* Break: By default we now disable any non-secure protocols (http, git, svn). This may lead to issues if you rely on those. See `secure-http` config option.
* Added VCS repo support for the GitLab API, see also `gitlab-oauth` and `gitlab-domains` config options
* Added `prohibits` / `why-not` command to show what blocks an upgrade to a given package:version pair
* Added --tree / -t to the `show` command to see all your installed packages in a tree view
if (reset($this->config['github-protocols']) === 'http') {
$protos = $this->config['github-protocols'];
if ($this->config['secure-http'] && false !== ($index = array_search('git', $protos))) {
unset($protos[$index]);
}
if (reset($protos) === 'http') {
throw new \RuntimeException('The http protocol for github is not available anymore, update your config\'s github-protocols to use "https", "git" or "ssh"');
$this->io->writeError(" Updating to ".$target->getSourceReference());
@ -85,6 +89,13 @@ class HgDownloader extends VcsDownloader
return $output;
}
protected function checkSecureHttp($url)
{
if (preg_match('{^http:}i', $url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
@ -47,6 +47,10 @@ class HgDriver extends VcsDriver
throw new \RuntimeException('Can not clone '.$this->url.' to access package information. The "'.$cacheDir.'" directory is not writable by the current user.');
}
if (preg_match('{^http:}i', $this->url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
}
// update the repo if it is a valid hg repository
if (is_dir($this->repoDir) && 0 === $this->process->execute('hg summary', $output, $this->repoDir)) {
if (0 !== $this->process->execute('hg pull', $output, $this->repoDir)) {
public function runCommand($commandCallable, $url, $cwd, $initialClone = false)
{
if (preg_match('{^(http|git):}i', $url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");
}
if ($initialClone) {
$origCwd = $cwd;
$cwd = null;
@ -60,21 +64,20 @@ class Git
if (!is_array($protocols)) {
throw new \RuntimeException('Config value "github-protocols" must be an array, got '.gettype($protocols));
}
// public github, autoswitch protocols
if (preg_match('{^(?:https?|git)://'.self::getGitHubDomainsRegex($this->config).'/(.*)}', $url, $match)) {
public function execute($command, $url, $cwd = null, $path = null, $verbose = false)
{
if (preg_match('{^(http|svn):}i', $url) && $this->config->get('secure-http')) {
throw new TransportException("Your configuration does not allow connection to $url. See https://getcomposer.org/doc/06-config.md#secure-http for details.");