public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
12,652 Commits
3 Branches
209 Tags
54 MiB
Commit Graph

12652 Commits (efe91c76e8b16acc833da628ff1bb6de8512ee87)

Author SHA1 Message Date
Jordi Boggiano efe91c76e8
Merge pull request #12258 from TimWolla/release-attest-build-provenance 
Generate build provenance attestation during release
 2025-01-10 16:29:15 +01:00
Jordi Boggiano a2fcc1a4db
Merge pull request #12250 from elazar/patch-2 
Update installer script URL to include openssl_free_key() deprecation fix
 2025-01-10 13:40:56 +01:00
Matthew Turland 4deec0359f
Update installer script URL to include openssl_free_key() deprecation fix 
If the installer script linked from [this page]([https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md](https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md)) is run using PHP 8, it generates the following deprecation notice.

```
Deprecated: Function openssl_free_key() is deprecated since 8.0, as OpenSSLAsymmetricKey objects are freed automatically in Standard input code on line 982
```

This issue was [fixed in the installer script]([composer/getcomposer.org#159](https://github.com/composer/getcomposer.org/pull/159)), but the documentation was not updated to link to the version of it that includes the fix.
 2025-01-10 13:40:00 +01:00
Jordi Boggiano c12edf8034
Merge pull request #12248 from glaubinix/redirect-response-output-warnings 
Allow redirect responses to output warnings/infos
 2025-01-10 08:53:32 +01:00
Jordi Boggiano 7b1655bc62
Merge pull request #12263 from Seldaek/autoload_order 
Fix unstable order of psr-0 and psr-4 rules
 2025-01-09 15:07:26 +01:00
Jordi Boggiano 7b1e983ce9
Fix unstable order of psr-0 and psr-4 rules 
Fixes #12090
 2025-01-09 14:50:13 +01:00
Jordi Boggiano 9d87fd7e8d
Update deps 2025-01-09 14:45:16 +01:00
Jordi Boggiano aa2fd0bb24
Merge pull request #12260 from bilogic/patch-1 
explicitly state UTC
 2025-01-08 15:49:18 +01:00
Tim Düsterhus 089972db87
Generate build provenance attestation during release 
This will simplify secure installation of composer in GitHub Actions to two
calls to `gh` cli with no need to manually import any PGP signing keys:

    gh release --repo composer/composer download --pattern composer.phar
    gh attestation verify --repo composer/composer composer.phar

Given that the current PGP signing key is stored as a GitHub Action secret,
this type of attestation is no less secure than the existing PGP signing.
 2025-01-08 15:46:13 +01:00
Jordi Boggiano b89036c1f8
Merge pull request #12261 from Seldaek/use_phar_running 
Make use of Phar::running() to get the current phar path
 2025-01-08 14:22:32 +01:00
Jordi Boggiano e751c8e4eb
Fix new phpstan error 2025-01-08 14:09:14 +01:00
Jordi Boggiano e81df52e53
Make use of Phar::running() to get the current phar path 2025-01-08 13:46:52 +01:00
bilogic d3da12a30d
explicitly state UTC 2025-01-06 11:39:42 +08:00
Stephan Vock f3f676d2a9
Allow redirect responses to output warnings/infos 2024-12-19 11:17:17 +00:00
Jordi Boggiano fb397acaa0
Reverting release version changes 2024-12-11 11:57:45 +01:00
Jordi Boggiano 112e37d1dc
Release 2.8.4 2024-12-11 11:57:47 +01:00
Jordi Boggiano 1175bf52ac
Update changelog 2024-12-11 11:57:31 +01:00
Jordi Boggiano 6e0cb6cae0
Fix tests 2024-12-11 11:39:34 +01:00
Jordi Boggiano 8eedfd0ecb
Hide publish errors entirely with --no-check-publish instead of downgrading to warning, fixes #12196 2024-12-11 11:32:30 +01:00
Jordi Boggiano 99430ca669
Avoid returning failing status code if the composer audit fails in diagnose command, refs #12196 2024-12-11 11:29:49 +01:00
Jordi Boggiano ace7a3ffa8
Update deps 2024-12-11 10:53:22 +01:00
Jordi Boggiano 144e8f8a34
Fix create-project when passed with a path repo to disable symlinks by default 
Fixes #12222
 2024-12-11 10:51:37 +01:00
Jordi Boggiano 6a9336fa9c
Merge pull request #12233 from Seldaek/fix_duplicates 
Fixed InstalledVersions returning duplicates in some instances
 2024-12-11 10:40:36 +01:00
Jordi Boggiano 45436c0a20
Fixed InstalledVersions returning duplicates in some instances 
Fixes #12225
 2024-12-11 10:25:10 +01:00
Jordi Boggiano a383632641
Merge pull request #12230 from Seldaek/duplicate_errors 
Fixes #12214
 2024-12-11 09:26:04 +01:00
Jordi Boggiano 3a2d1c5f9c
Update logic 2024-12-11 09:24:40 +01:00
Justin Beaty 5cb9733588
Fix bug when plugin defines multiple PluginInterface classes (#12226) 2024-12-10 16:49:33 +01:00
Jordi Boggiano 008129be49
Avoid duplicate errors in the output, fixes #12214 2024-12-10 16:37:56 +01:00
Alexandre Daubois eefa012204
Add OS families to `php-ext` config options for PIE (#12218) 2024-12-09 14:37:10 +01:00
Jordi Boggiano bbab31b564
Fix bump-after-update when passing inline constraints, fixes #12223 2024-12-09 14:27:05 +01:00
Javier Spagnoletti 666dc93fcc
Update docs for `audit` command (#12220) 2024-12-01 13:26:21 +01:00
Michał Mleczko 74f68adeb1
fix(docs): Audit command dependency from custom repositories (#12212) 2024-11-27 16:31:32 +01:00
Kevin Boyd 302ecf824c
Update wording of process-timeout description (#12211) 
Cleans up the description of process-timeout to better separate the config setting from the static helper for script commands.
 2024-11-27 16:30:21 +01:00
Jordi Boggiano 5eeba719d3
Fix type 2024-11-26 17:10:11 +01:00
Jordi Boggiano 2e7b006134
Add missing type annotation 2024-11-26 14:52:33 +01:00
Jordi Boggiano 59b63bc231
Validate license data more thoroughly 2024-11-26 14:49:36 +01:00
Jordi Boggiano cc820306eb
Ensure installed.php data is sorted deterministically, fixes #12197 2024-11-25 16:23:10 +01:00
Lctrs dc2844cc72
disable multiplexing for some versions of curl (#12207) 
* disable multiplexing for some versions of curl

I'm behind a corporate proxy and was hitting a `Curl 2 (...) [CONN-1-0] send: no filter connected` error when trying to download some packages.

Some google research led me to https://github.com/rust-lang/cargo/issues/12202 and its fix https://github.com/rust-lang/cargo/pull/12234.

This PR backports this fix to composer.

> In certain versions of libcurl when proxy is in use with HTTP/2
multiplexing, connections will continue stacking up. This was
fixed in libcurl 8.0.0 in curl/curl@821f6e2

* fix has proxy condition
 2024-11-25 15:03:36 +01:00
Javier Spagnoletti e468b73cb2
Use a bitmask to produce deterministic exit codes for the "audit" command (#12203) 
* Use a bitmask to produce deterministic exit codes for the "audit" command

* Rename consts, small cleanups

---------

Co-authored-by: Jordi Boggiano <j.boggiano@seld.be>
 2024-11-25 14:30:31 +01:00
Stephan 38cb4bfe71
GitLab: adjust links to profile/user-settings (#12205) 2024-11-21 09:16:24 +01:00
James Titcumb aee3bd14db
Add build-path to php-ext config options for PIE (#12206) 
* Add build-path to php-ext config options

* Use phpstan- prefix for shape definitions
 2024-11-21 08:52:30 +01:00
Jordi Boggiano 9fb833f97e
Reverting release version changes 2024-11-17 13:13:04 +01:00
Jordi Boggiano 2a7c71266b
Release 2.8.3 2024-11-17 13:13:04 +01:00
Jordi Boggiano 8f87ab3ea0
Update changelog 2024-11-17 13:12:53 +01:00
Jordi Boggiano 580f0006d6
Ensure we run git commands for bin/compile inside the root of the git repo, refs #12194 2024-11-15 14:08:32 +01:00
Jordi Boggiano 2e83ead40c
Allow react/promise 2.x again, fixes #12188 2024-11-15 13:53:30 +01:00
Jordi Boggiano 23d1030c73
phpstan type fixes 2024-11-14 11:54:11 +01:00
Jordi Boggiano 8f24b67c3c
Try to fix lowest deps tests 2024-11-14 11:47:19 +01:00
Jordi Boggiano a7a14ea860
Show root package version in error output for circular dependencies for added clarity 2024-11-14 11:26:58 +01:00
Jordi Boggiano f1163bdbd4
Avoid updating the lock hash if there is no lock 2024-11-14 11:05:32 +01:00