1
0
Fork 0
Commit Graph

2870 Commits (b2910b17f2c1e24b81ee9b1f6f6a4fc2d6a9dedf)

Author SHA1 Message Date
Jordi Boggiano 64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h

* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
theoboldalex 7a6bb18e21
Adds a test for no dev (#11833) 2024-02-08 11:06:34 +01:00
Jordi Boggiano 67d80e1c9d
Fix php7.2 2024-02-07 22:44:22 +01:00
Jordi Boggiano df8f9f05a3
Update tests 2024-02-07 22:37:22 +01:00
Dezső BICZÓ 7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-07 22:13:36 +01:00
theoboldalex 338bc16a11
test: Covers audit of pkg with no sec advisories (#11789) 2024-02-07 11:40:29 +01:00
Stephan 9a656854ad
ValidatingArrayLoader: fix link validation with missing name (#11830) 2024-02-06 17:18:41 +01:00
Jordi Boggiano 0f70c0a9c9
Add detection of constraints which do not match anything in validate command, fixes #11802 (#11829) 2024-02-06 12:57:52 +01:00
Jordi Boggiano 55db88f51b
Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728 2024-01-11 09:53:00 +01:00
Jordi Boggiano 284821543a
Merge branch '2.6' 2024-01-08 16:10:20 +01:00
Sam L 44f02a5c86
Add COMPOSER_FUND=0 env var to disable calls for funding (#11779) 2024-01-08 15:10:49 +01:00
Jordi Boggiano be71bf056e
Fix support for versions with 4 components in VersionSelector, fixes #11716 2024-01-08 14:56:08 +01:00
Jordi Boggiano 071fbcf347
Fix warnings incorrectly being shown when using require with upper bound ignored on platform requirements, fixes #11722 (#11786) 2024-01-08 14:48:24 +01:00
Jordi Boggiano 534bc20beb
Add support for combining show --self with --installed or --locked (#11785) 2024-01-08 14:14:44 +01:00
theoboldalex 3be0ca8467
Adds a test for invalid arg combo (#11783) 2024-01-08 11:03:34 +01:00
Jordi Boggiano 53a1f32061
Add --sort-by-age to show/outdated commands, and also release date for latest package in --latest mode (#11762) 2023-12-20 15:37:27 +01:00
Stephan 86cd364901
Audit: add severity to plain and table output (#11702) 2023-12-19 19:11:50 +01:00
Jordi Boggiano 9b0f9b40a4
Show package source in very verbose updates, fixes #11733 (#11763) 2023-12-19 17:17:48 +01:00
Jordi Boggiano 4a209b7d3d
Fix bump command not bumping versions with a v prefix e.g. ^v2.4, fixes #11723 (#11764) 2023-12-19 17:17:32 +01:00
theoboldalex aaff0ae4df
Adds a test for UpdateCommand (#11724)
* test: Interactive mode should throw if no package

* PHPStan fix. Missing return type on test method
2023-12-08 18:26:05 +01:00
Travis Carden aefa46dfba
Add support for "scripts-aliases" in composer.json (#11666) 2023-10-27 11:36:59 +02:00
Jordi Boggiano cc653161c3
Merge branch '2.6' 2023-10-26 11:39:41 +02:00
Dan Wallis 8c0f1e10dc
Display error instead of throwing exception when unable to update with temporary constraint (#11692) 2023-10-26 11:38:02 +02:00
Dan Wallis 81b662d388
Suggest running 'require' not 'update' if a root req fails to update (#11691) 2023-10-26 11:08:03 +02:00
Jordi Boggiano 899dcedf66
Add --minimal-changes mode to perform partial updates --with-dependencies while changing only what is necessary in other dependencies (#11665) 2023-10-26 10:25:04 +02:00
Dan Wallis 7a09e05560
Bump wildcard constraints to >=current (#11694) 2023-10-25 18:04:52 +02:00
Dan Wallis c827c93b62
Use global constant if available for libpq version (#11684) 2023-10-11 14:19:31 +02:00
Jesper Skytte Marcussen 9a407b5ad3
10796 Increase coverage of ShowCommand (#11677)
* Added more tests for ShowCommand class

By doing so, my local setup shows increase in coverage from some 38% to
67%.

* PHP-CS-Fixer

* PHPStan fixes
2023-10-11 13:43:30 +02:00
Jordi Boggiano cb363b0e84
Fix autoload generator dump() non-BC signature change in 2.6.4 2023-10-06 09:34:10 +02:00
Pol Dellaiera b608b8e87e
feat: improve Composer's output reproducibility (#11663)
* AutoloadGenerator: add `Locker` parameter to the `dump` method
* AutoloadGenerator: do not create a random hash, re-use the one from the lock file if it exists
* FileSystem: make sure `safeCopy` copy also the file time metadata
2023-09-28 11:43:52 +02:00
Jordi Boggiano 892eaacedf
Optimize show -a by loading only the requested package (#11659)
Fixes #11648
2023-09-27 11:28:33 +02:00
Dezső BICZÓ 755de04bf5
Fix abandoned package list JSON serialization (#11647)
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-26 14:23:45 +02:00
Alex Theobold 218b9041c9
Test status command (#11522) 2023-09-14 11:45:18 +02:00
Jordi Boggiano e3484c8581
Add audit.abandoned warnings for abandoned packages, fixes #11623 (#11639) 2023-09-14 11:30:09 +02:00
wgevaert e2f5afd4cd
Add warning when duplicate "files" autoload rules are detected (#11109)
Co-authored-by: Wout Gevaert <wout@wikibase.nl>
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-13 14:11:00 +02:00
Yanick Witschi 5474dc9b5b
Fixed replaced packages being incorrectly missing when unlocked by an old version (#11629)
Co-authored-by: Nils Adermann <naderman@naderman.de>
2023-09-13 10:42:47 +02:00
Jordi Boggiano 7a7f364184
Fix bitbucket redirect URLs failing old PHP builds which do not support long headers
51e2015af3
2023-09-12 11:28:26 +02:00
Jordi Boggiano 755e89fc91
Fix loading of root aliases on path repo packages when doing partial updates, fixes #11630 (#11632) 2023-09-11 17:45:19 +02:00
Michael Voříšek 40244dc228
Revert "Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562)" (#11617)
This reverts commit 9c25633d6d.
2023-09-03 13:39:48 +02:00
Dezső BICZÓ 0ab4dfba7c
Change audit.ignore behavior before 2.6.0 (#11605)
* Still report ignored security advisories

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2023-09-01 10:04:31 +02:00
Damien Carrier e0abc40ded
Add test for `ArchiveCommand` with package name (#11551)
* test(ArchiveCommand): Add test for ArchiveCommand with package name

* fix : using explicit variable name for eventDispatcher Mock

---------

Co-authored-by: Damien Carrier <damien.carrier@alximy.io>
2023-08-31 13:46:43 +02:00
ಠ_ಠ 1a2bd38764
allow bumping for patch level version constraints fixes #11579 (#11590) 2023-08-31 11:05:49 +02:00
Martin Herndl 6fd145f01e
Allow --strict-psr in `DumpAutoloadCommand` also with --classmap-authoritative (#11607) 2023-08-30 21:43:16 +02:00
Martin Herndl 02e4a2d1a3
Add test case for `DumpAutoloadCommand` with failing --strict-psr check (#11606) 2023-08-30 21:42:45 +02:00
Martin Herndl 879524d8e3
Add tests for DumpAutoloadCommand (#11581) 2023-08-30 16:09:05 +02:00
Jordi Boggiano 52f52dd636
Disable color output in tests by default to avoid issues on windows, fixes #11598 2023-08-30 15:02:59 +02:00
Juliette 5af6151493
PHP 8.3 | ComposerRepositoryTest: fix test failure (#11602)
Prior to PHP 8.3, ReflectionMethod could set a private method on a parent class to accessible. This is no longer possible in PHP 8.3 since php/php-src 9470 and breaks the Composer\Test\Repository\ComposerRepositoryTest::testWhatProvides test.
Also see: https://3v4l.org/8YcIk/rfc#vgit.master

Fixed now.

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
Co-authored-by: Christophe Coevoet <stof@notk.org>
2023-08-30 11:43:12 +02:00
Juliette 512690dba4
PHP 8.3 | Tests: fix deprecation notices (#11599)
* PHP 8.3 | ZipDownloaderTest: fix deprecation notice

Calling `ReflectionProperty::setValue()` with only one argument (to set a static property) is deprecated.
Passing `null` as the first (`$object`) parameter will work cross-version.

As the `ZipDownloaderTest::setPrivateProperty()` method has a `null` default value for the `$obj` parameter anyway, this means the if/else toggle can be removed.

Ref: https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures#reflectionpropertysetvalue

* PHP 8.3 | InstalledVersionsTest: fix deprecation notice

Calling `ReflectionProperty::setValue()` with only one argument (to set a static property) is deprecated.
Passing `null` as the first (`$object`) parameter will work cross-version.

Ref: https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures#reflectionpropertysetvalue

---------

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
2023-08-30 11:42:33 +02:00
Stephan 5062338079
Audit: ignores configured repository options (#11173)
* Audit: ignores configured repository options

* ComposerRepository: add test case to assert that repo http options are used to make security advisory POST request
2023-08-29 15:16:34 +02:00
Rober Díaz 4137bf38ad
Tests for base dependency command (#11547)
* add a test case for "not provided a required parameter"

* add a test cases for "not provided locked file"

* cleanup for case provider

* add a test case for "package existence"

* add a test case for "warning when dependencies are not installed"

* fix the test case for "warning when dependencies are not installed"

* add a test case for "package was not found in the project"

* add a test cases for `why-not` command

- also they were fixed docblocks

* add a test cases for `why` command

* versions were added to dependency objects

* it was avoided HEREDOC due it seems to be failing in PHP 7.2

* it was avoided mismatches due different platforms EOL

* it was used full output instead of an array of messages (to avoid EOL isues)

* it increased code coverage to 97%

* All test case docblocks were corrected according to CR feedback

* ensure that `why-not` should say that an installed package requires an incompatible version of the inspected package
2023-08-29 15:06:19 +02:00