public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
12,397 Commits
3 Branches
206 Tags
52 MiB
Commit Graph

12397 Commits (dd18a5fe553472a45a4a583bb16ef68e497ef772)

Author SHA1 Message Date
Jordi Boggiano eea73daeac
Update changelog 2024-02-08 14:34:27 +01:00
Jordi Boggiano 64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h 
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h

* Fix InstalledVersionsTest regression
 2024-02-08 14:33:59 +01:00
Jordi Boggiano 7442981364
Add flag alias to docs 2024-02-08 11:31:44 +01:00
theoboldalex 7a6bb18e21
Adds a test for no dev (#11833) 2024-02-08 11:06:34 +01:00
Jordi Boggiano 67d80e1c9d
Fix php7.2 2024-02-07 22:44:22 +01:00
Jordi Boggiano df8f9f05a3
Update tests 2024-02-07 22:37:22 +01:00
Jordi Boggiano 754f2868fb
Add non-zero return codes when why-not finds a reason a package is not installable, or when why finds no reason it is there, fixes #11796 2024-02-07 22:27:58 +01:00
Dezső BICZÓ 7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var (#11794) 
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
 2024-02-07 22:13:36 +01:00
Ayesh Karunaratne e0807d381e
Diagnose command: Add GitHub OAuth token expiration date information (#11688) 
GitHub's new fine-grained tokens have a cumpulsory expiration date, and their
classic tokens also support an expiration date.

https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/

This improves the `composer diagnose` command to display the expiration
date and time if it is provided by the response headers
(via `GitHub-Authentication-Token-Expiration`).
 2024-02-07 21:30:24 +01:00
Jordi Boggiano 18cd8a01a4
Update jsonlint 2024-02-07 14:09:39 +01:00
theoboldalex 338bc16a11
test: Covers audit of pkg with no sec advisories (#11789) 2024-02-07 11:40:29 +01:00
Jordi Boggiano 0c99bfc8fd
Fix root aliases causing problems when auditing locked dependencies, fixes #11771 2024-02-07 11:37:50 +01:00
Jordi Boggiano fa040131b0
Add more details to event debug output, refs #11818 2024-02-07 11:18:06 +01:00
PrinsFrank fd23381391
Add arguments to command call output (#11826) 2024-02-07 11:11:16 +01:00
Jordi Boggiano 654da6f576
Update deps, fixes #11801 2024-02-07 11:10:55 +01:00
dependabot[bot] 158df56ccc
Bump actions/cache from 3 to 4 (#11807) 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-07 10:10:42 +01:00
Antoine M d0b465ffd0
chore(doc): add `_comment` documentation inside `composer.json` schema (#11825) 
* Update 04-schema.md

* example
 2024-02-07 10:10:05 +01:00
Kuba Werłos 7745d56c14
Do not show error that plugins have been disabled when they are already disabled (#11803) 2024-02-07 09:32:55 +01:00
Stephan 9a656854ad
ValidatingArrayLoader: fix link validation with missing name (#11830) 2024-02-06 17:18:41 +01:00
Jordi Boggiano e88c7a8987
Add support for wildcards in outdated's --ignore arg, fixes #11831 2024-02-06 17:17:25 +01:00
Derek Stephen McLean ebb6a82099
issue #11811 auth token links on separate lines (#11812) 
* issue #11811 auth token links on separate lines

* 11811 - remove stray bracket

* 11811 : links on separte lines
 2024-02-06 16:53:18 +01:00
Jordi Boggiano ef6c224ec2
Fix require command crashing at the end if no lock file is present, fixes #11814 2024-02-06 13:46:46 +01:00
Jordi Boggiano bff129f4f5
Update require docs, fixes #11823 2024-02-06 13:27:55 +01:00
Jordi Boggiano 0f70c0a9c9
Add detection of constraints which do not match anything in validate command, fixes #11802 (#11829) 2024-02-06 12:57:52 +01:00
PrinsFrank 8a69c0555b
Update plugin documentation (#11813) 2024-02-06 12:57:34 +01:00
Jordi Boggiano d3aeb1357f
Merge branch '2.6' 2024-01-26 17:45:05 +01:00
Jordi Boggiano 7048ff3808
Fix automatic disabling of plugins when running non-interactive as root 2024-01-26 17:44:35 +01:00
Jordi Boggiano f402517af5
Merge branch '2.6' 2024-01-26 17:27:48 +01:00
Jordi Boggiano b1bd22f37c
Fix type error 2024-01-26 17:27:42 +01:00
Jordi Boggiano 2ec8feb825
Merge branch '2.6' 2024-01-26 17:11:27 +01:00
Jordi Boggiano 952256247c
Only include installed versions class when plugins and scripts are allowed, as it is not needed otherwise 2024-01-26 17:11:16 +01:00
Jordi Boggiano 4e5be9ee7d
Emit warning instead of crashing on invalid security advisory API response, fixes #11767 2024-01-12 14:20:59 +01:00
Jordi Boggiano a29acbdd2e
Ensure repos declaring security-advisories have at least an API or a restricted set of packages to avoid too many wasteful requests 2024-01-12 13:17:05 +01:00
Jordi Boggiano 3491986ad3
Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var (#11791) 
* Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var, fixes #530

* Address feedback

* Add warning in diagnose command when COMPOSER_IPRESOLVE is set
 2024-01-11 17:13:54 +01:00
Jordi Boggiano c069174ac7
Merge remote-tracking branch 'origin/2.6' 2024-01-11 16:44:46 +01:00
Jordi Boggiano 75fd2bbeb2
Ensure we respect available-package-patterns and available-packages directives when fetching security advisories, fixes #11704 (#11773) 2024-01-11 16:44:27 +01:00
Jordi Boggiano 55db88f51b
Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728 2024-01-11 09:53:00 +01:00
Jordi Boggiano 3427bee1f2
🤦 2024-01-10 13:47:26 +01:00
Jordi Boggiano 10667db1ba
Only override ist url if it is not handled gracefully already 2024-01-10 13:42:01 +01:00
Jordi Boggiano 547a635287
Fix build 2024-01-10 13:34:56 +01:00
Jordi Boggiano 042a8c2128
Ensure dist url/type/checksum remain the same when doing lock hash updates, refs #11787 2024-01-10 13:33:49 +01:00
Jordi Boggiano ca433076b1
Sync up docs from command, fixes #11787 2024-01-10 10:26:03 +01:00
James 5bc5c174a6
Update 01-basic-usage.md (#11788) 
Changed a few clunky phrases
 2024-01-09 21:21:34 +01:00
Jordi Boggiano 284821543a
Merge branch '2.6' 2024-01-08 16:10:20 +01:00
Jordi Boggiano 3ed4e16dea
Update deps 2024-01-08 16:05:46 +01:00
Sam L 44f02a5c86
Add COMPOSER_FUND=0 env var to disable calls for funding (#11779) 2024-01-08 15:10:49 +01:00
Jordi Boggiano be71bf056e
Fix support for versions with 4 components in VersionSelector, fixes #11716 2024-01-08 14:56:08 +01:00
Jordi Boggiano 071fbcf347
Fix warnings incorrectly being shown when using require with upper bound ignored on platform requirements, fixes #11722 (#11786) 2024-01-08 14:48:24 +01:00
Jordi Boggiano 534bc20beb
Add support for combining show --self with --installed or --locked (#11785) 2024-01-08 14:14:44 +01:00
theoboldalex 3be0ca8467
Adds a test for invalid arg combo (#11783) 2024-01-08 11:03:34 +01:00