1
0
Fork 0
Commit Graph

1910 Commits (d3a3c83fc8fe2395834a81a7d262aeba71747cde)

Author SHA1 Message Date
Stephan c33aafaa04
Merge pull request from GHSA-x7cr-6qr6-2hh6
* GitDriver: filter branch names starting with a - character

* GitDriver: getFileContent prevent identifiers starting with a -

* HgDriver: prevent invalid identifiers and prevent file from running commands

* HgDriver: filter branches starting with a - character
2022-04-13 16:38:19 +02:00
John Stevenson 906442117c Carriage returns are ignored by cmd 2021-10-13 14:54:37 +01:00
John Stevenson 0783b043d2 Fix Windows escaping in tests 2021-10-10 17:02:22 +01:00
John Stevenson 8f974fe741 Improve Windows escaping 2021-10-10 16:24:49 +01:00
Jordi Boggiano ca5e2f8d50
Fix escaping issues on Windows which could lead to command injection, fixes GHSA-frqg-7g38-6gcf 2021-10-05 09:39:50 +02:00
Jordi Boggiano a02802b109
Warn 1.x users when a package is not found that it may be due to our deprecation policy 2021-06-08 21:12:49 +02:00
Jordi Boggiano 083b73515d
Merge pull request from GHSA-h5h8-pc6h-jvvx
* Fix external process calls to avoid user input being able to pass extra parameters

* Tweak some fixes
2021-04-27 13:00:40 +02:00
Jordi Boggiano 37c5e9961c
Merge remote-tracking branch 'nicolas-grekas/path-version' into 1.10 2021-01-27 15:20:38 +01:00
Jordi Boggiano 92313447d6
Filter out exclude-from-classmap rules to avoid generating very long regexes, fixes #9487 2021-01-27 15:10:32 +01:00
Nicolas Grekas 725b33ee5a Handle "versions" option in PathRepository, remove support for "branch-version" 2021-01-27 14:28:26 +01:00
Nicolas Grekas 079e501ac8 Revert "Merge pull request #9273 from nicolas-grekas/dev-version"
This reverts commit d2d606ced2, reversing
changes made to 4a8dbcd145.
2021-01-27 14:03:44 +01:00
Nils Adermann e868996bdd Validate: Warn about providing or replacing packages you require 2020-10-23 22:02:13 +02:00
Nicolas Grekas 4feed8b85c Fix parsing "branch-version" 2020-10-13 15:43:12 +02:00
Nicolas Grekas 893fbfcb89 Add support for "extra.branch-version" 2020-10-13 13:56:18 +02:00
Jordi Boggiano 6698e0bafa
Merge remote-tracking branch 'naderman/version-guess-remotes' into 1.10 2020-10-08 14:01:25 +02:00
Nicolas Grekas f9913205dd Fix VcsRepositoryTest 2020-10-08 11:06:39 +02:00
Nils Adermann 89afb823b6 VersionGuesser: Add test for remote version guess 2020-10-07 15:21:04 +02:00
Nils Adermann 92722a9a4c VersionGuesser: Fix root package loader test which relies on git cmd in guesser 2020-10-07 15:11:08 +02:00
Nils Adermann db2f09a361 VersionGuesser: Update tests to match new git command generated 2020-10-07 14:25:55 +02:00
Jordi Boggiano 00f712a7c4
Revert "Allow specifying a version requirement for CLDR" 2020-07-30 21:00:43 +02:00
Lars Strojny 5a02ea6a96
Check that class exists 2020-07-30 14:29:48 +02:00
Lars Strojny 404dea61c2
Allow specifying a version requirement for the relevant CLDR 2020-07-29 19:32:53 +02:00
Jordi Boggiano fb7fc4a4ca
Fix git tests 2020-06-17 16:59:43 +02:00
Jordi Boggiano 93d4cf6f91
Add --no-show-signature where git supports it, fixes #8966 2020-06-17 16:37:06 +02:00
Graham Campbell fa799970ad Replace whitelist with allow list 2020-06-07 22:15:09 +01:00
Alessandro Lai 270c7c3262
Backport validation support for composer-runtime-api (#8842)
Fixes #8841
2020-04-28 16:04:00 +02:00
Carsten Brandt 960fa4b205
Allow duplicate dashes in package names
fixes #8749
1.10 implementation of #8750
2020-04-10 19:01:06 +02:00
Aaron Johnson 33479f00ab
Add backticks to test. 2020-03-12 23:20:10 -04:00
Jordi Boggiano 3e82542812
Fix test 2020-03-10 17:11:19 +01:00
Jordi Boggiano 6d3d7c39ac
Merge pull request #8621 from remorhaz/master
Fix incorrect --no-dev handling of replaced packages
2020-02-28 23:49:09 +01:00
Jordi Boggiano 0b9c658bef
Add plugin-api-version used to generate a lock file in itself 2020-02-28 10:21:24 +01:00
remorhaz 8df263a756 Test added for issue #8622 fix 2020-02-26 17:39:54 +02:00
Nils Adermann d665ea7ea9
After update and install commands display how many packages want funding 2020-02-14 10:08:36 +01:00
Nils Adermann 5c4f524d6a
Add funding field to composer.json
You can specify a list of funding options each with a type and URL. The
type is used to specify the kind of funding or the platform through
which funding is possible.
2020-02-14 10:08:35 +01:00
Jordi Boggiano 4d74f5ba95
Fix exclude-from-classmap handling to avoid foo matching foo* directories, fixes #8563, refs #8575 2020-02-12 10:23:03 +01:00
Jordi Boggiano c7ba751319
Merge commit 'refs/pull/8575/head' of github.com:composer/composer 2020-02-12 10:11:58 +01:00
Jordi Boggiano 02433c3659
Merge pull request #8565 from glaubinix/t/create-project-add-repository
Create project: add option to add the repository to the composer.json
2020-02-11 13:47:34 +01:00
Jordi Boggiano 31068b7bed
Merge pull request #8594 from IonBazan/downgrading-dry-run
Distinguish between updates and downgrades in dry-run
2020-02-11 10:49:09 +01:00
Ion Bazan 11ae757e99 fix risky tests 2020-02-11 17:27:56 +08:00
Ion Bazan a180f48921 Distinguish between updates and downgrades in dry-run 2020-02-11 16:35:35 +08:00
Stephan Vock 2a564a9f36 Create project: add option to add the repository to the composer.json 2020-02-10 16:46:28 +00:00
Jordi Boggiano 5843a282bc
Merge pull request #8562 from adrianosferreira/fix-archive-format-cli
Uses config data from Composer object whenever possible on ArchiveCommand
2020-02-10 17:26:26 +01:00
Adriano Ferreira 97d077c43b Uses config data from Composer object whenever possible on ArchiveCommand
It was previously blindly getting a new instance from the factory thus ignoring what is on Composer object config data.
2020-02-10 13:15:58 -02:00
Ion Bazan a9bace37f6 fix windows build 2020-02-07 15:18:18 +08:00
Ion Bazan 58b34d13e8 fix risky tests (without any assertion) 2020-02-07 14:35:07 +08:00
Ion Bazan db32d6bc18 do not use env 2020-02-07 13:07:01 +08:00
Ion Bazan a2137d5263 use Symfony PHPUnit Bridge 2020-02-07 12:22:22 +08:00
Jeroen Versteeg cabf373bf4 Added test for exclude-from-classmap (see issue #8563) 2020-02-04 12:57:26 +01:00
Jordi Boggiano fb93036a70
Fix putenv to avoid leaving the environment in a dirty state 2020-01-28 14:22:11 +01:00
Adriano Ferreira acc040f745 Append the bin dir on each listener iteration
The "composer install" can create the vendor/dir folders and be used as a script item on composer.json. Having another script running after it that relies on vendor/bir binaries (such as phpunit) will cause it to not find the binary. This fix addresses the issue by trying to append the path on each script iteration.
2020-01-20 08:11:08 -02:00