8ae6fa1205
PHP 8.4 | Remove use of `E_STRICT` ( #12116 )
...
The `E_STRICT` constant is deprecated as of PHP 8.4 and will be removed in PHP 9.0 (commit finally went in today).
The error level hasn't been in use since PHP 8.0 anyway and was only barely still used in PHP 7.x, so removing the exclusion from the `error_reporting()` setting in these script shouldn't really make any difference in practice.
Ref:
* https://wiki.php.net/rfc/deprecations_php_8_4#remove_e_strict_error_level_and_deprecate_e_strict_constant
Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
2024-09-19 09:34:35 +02:00
dea55ec139
Respect sort-packages option when adding plugins to the allow-plugins list, fixes #11348
2024-09-18 16:57:22 +02:00
ad6198ad2a
Ensure stability-flags, platform and platform-dev keys are objects in composer.lock
2024-09-18 15:45:26 +02:00
c8838f198e
Add option to run bump after update ( #11942 )
...
* Add option to run bump after update
* Convert the option into a bool | string parameter and change a couple of texts
* Apply suggestions from code review
* Fix tests
---------
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-09-18 15:34:25 +02:00
17930441a1
Add a way to control which scripts get args and where ( #12086 )
...
Add support for `@no_additional_args` and `@additional_args` tags inside script handlers.
2024-09-18 14:44:55 +02:00
8bc8c4383a
Merge branch '2.7'
2024-09-18 11:00:51 +02:00
8f455d7c0c
Add allow-missing-requirements config setting to ignore missing requirements ( #11966 )
...
* Add allow-missing-requirements configuration to ignore error during install if there are any missing requirements
* Add test for allow-missing-requirements config
---------
Co-authored-by: Joe <joe@wpj.cz>
2024-09-18 11:00:09 +02:00
be7d9abc66
Improve interactive package updates ( #11990 )
...
* Improve interactive package updates
* Exclude platform packages and up to date packages, follow stability flags, ignore-platform-reqs etc
* Add tests and support for lock file + empty lock/vendor
---------
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-09-18 10:43:42 +02:00
07248f4323
Fix require command skipping new stability-flags from the lock file, fixes #11698 ( #12112 )
2024-09-18 09:16:31 +02:00
12031542ba
Add suggestions of provider packages for ext- and lib- packages ( #12113 )
...
Fixes #11669
2024-09-18 08:49:59 +02:00
bb8387e5a0
Remove proxy transition fallback ( #11938 )
2024-09-17 16:14:47 +02:00
21bf74d2c7
Add `--abandoned` option ( #12091 )
...
* Add `--abandoned` option
* Refactoring
- Use `Auditor::ABANDONEDS` in `Config.php`
- Drop `getAuditAbandoned()` from `BaseCommand.php`
* Modify cli docs
2024-09-17 15:44:55 +02:00
fde6a87f64
Sort problem rules ( #12111 )
2024-09-17 14:13:58 +02:00
f42fb617e6
Bump branch-alias to 2.8
2024-09-17 14:08:38 +02:00
f17df6d5a1
Fix handling of platform packages in why-not command and partial updates, fixes #12104 ( #12110 )
2024-09-17 13:31:33 +02:00
3e7b826904
Avoid opening php://stdin multiple times, fixes #12107
2024-09-17 09:47:23 +02:00
1b5b56f234
Fix handling of COMPOSER_ROOT_VERSION to normalize according to expectations, fixes #12101 ( #12109 )
2024-09-17 08:38:43 +02:00
5f2b91aea8
Revert "fix(Locker): don't store transport-options.ssl within the lock-file ( #12019 )"
...
This reverts commit 03bbfdd8f4
2024-09-16 11:31:52 +02:00
e4038e5e3b
Reverting release version changes
2024-09-04 14:43:28 +02:00
e30ccdd665
Release 2.7.9
2024-09-04 14:43:28 +02:00
1fcb6a5d53
Fix docker detection breaking on constrained environments, fixes #12095
2024-09-02 10:24:23 +02:00
4a34725682
Bump dependencies, fixes #12015
2024-09-01 22:17:55 +02:00
aca19582b5
Reverting release version changes
2024-08-22 15:28:36 +02:00
a2edd4e441
Release 2.7.8
2024-08-22 15:28:36 +02:00
a17096f5ba
Fix copy() sometimes failing on virtualbox shared folders, fixes #12057
2024-08-22 12:44:48 +02:00
bbb603490b
Fix duplicate libraries causing issues when conflicting extensions from core and pecl are installed concurrently ( #12093 )
...
Fixes #12082
2024-08-22 12:11:39 +02:00
39d9a5b6c5
Fix relative:true not being respected in path repo installs, fixes #12074 ( #12092 )
2024-08-22 11:45:25 +02:00
f931887304
Detect incorrectly configured COMPOSER env when set to a directory, refs #12049
2024-08-22 10:49:04 +02:00
e173d20450
Ensure COMPOSER_AUTH takes precedence over local auth.json, fixes #12084
2024-08-21 18:39:07 +02:00
8f3fed674b
Clean up md5/sha1 usages, upgrade algos where possible ( #12088 )
...
* Clean up md5/sha1 usages, upgrade algos where possible
* Fully qualify PHP_VERSION_ID constant usages
* Fix 7.2 build
2024-08-21 17:06:42 +02:00
556ca06906
Fix phpstan build with latest deps
2024-08-21 16:44:20 +02:00
48d345ac3e
Update deps, fix some phpstan issues
...
Update baseline (1484, 84)
2024-08-21 14:47:44 +02:00
3ba58ea3eb
Normalize namespaces in psr-0/psr-4 rules to fix edge cases, fixes #12028 ( #12063 )
2024-08-19 13:52:44 +02:00
9da1948585
Improvements to docker detection ( #12062 )
...
* Improvements to docker detection, fixes #11073
* Apply suggestions from code review
Co-authored-by: Dan Wallis <dan@wallis.nz>
2024-08-19 11:01:34 +02:00
d3d378184b
Provide release-date/release-age and latest-release-date in composer outdated -A -f json ( #12053 )
2024-07-26 16:21:02 +02:00
d53cf81429
Fix various phpstan warnings
2024-07-26 09:32:22 +02:00
17f4984601
Make use of new PHP 8.4.0 function to replace implicit $http_response_header var ( #11995 )
2024-07-25 17:43:11 +02:00
39981a0e2b
Sanitize VCS URLs when building cache keys, fixes #11917 , closes #11918 ( #12043 )
2024-07-25 17:24:49 +02:00
eeff1c79ba
Fix addressability of branches containing # characters ( #12042 )
...
Fixes #12029
2024-07-25 16:46:57 +02:00
7504685a2e
Update phpstan and add composer/pcre extensions ( #12045 )
...
* Update phpstan and add composer/pcre extensions
* Update baseline (1516)
2024-07-25 16:28:25 +02:00
029dda0b43
Fix deprecation notice on PHP 8.4 ( #12046 )
...
PHP 8.4 requires nullable arguments to be explicitly declared as such.
2024-07-25 16:26:39 +02:00
685add70ec
Refactor the BasePackage::$stabilities into a constant
2024-07-12 11:28:26 +02:00
bd03981ea7
Fix archive command crashing if a path cannot be realpathed on windows, fixes #11544
2024-07-11 09:29:55 +02:00
68f6498bd3
Only read first 500 bytes of a bin file to detect if it is a PHP script, refs #12032
2024-07-10 15:08:18 +02:00
6ec76db926
Remove redundant boolean type casts ( #12033 )
2024-07-10 11:04:20 +02:00
03bbfdd8f4
fix(Locker): don't store transport-options.ssl within the lock-file ( #12019 )
2024-07-10 10:35:26 +02:00
b2832867e6
Fix some edge cases of tilde constraints in bump command ( #12038 )
...
* Fix: Add test case for not dropping patch version for tilde
* Fix some edge cases of tilde constraints in bump command, fixes #11218
---------
Co-authored-by: Matthias Vogel <git@kanti.de>
2024-07-10 09:47:37 +02:00
e61d4ad986
Update deps
2024-07-06 23:35:00 +02:00
01ce481f22
Reverting release version changes
2024-06-10 22:11:13 +02:00
291942978f
Release 2.7.7
2024-06-10 22:11:12 +02:00
04a63b324f
Add more characters for best fit encoding protection
2024-06-10 22:08:29 +02:00
3130a7455a
Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion
2024-06-10 21:28:19 +02:00
ee28354ca8
Merge pull request from GHSA-47f6-5gq3-vx9c
2024-06-10 14:56:42 +02:00
6bd43dff85
Merge pull request from GHSA-v9qv-c7wm-wgmf
2024-06-10 14:56:13 +02:00
fa3b9582c3
Fix secure-http check to avoid bypass using emojis
2024-06-10 14:48:02 +02:00
137ec17c0a
Fix empty type support in init command, fixes #11999
2024-06-10 11:37:52 +02:00
9dfcf62335
Fix new platform requirements from composer.json not being checked when composer.lock is outdated, fixes #11989 ( #12001 )
2024-05-31 17:53:52 +02:00
dc857b4f91
Fixed PSR violations for classes not matching the namespace of a rule being hidden, fixes #11957
2024-05-31 17:52:05 +02:00
c1be804a0c
Fix UX when a non-required plugin is still present in vendor dir ( #12000 )
...
Composer now skips it and does not prompt if it is not allowed to run, fixes #11944
2024-05-31 10:29:56 +02:00
37d722e73c
PHPStan/tests updates ( #11996 )
...
* Remove a bunch of inline ignores and migrate all PHPUnit assertions to static calls
* Update baseline (1573, 93)
* Update commit hash
2024-05-29 23:12:06 +02:00
dd8af946fd
Fix tests
2024-05-29 22:08:42 +02:00
de5f7e3241
Fix handling of zip bombs when unzipping archives
2024-05-29 15:52:07 +02:00
3773f77527
Fix perforce arg not being escaped correctly
2024-05-29 15:03:59 +02:00
3c37a67c0c
Fix Filesystem::isLocalPath including windows checks on linux
2024-05-29 13:42:19 +02:00
f38df849c2
BlockedIPs: reject job like other exceptions ( #11992 )
2024-05-29 13:00:27 +02:00
f83b6b1026
Enable new phpstan option
2024-05-27 17:11:31 +02:00
09e616fa1d
Update phpstan
2024-05-27 15:14:10 +02:00
81b121bbdf
Fix composer error when git config safe.bareRepository is set to explicit ( #11969 )
2024-05-27 14:56:27 +02:00
5bb30ca170
Update PHPStan ( #11976 )
...
* Update PHPStan
* Update inline ignores to `@phpstan-ignore` with error identifier
2024-05-22 09:09:04 +02:00
d4b071bd1e
To enable to the TransportException code to be accessed in PHP < 8.1, make reflection property accessible ( #11974 )
2024-05-21 22:45:37 +02:00
8d90eb694a
Add uopz warning from installer code ( #11988 )
2024-05-21 22:42:10 +02:00
ede152bd65
Close style tags to avoid bleed ( #11972 )
2024-05-12 22:55:40 +02:00
829e0e767f
Re-use precalculated information ( #11968 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-05-08 14:27:20 +02:00
4d7476ca30
composer#11852 fix: ability to remove autoload* keys ( #11967 )
2024-05-08 11:19:05 +02:00
2fe3244ddb
Reverting release version changes
2024-05-04 23:03:15 +02:00
fabd995783
Release 2.7.6
2024-05-04 23:03:15 +02:00
c2fd4d3ebb
Fix private autoloader callbacks breaking the new runtime autoloader handling code
2024-05-04 23:01:17 +02:00
f81e84164e
Reverting release version changes
2024-05-03 16:23:40 +02:00
29ac9cce40
Release 2.7.5
2024-05-03 16:23:40 +02:00
762f2a37f5
Tweak exit code for network errors to be 100, refs #11954
2024-05-02 16:49:44 +02:00
acf398281c
Fix transport exception not always using 255 exit code, fixes #11954
2024-05-02 16:09:13 +02:00
bcab1c4b8e
Fix Composer autoloader being hijackable by script/plugin event handlers ( #11955 )
2024-04-29 11:41:33 +02:00
d4396a85bf
Fix binary proxies having an absolute path to vendor dir when project dir is a symlink, fixes #11947
2024-04-29 11:32:47 +02:00
80631d2fc8
Fix one more case of unsetting a key in an object
2024-04-29 11:19:52 +02:00
7c66169b7d
Add "uninstall" as alias to "remove". ( #11951 )
2024-04-29 11:03:03 +02:00
232f4e7a5c
Fix config command issue handling objects in some conditions, fixes #11945
2024-04-29 10:59:35 +02:00
ea28853305
Don't show root warning for Podman containers ( #11946 )
2024-04-28 17:34:36 +02:00
6778f1f79a
Updated array shape of php-ext options ( #11950 )
2024-04-28 17:28:11 +02:00
b64e38eb86
Fix phpstan reports
2024-04-28 17:10:36 +02:00
a7c6125ee4
Workaround curl bug in 8.7.0/8.7.1, fixes #11913
2024-04-28 17:09:38 +02:00
0d5549f503
Reverting release version changes
2024-04-22 21:17:04 +02:00
a625e50598
Release 2.7.4
2024-04-22 21:17:03 +02:00
b0d98b9301
Load ProxyManager before running command to fix autoload order ( #11943 )
2024-04-22 21:12:57 +02:00
9f84f0c32b
Reverting release version changes
2024-04-19 21:40:58 +02:00
e49be96f3b
Release 2.7.3
2024-04-19 21:40:57 +02:00
69dc828ba7
Ensure type must be provided in init command
2024-04-19 17:27:50 +02:00
70927f728e
Add FAQ about using a proxy ( #11933 )
2024-04-19 17:27:54 +02:00
b0ec0f96ad
Update phpstan deps and fix a few array_filter issues
2024-04-19 17:00:50 +02:00
3604996464
Ensure diagnose command works even if provider-includes disappears
2024-04-19 14:20:56 +02:00
41fb6146b0
Improve proxy reporting in Diagnose command ( #11932 )
2024-04-19 14:18:55 +02:00
3cc490d4c4
Refactor proxy handling to require https_proxy ( #11915 )
...
Composer has always allowed a single http_proxy (or CGI_HTTP_PROXY)
environment variable to be used for both HTTP and HTTPS requests. But
many other tools and libraries require scheme-specific values.
The landscape is already complicated by the use of and need for upper
and lower case values, so to bring matters inline with current practice
https_proxy is now required for HTTPS requests.
The new proxy handler incorporates a transition mechanism, which allows
http_proxy to be used for all requests when https_proxy is not set and
provides a `needsTransitionWarning` method for the main application.
Moving to scheme-specific environment variables means that a user may
set a single proxy for either HTTP or HTTPS requests. To accomodate this
situation during the transition period, an https_proxy value can be set
to an empty string which will prevent http_proxy being used for HTTPS
requests.
2024-04-17 14:34:26 +02:00
92f641ac3d
Fix show command output to remove v prefixes on versions, making for more uniform output, fixes #11925
2024-04-15 13:23:25 +02:00
89f057e0df
Ensure we clear the locally configured cache dir instead of default one, fixes #11921
2024-04-15 11:49:10 +02:00
c5ff69ed58
Added support for buy_me_a_coffee ( #11902 )
2024-04-03 11:05:07 +02:00
f01ec4a98f
Ensure integer env vars do not cause a crash, fixes #11908
2024-04-03 10:36:39 +02:00
dd18a5fe55
Make methods chainable
2024-04-02 17:40:35 +02:00
9ced107af2
Ensure extension packages in platform repo have php-ext type set
2024-04-02 17:39:00 +02:00
94be5b5c14
Allow restricting allowed types as well, and allow configured ignored/allowed types in Installer class
2024-04-02 17:38:41 +02:00
2027d4975a
Fail status more softly unless -vvv is used, refs #11889
2024-03-21 11:16:56 +01:00
bc157ebea9
Fix phpdoc for new php-ext schema
2024-03-20 22:44:48 +01:00
07fa4255d6
Add support for php extension packages ( #11795 )
...
* Update schema
* Validate php-ext is only set for php-ext or php-ext-zend packages
* Make sure the pool builder excludes php-ext/php-ext-zend
2024-03-20 22:04:58 +01:00
a6947f116a
Allow for SSH URLs when using hg repository type ( #11878 )
2024-03-20 16:31:25 +01:00
75ccf6557a
Use reactphp/promise v2 compatible code
2024-03-20 12:32:54 +01:00
59152ad7aa
Fix phpstan errors in FileDownloader, update baseline (1642, 96)
2024-03-20 12:20:30 +01:00
5a1d506c77
Fix composer status command handling of failed promises, closes #11889
2024-03-20 12:20:30 +01:00
d00f590354
Surface the advisory ID when CVE not present. ( #11892 )
2024-03-19 16:24:10 +01:00
d36cd30d11
HttpDownloader: add option to prevent access to private network ( #11895 )
2024-03-19 16:18:59 +01:00
504e6c581a
Update deps and baseline (1663, 96)
2024-03-19 15:22:44 +01:00
62126e1a40
[PHP 8.4] Fix for implicit nullability deprecation ( #11888 )
...
Fixes a issue that emits a deprecation notice on PHP 8.4.
See:
- [RFC](https://wiki.php.net/rfc/deprecate-implicitly-nullable-types )
- [PHP 8.4: Implicitly nullable parameter declarations deprecated](https://php.watch/versions/8.4/implicitly-marking-parameter-type-nullable-deprecated )
2024-03-15 13:55:25 +01:00
5a20dba768
Only show warning about default version when not "project" type ( #11885 )
2024-03-14 16:38:28 +01:00
2124f09d75
Fix context info being missing from output when using the IO classes as PSR-3 logger, fixes #11882
2024-03-11 17:23:06 +01:00
96f757f3a4
Reverting release version changes
2024-03-11 17:12:19 +01:00
b826edb791
Release 2.7.2
2024-03-11 17:12:18 +01:00
57427e6227
Fix filesystem::copy with broken symlinks, refs #11864
2024-03-08 10:44:47 +01:00
c5aa3dc021
Update deps, update baseline (1677, 97), fixes #11875
2024-03-08 09:03:23 +01:00
66acb84c12
Fix update --lock to avoid updating all metadata except dist/source urls and mirrors ( #11850 )
...
We now update the existing package instead of reverting changes in the updated package to ensure we keep all metadata intact, fixes #11787
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-05 11:32:40 +01:00
1dc2c93261
Fix ensureDirectoryExists not working when a broken symlink appears somewhere in the path, fixes #11864
2024-03-04 14:39:30 +01:00
c42bb68aff
Optimize outdated --ignore to avoid fetching the latest package info for ignored packages, fixes #11863
2024-03-04 14:07:27 +01:00
133447cf51
Output tweak
2024-03-04 14:01:23 +01:00
c3efff91f8
Fix plugins still being available in a few special contexts when running as non-interactive root, mainly create-project, refs #11854
2024-03-04 13:45:04 +01:00
c0b8086af5
Include PHP information when showing Composer version verbosely ( #11866 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-03-01 10:14:41 +01:00
a0d474f75c
Add a warning message when Composer is not able to guess the root package version ( #11858 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-23 10:47:36 +01:00
8c61f812a4
Reverting release version changes
2024-02-09 15:26:29 +01:00
aaf6ed5ccd
Release 2.7.1
2024-02-09 15:26:28 +01:00
be876b47a9
Also output root plugin warning after script execution errors
2024-02-09 14:26:07 +01:00
690fe716c5
Output more warnings about plugins being disabled to hint that it may cause problems, fixes #11839 ( #11842 )
2024-02-09 11:56:25 +01:00
6335551cc2
Fix diagnose auditing of composer dependencies in phar files
2024-02-08 16:24:16 +01:00
f00d3fb5ab
Reverting release version changes
2024-02-08 15:09:19 +01:00
96d107e2bf
Release 2.7.0
2024-02-08 15:09:19 +01:00
64e4eb356b
Merge pull request from GHSA-7c6p-848j-wh5h
...
* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h
* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
754f2868fb
Add non-zero return codes when why-not finds a reason a package is not installable, or when why finds no reason it is there, fixes #11796
2024-02-07 22:27:58 +01:00
7cb92a90c8
Introduce COMPOSER_AUDIT_ABANDONED env var ( #11794 )
...
Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
2024-02-07 22:13:36 +01:00
e0807d381e
Diagnose command: Add GitHub OAuth token expiration date information ( #11688 )
...
GitHub's new fine-grained tokens have a cumpulsory expiration date, and their
classic tokens also support an expiration date.
https://github.blog/changelog/2021-07-26-expiration-options-for-personal-access-tokens/
This improves the `composer diagnose` command to display the expiration
date and time if it is provided by the response headers
(via `GitHub-Authentication-Token-Expiration`).
2024-02-07 21:30:24 +01:00
0c99bfc8fd
Fix root aliases causing problems when auditing locked dependencies, fixes #11771
2024-02-07 11:37:50 +01:00
fa040131b0
Add more details to event debug output, refs #11818
2024-02-07 11:18:06 +01:00
fd23381391
Add arguments to command call output ( #11826 )
2024-02-07 11:11:16 +01:00
7745d56c14
Do not show error that plugins have been disabled when they are already disabled ( #11803 )
2024-02-07 09:32:55 +01:00
9a656854ad
ValidatingArrayLoader: fix link validation with missing name ( #11830 )
2024-02-06 17:18:41 +01:00
e88c7a8987
Add support for wildcards in outdated's --ignore arg, fixes #11831
2024-02-06 17:17:25 +01:00
ebb6a82099
issue #11811 auth token links on separate lines ( #11812 )
...
* issue #11811 auth token links on separate lines
* 11811 - remove stray bracket
* 11811 : links on separte lines
2024-02-06 16:53:18 +01:00
Juliette