public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
12,700 Commits
3 Branches
210 Tags
54 MiB
Commit Graph

12700 Commits (e44b2d88727913e757c8b431f95fd828c530e26e)

Author SHA1 Message Date
Tim Düsterhus 089972db87
Generate build provenance attestation during release 
This will simplify secure installation of composer in GitHub Actions to two
calls to `gh` cli with no need to manually import any PGP signing keys:

    gh release --repo composer/composer download --pattern composer.phar
    gh attestation verify --repo composer/composer composer.phar

Given that the current PGP signing key is stored as a GitHub Action secret,
this type of attestation is no less secure than the existing PGP signing.
 2025-01-08 15:46:13 +01:00
Jordi Boggiano b89036c1f8
Merge pull request #12261 from Seldaek/use_phar_running 
Make use of Phar::running() to get the current phar path
 2025-01-08 14:22:32 +01:00
Jordi Boggiano e751c8e4eb
Fix new phpstan error 2025-01-08 14:09:14 +01:00
Jordi Boggiano e81df52e53
Make use of Phar::running() to get the current phar path 2025-01-08 13:46:52 +01:00
bilogic d3da12a30d
explicitly state UTC 2025-01-06 11:39:42 +08:00
jrfnl ccdfb56078
GitHubDriver::getFundingInfo(): add support for thanks.dev and polar.sh 
GitHub looks to have added a dedicated syntax for the thanks.dev funding platform when added to a `funding.yml` file.
However, it looks like Composer does not (yet) support this syntax as can be seen from failed Packagist updates of the dev branches of the [PHP_CodeSniffer](https://packagist.org/packages/squizlabs/php_codesniffer#dev-master) and [PHPCompatibility](https://packagist.org/packages/phpcompatibility/php-compatibility) packages.

The polar.sh funding platform also appears to be newly supported by GH and missing from the list.

This PR fixes both.

Refs:
* https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
 2024-12-31 02:14:33 +01:00
jrfnl ab390f6bf1
GitHubDriver::getFundingInfo(): order the cases 
This re-orders the cases in the `switch` to follow the same order as the GitHub documentation (largely alphabetic) for easier comparisons between the two lists.

Refs:
* https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
 2024-12-31 01:50:29 +01:00
Stephan Vock f3f676d2a9
Allow redirect responses to output warnings/infos 2024-12-19 11:17:17 +00:00
Andrew Nicols 5c07d1d154
Discard unsupported FUNDING.yml URL values 2024-12-18 11:57:23 +08:00
Thomas Landauer 35ce4bd769 Adjusting the test 2024-12-11 13:46:24 +01:00
Thomas Landauer cefdee5049
Update BaseDependencyCommand.php 2024-12-11 13:31:36 +01:00
Jordi Boggiano fb397acaa0
Reverting release version changes 2024-12-11 11:57:45 +01:00
Jordi Boggiano 112e37d1dc
Release 2.8.4 2024-12-11 11:57:47 +01:00
Jordi Boggiano 1175bf52ac
Update changelog 2024-12-11 11:57:31 +01:00
Jordi Boggiano 6e0cb6cae0
Fix tests 2024-12-11 11:39:34 +01:00
Jordi Boggiano 8eedfd0ecb
Hide publish errors entirely with --no-check-publish instead of downgrading to warning, fixes #12196 2024-12-11 11:32:30 +01:00
Jordi Boggiano 99430ca669
Avoid returning failing status code if the composer audit fails in diagnose command, refs #12196 2024-12-11 11:29:49 +01:00
Jordi Boggiano ace7a3ffa8
Update deps 2024-12-11 10:53:22 +01:00
Jordi Boggiano 144e8f8a34
Fix create-project when passed with a path repo to disable symlinks by default 
Fixes #12222
 2024-12-11 10:51:37 +01:00
Jordi Boggiano 6a9336fa9c
Merge pull request #12233 from Seldaek/fix_duplicates 
Fixed InstalledVersions returning duplicates in some instances
 2024-12-11 10:40:36 +01:00
Jordi Boggiano 45436c0a20
Fixed InstalledVersions returning duplicates in some instances 
Fixes #12225
 2024-12-11 10:25:10 +01:00
Jordi Boggiano a383632641
Merge pull request #12230 from Seldaek/duplicate_errors 
Fixes #12214
 2024-12-11 09:26:04 +01:00
Jordi Boggiano 3a2d1c5f9c
Update logic 2024-12-11 09:24:40 +01:00
Justin Beaty 5cb9733588
Fix bug when plugin defines multiple PluginInterface classes (#12226) 2024-12-10 16:49:33 +01:00
Thomas Landauer e132a5a84a
Adding explicit message to `why-not` if package is already installed 
Closes #12227
 2024-12-10 16:37:59 +01:00
Jordi Boggiano 008129be49
Avoid duplicate errors in the output, fixes #12214 2024-12-10 16:37:56 +01:00
Alexandre Daubois eefa012204
Add OS families to `php-ext` config options for PIE (#12218) 2024-12-09 14:37:10 +01:00
Jordi Boggiano bbab31b564
Fix bump-after-update when passing inline constraints, fixes #12223 2024-12-09 14:27:05 +01:00
Javier Spagnoletti 666dc93fcc
Update docs for `audit` command (#12220) 2024-12-01 13:26:21 +01:00
Michał Mleczko 74f68adeb1
fix(docs): Audit command dependency from custom repositories (#12212) 2024-11-27 16:31:32 +01:00
Kevin Boyd 302ecf824c
Update wording of process-timeout description (#12211) 
Cleans up the description of process-timeout to better separate the config setting from the static helper for script commands.
 2024-11-27 16:30:21 +01:00
Jordi Boggiano 5eeba719d3
Fix type 2024-11-26 17:10:11 +01:00
Jordi Boggiano 2e7b006134
Add missing type annotation 2024-11-26 14:52:33 +01:00
Jordi Boggiano 59b63bc231
Validate license data more thoroughly 2024-11-26 14:49:36 +01:00
Jordi Boggiano cc820306eb
Ensure installed.php data is sorted deterministically, fixes #12197 2024-11-25 16:23:10 +01:00
Lctrs dc2844cc72
disable multiplexing for some versions of curl (#12207) 
* disable multiplexing for some versions of curl

I'm behind a corporate proxy and was hitting a `Curl 2 (...) [CONN-1-0] send: no filter connected` error when trying to download some packages.

Some google research led me to https://github.com/rust-lang/cargo/issues/12202 and its fix https://github.com/rust-lang/cargo/pull/12234.

This PR backports this fix to composer.

> In certain versions of libcurl when proxy is in use with HTTP/2
multiplexing, connections will continue stacking up. This was
fixed in libcurl 8.0.0 in curl/curl@821f6e2

* fix has proxy condition
 2024-11-25 15:03:36 +01:00
Javier Spagnoletti e468b73cb2
Use a bitmask to produce deterministic exit codes for the "audit" command (#12203) 
* Use a bitmask to produce deterministic exit codes for the "audit" command

* Rename consts, small cleanups

---------

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
 2024-11-25 14:30:31 +01:00
Stephan 38cb4bfe71
GitLab: adjust links to profile/user-settings (#12205) 2024-11-21 09:16:24 +01:00
James Titcumb aee3bd14db
Add build-path to php-ext config options for PIE (#12206) 
* Add build-path to php-ext config options

* Use phpstan- prefix for shape definitions
 2024-11-21 08:52:30 +01:00
Jordi Boggiano 9fb833f97e
Reverting release version changes 2024-11-17 13:13:04 +01:00
Jordi Boggiano 2a7c71266b
Release 2.8.3 2024-11-17 13:13:04 +01:00
Jordi Boggiano 8f87ab3ea0
Update changelog 2024-11-17 13:12:53 +01:00
Jordi Boggiano 580f0006d6
Ensure we run git commands for bin/compile inside the root of the git repo, refs #12194 2024-11-15 14:08:32 +01:00
Jordi Boggiano 2e83ead40c
Allow react/promise 2.x again, fixes #12188 2024-11-15 13:53:30 +01:00
Jordi Boggiano 23d1030c73
phpstan type fixes 2024-11-14 11:54:11 +01:00
Jordi Boggiano 8f24b67c3c
Try to fix lowest deps tests 2024-11-14 11:47:19 +01:00
Jordi Boggiano a7a14ea860
Show root package version in error output for circular dependencies for added clarity 2024-11-14 11:26:58 +01:00
Jordi Boggiano f1163bdbd4
Avoid updating the lock hash if there is no lock 2024-11-14 11:05:32 +01:00
Jordi Boggiano a39f57bcd7
Update deps 2024-11-14 11:05:18 +01:00
Jordi Boggiano 1e7857d682
Update docs with hint for avast disabling 2024-11-14 10:50:54 +01:00