggiano
284821543a
Merge branch '2.6'
2024-01-08 16:10:20 +01:00
Sam L
44f02a5c86
Add COMPOSER_FUND=0 env var to disable calls for funding ( #11779 )
2024-01-08 15:10:49 +01:00
Jordi Boggiano
be71bf056e
Fix support for versions with 4 components in VersionSelector, fixes #11716
2024-01-08 14:56:08 +01:00
Jordi Boggiano
071fbcf347
Fix warnings incorrectly being shown when using require with upper bound ignored on platform requirements, fixes #11722 ( #11786 )
2024-01-08 14:48:24 +01:00
Jordi Boggiano
534bc20beb
Add support for combining show --self with --installed or --locked ( #11785 )
2024-01-08 14:14:44 +01:00
rkpiii
d00e38a038
[11744] handle missing hyphen when attempting to run self-update… ( #11775 )
...
* [11744] handle missing hyphen when attempting to run self-update command
* fix: [1744] silently fix the "self update" command
2024-01-04 17:02:34 +01:00
Quynh Anh
8246892d48
Fix PackageInterface parameter comments ( #11777 )
2024-01-04 14:49:27 +01:00
Jordi Boggiano
efe6e44883
Perform audit on Composer and its dependencies during diagnose, fixes #11216 ( #11761 )
2024-01-04 10:55:59 +01:00
Jordi Boggiano
12ed21705d
Check for non-platform requirements before warning that no deps are installed on show command, fixes #11760
2023-12-22 17:48:47 +01:00
Roberto Guido
8e62977cb5
Exposing GitLab's project metadata ( #11734 )
...
* Exposing GitLab's project metadata
* Fixed check about GitLab project's metadata initialization
2023-12-20 16:50:24 +01:00
Jordi Boggiano
53a1f32061
Add --sort-by-age to show/outdated commands, and also release date for latest package in --latest mode ( #11762 )
2023-12-20 15:37:27 +01:00
Jordi Boggiano
c8f1028ef9
Fix minor error msg issue
2023-12-20 15:16:12 +01:00
Stephan
86cd364901
Audit: add severity to plain and table output ( #11702 )
2023-12-19 19:11:50 +01:00
Jordi Boggiano
9b0f9b40a4
Show package source in very verbose updates, fixes #11733 ( #11763 )
2023-12-19 17:17:48 +01:00
Jordi Boggiano
4a209b7d3d
Fix bump command not bumping versions with a v prefix e.g. ^v2.4, fixes #11723 ( #11764 )
2023-12-19 17:17:32 +01:00
Jordi Boggiano
3cfd9bf51b
Ensure composer.json gets deleted after a dry run require, fixes #11747
2023-12-19 15:51:39 +01:00
Jordi Boggiano
e0f75276a2
Switch default audit.abandoned to fail for 2.7 release
2023-12-18 15:02:10 +01:00
Jordi Boggiano
bf6c7f8ea2
Merge branch '2.6'
2023-12-18 10:12:45 +01:00
Jordi Boggiano
e14d28baec
Update deps
2023-12-18 10:11:33 +01:00
Jordi Boggiano
eaa7dd46f5
Reverting release version changes
2023-12-08 18:32:27 +01:00
Jordi Boggiano
683557bd24
Release 2.6.6
2023-12-08 18:32:26 +01:00
Travis Carden
aefa46dfba
Add support for "scripts-aliases" in composer.json ( #11666 )
2023-10-27 11:36:59 +02:00
Jordi Boggiano
cc653161c3
Merge branch '2.6'
2023-10-26 11:39:41 +02:00
Dan Wallis
8c0f1e10dc
Display error instead of throwing exception when unable to update with temporary constraint ( #11692 )
2023-10-26 11:38:02 +02:00
Dan Wallis
81b662d388
Suggest running 'require' not 'update' if a root req fails to update ( #11691 )
2023-10-26 11:08:03 +02:00
Tom Klingenberg
03085c8181
Fix Git Driver to use supported Git VCS driver URL
...
Otherwise the URL may not be supported since 3bb191a46
(Add support for
env vars and ~ (for HOME) in repo paths for vcs and artifact
repositories, fixes #11409 (#11453 ), 2023-05-07)
2023-10-26 11:06:11 +02:00
Jordi Boggiano
899dcedf66
Add --minimal-changes mode to perform partial updates --with-dependencies while changing only what is necessary in other dependencies ( #11665 )
2023-10-26 10:25:04 +02:00
Dan Wallis
7a09e05560
Bump wildcard constraints to >=current ( #11694 )
2023-10-25 18:04:52 +02:00
Jordi Boggiano
c66894278c
Bump dev version to 2.7, fix issues with symfony 7
2023-10-25 17:13:36 +02:00
Dan Wallis
c827c93b62
Use global constant if available for libpq version ( #11684 )
2023-10-11 14:19:31 +02:00
Jordi Boggiano
d2bd9836a6
Reverting release version changes
2023-10-06 10:11:53 +02:00
Jordi Boggiano
4b0fe89db9
Release 2.6.5
2023-10-06 10:11:52 +02:00
Uladzimir Tsykun
3e22e1ceda
Fix error when vendor dir contains broken symlinks ( #11670 )
2023-10-06 09:53:39 +02:00
Jordi Boggiano
cb363b0e84
Fix autoload generator dump() non-BC signature change in 2.6.4
2023-10-06 09:34:10 +02:00
Jordi Boggiano
64c5bdd55b
Reverting release version changes
2023-09-29 10:54:48 +02:00
Jordi Boggiano
d75d17c16a
Release 2.6.4
2023-09-29 10:54:47 +02:00
Pol Dellaiera
b608b8e87e
feat: improve Composer's output reproducibility ( #11663 )
...
* AutoloadGenerator: add `Locker` parameter to the `dump` method
* AutoloadGenerator: do not create a random hash, re-use the one from the lock file if it exists
* FileSystem: make sure `safeCopy` copy also the file time metadata
2023-09-28 11:43:52 +02:00
Jordi Boggiano
892eaacedf
Optimize show -a by loading only the requested package ( #11659 )
...
Fixes #11648
2023-09-27 11:28:33 +02:00