1
0
Fork 0
Commit Graph

11464 Commits (e9560a619e3bcda8741631e4387c0534ed2d7da1)

Author SHA1 Message Date
Jordi Boggiano e9560a619e
Revert issue in previous fix 2024-06-10 22:41:26 +02:00
Jordi Boggiano 54a3beda47
Add more characters for best fit encoding protection 2024-06-10 22:18:02 +02:00
Jordi Boggiano ba4ad2408a
Fix windows parameter encoding to prevent abuse of unicode characters with best fit encoding conversion 2024-06-10 22:17:58 +02:00
Jordi Boggiano 47374343a1
Fix perforce arg not being escaped correctly 2024-06-10 22:17:31 +02:00
Jordi Boggiano 406e3f9ede
Fix Filesystem::isLocalPath including windows checks on linux 2024-06-10 22:16:15 +02:00
Jordi Boggiano 7a1e02d1a3
Fix secure-http check to avoid bypass using emojis 2024-06-10 22:15:34 +02:00
Jordi Boggiano b93fc6ca43
Merge pull request from GHSA-47f6-5gq3-vx9c 2024-06-10 14:56:42 +02:00
Jordi Boggiano fc57b93603
Merge pull request from GHSA-v9qv-c7wm-wgmf 2024-06-10 14:56:13 +02:00
Jordi Boggiano ea0f2e7c2c
Update deps 2024-06-10 11:11:11 +02:00
Jordi Boggiano 2cd63e0196
Update changelog 2024-02-08 15:14:27 +01:00
Jordi Boggiano 668b56d0b0
Reverting release version changes 2024-02-08 15:08:54 +01:00
Jordi Boggiano d1542e8963
Release 2.2.23 2024-02-08 15:08:53 +01:00
Jordi Boggiano ff14762c06
Fix php5.3 syntax 2024-02-08 15:06:49 +01:00
Jordi Boggiano 626358695c
Remove php8 CI 2024-02-08 15:04:58 +01:00
Jordi Boggiano b534407af4
Remove platform config before selecting phpunit bridge version 2024-02-08 14:56:17 +01:00
Jordi Boggiano 69fa55d2f2
CI fixes 2024-02-08 14:49:21 +01:00
Jordi Boggiano 7418b5212a
Remove return type 2024-02-08 14:45:59 +01:00
Jordi Boggiano 77e3982918
Merge pull request from GHSA-7c6p-848j-wh5h
* Fix automatic disabling of plugins when running non-interactive as root

* Fix usage of possibly compromised installed.php/InstalledVersions.php at runtime, refs GHSA-7c6p-848j-wh5h

* Fix InstalledVersionsTest regression
2024-02-08 14:33:59 +01:00
Jordi Boggiano c6e09b32ac
Update deps 2024-02-08 11:34:06 +01:00
Jordi Boggiano 6a69018185
Reverting release version changes 2023-09-29 10:53:47 +02:00
Jordi Boggiano fedc76ee3f
Release 2.2.22 2023-09-29 10:53:46 +02:00
Jordi Boggiano bb8624fb1e
Update changelog 2023-09-29 10:51:26 +02:00
Jordi Boggiano 95e091c921
Merge pull request from GHSA-jm6m-4632-36hf 2023-09-29 10:15:51 +02:00
Jordi Boggiano 66d3e4ba47
Fix phar build 2023-09-28 16:31:42 +02:00
Jordi Boggiano c0723bd1a2
Fix bitbucket redirect URLs failing old PHP builds which do not support long headers
51e2015af3
2023-09-28 16:26:45 +02:00
Jordi Boggiano ed4f4086ec
Update changelog 2023-09-28 16:19:19 +02:00
Jordi Boggiano b4c1be6cb6
Escape % chars in user input before passing to sprintf, fixes #11359 2023-09-28 16:18:09 +02:00
Jordi Boggiano 8beb64d82c
Fix github header handling to be case insensitive, fixes rate limit extraction (#11366) 2023-09-28 16:16:49 +02:00
Jordi Boggiano 44ebeb7e8f
Fix support for readonly classes as plugins, fixes #11404 2023-09-28 16:14:17 +02:00
Jordi Boggiano 658ab073ea
Fixed binary proxies to return whatever the original binary returns as well, fixes #11416 (#11454) 2023-09-28 16:08:41 +02:00
David Zülke 2feeb56477
Fix 'composer show --platform <package>' erroring if no composer.json is present (#11533)
Sort of related to #11046 (although this is not a regression, but didn't work before, either)
2023-09-28 16:07:45 +02:00
David Zülke 008c8ed11a
Fix lib-curl-openssl parsing for SecureTransport (#11534)
On macOS, if libcurl is built against SecureTransport, the platform repository will contain an invalid package name:

    % composer show --platform | grep curl
    ext-curl                           8.2.7    The curl PHP extension
    lib-curl                           8.1.2    The curl library
    lib-curl-(securetransport) openssl 3.1.1    curl (securetransport) openss...
    lib-curl-libssh2                   1.11.0   curl libssh2 version
    lib-curl-zlib                      1.2.11   curl zlib version

This change fixes it:

    % bin/composer show --platform | grep curl
    lib-curl                 8.1.2              The curl library
    lib-curl-libssh2         1.11.0             curl libssh2 version
    lib-curl-securetransport 3.1.1              curl (securetransport) openssl ...
    lib-curl-zlib            1.2.11             curl zlib version

(second column width difference comes from the Composer dev version number)
2023-09-28 16:04:05 +02:00
Tom Klingenberg b29be2f56b
COMPOSER_DISABLE_NETWORK aware `diagnose` checks; SKIP output (#11597)
Make `diagnose` checks aware of COMPOSER_DISABLE_NETWORK (true) and skip
Composer network operations that would otherwise spill stack traces into
diagnostic messages and taint the result as error while the check itself
is not applicable/useful within the environment.

`COMPOSER_DISABLE_NETWORK` was released with [2.0.0-alpha1] and intro-
duced in fc03ab9bb (Add COMPOSER_DISABLE_NETWORK env var for debugging,
2019-01-14).

The previous behaviour was to exit with a status of two (2), denoting an
error.

The new behaviour is to exit with a status of zero (0), showing the
successful skipping of diagnostics that can only be run when Composer
network is enabled - not disabled.

SKIP output is updated and streamlined.

NOTE: The "prime" Value

It is irrelevant for diagnose checks, as all diagnostic checks that
spilled were with the HTTP Downloader and the check is aligned (both
"1" or "prime" values disable):

    (bool) Platform::getEnv('COMPOSER_DISABLE_NETWORK')

NOTE: Not Affected

 * The `allow_url_fopen` diagnostic check, platform related
 * The `disable-tls` setting related HTTP Downloader creation warning

[2.0.0-alpha1]: <https://getcomposer.org/changelog/2.0.0-alpha1> "released 2020-06-03"
2023-09-28 15:53:56 +02:00
Jordi Boggiano 90f8d01614
Fix loading of root aliases on path repo packages when doing partial updates, fixes #11630 (#11632) 2023-09-28 15:49:28 +02:00
Jordi Boggiano d12ed3d68d
Fix return type of InstalledVersions::getInstalled, fixes #11304 2023-09-28 15:48:38 +02:00
Jordi Boggiano a75da0efe2
Update deps 2023-09-28 15:18:57 +02:00
Attia A. Ahmed 3d5f475703
Fix broken junctions leading to installation failure on Windows (#11550) 2023-07-21 10:58:54 +02:00
Stefan Grootscholten 77e89fb3e4
Fix authentication issues with private bitbucket repos (#11464) 2023-05-23 23:06:48 +02:00
Jordi Boggiano 5f6f0aeaf4
Reverting release version changes 2023-02-15 13:07:41 +01:00
Jordi Boggiano 978198befc
Release 2.2.21 2023-02-15 13:07:40 +01:00
Jordi Boggiano 45cef89a5d
Update changelog 2023-02-15 13:07:23 +01:00
Nicolas Grekas 57b47301ed
Added optional plugin check in PluginInstaller (#11326) 2023-02-14 11:48:42 +01:00
Jordi Boggiano 5e5aaf7ada
Reverting release version changes 2023-02-10 14:11:11 +01:00
Jordi Boggiano b4850827d8
Release 2.2.20 2023-02-10 14:11:10 +01:00
Jordi Boggiano 6e74b00221
Update changelog 2023-02-10 14:10:28 +01:00
Nicolas Grekas 2a8efc7a85
Add extra.plugin-optional to auto-disable plugins in non-interactive mode (#11316) 2023-02-10 14:01:11 +01:00
Jordi Boggiano 67f5892a5d
Reverting release version changes 2023-02-04 14:54:48 +01:00
Jordi Boggiano 30ff21a9af
Release 2.2.19 2023-02-04 14:54:48 +01:00
Jordi Boggiano 02c9a3b262
Update changelog 2023-02-04 14:53:50 +01:00
PrinsFrank fd62c6eb58
Use lowercase Github ratelimit headers to determine the ratelimit limit and reset time (#11194)
https://github.com/github/docs/pull/14912
2023-02-04 14:46:38 +01:00