hugo
/
composer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
9,816 Commits
1 Branch
0 Tags
25 MiB
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b8ebc7be5f'
${ noResults }
Commit Graph

9816 Commits (b8ebc7be5f80821d7bf8679f299a526700fab79d)
 

Author SHA1 Message Date
Jordi Boggiano b8ebc7be5f
Revert a few changes to ConfigCommand 4 years ago
username fc87caf639 Provide correct parameter data type 4 years ago
username 113adbcd87 Sort conditions by cost 4 years ago
username 98462292c0 Sort conditions by cost 4 years ago
username abedc0dc42 Sort conditions by cost 4 years ago
username 17ae93bc9c Remove unnecessary method call 4 years ago
username 18009af023 Inline variable 4 years ago
username e719be501e Remove unnecessary method call 4 years ago
username 459e2473c8 Remove unused variable 4 years ago
username 3f09ae0737 Simplify duplicate case 4 years ago
username 46cc387598 Split workflows 4 years ago
Nils Adermann 43093d0eeb Add tests for edge cases of packages providing names which exist as real packages 4 years ago
Nils Adermann 140665eadd Add another test verifying that a package may provide an incompatible version of sth that actually exists 4 years ago
Nils Adermann 85950f8e9a Fix provider coexistence test, needs another requirement to install both 4 years ago
Nils Adermann cf8ff2a75d Fix test filename to end with .test extension so it gets run 4 years ago
Jordi Boggiano bfc695e67c
Merge pull request #9161 from bradjones1/patch-1 
Update config section to note required scope for GitLab tokens
 4 years ago
Brad Jones 706125fbbf
Update config section to note required scope for GitLab tokens 4 years ago
Jordi Boggiano f18d91bd58
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes #9079 4 years ago
Jordi Boggiano c3db4614c9
Also remove credentials from cache dirs in git/svn drivers, fixes #7439, refs #9155 4 years ago
Jordi Boggiano 98862f5408
Merge pull request #9155 from Ayesh/hide-passwords-cache 
Sanitize repo URLs to mask HTTP auth passwords from cache directory
 4 years ago
Jordi Boggiano 9e77514764
Merge pull request #9156 from Ayesh/gitlab-repos 
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
 4 years ago
Ayesh Karunaratne 931a1ff1f8
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth 
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.

With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
 4 years ago
Jordi Boggiano 42920e01d4
Merge pull request #9154 from quasilyte/patch-1 
Util/Zip: fix strpos args order
 4 years ago
Ayesh Karunaratne 87573aab27
Sanitize repo URLs to mask HTTP auth passwords from cache directory 
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.

Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.

Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
 4 years ago
Iskander (Alex) Sharipov dc1fd92b9b
Util/Zip: fix strpos args order 
`strpos()` first argument is a haystack, not a needle.

`strpos('x', $s)` is identical to `$s === 'x'` which is probably not what we want here.
 4 years ago
Jordi Boggiano d645b3c45a
Merge pull request #9152 from Seldaek/readonly-cache 
Add a readonly mode to the cache
 4 years ago
Jordi Boggiano 90332f1dbd
Add a readonly mode to the cache, fixes #9150 4 years ago
Jordi Boggiano 875a4784ed
Reorg config class a little 4 years ago
Jordi Boggiano 6186c7f36f
Fix handling of root aliases in partial updates, fixes #9110 4 years ago
Jordi Boggiano 05e9fe936f
Merge branch '1.10' 4 years ago
Jordi Boggiano b847c4dc3a
Validate licenses correctly even when proprietary is combined with some other license, fixes #9144 4 years ago
Jordi Boggiano 414c37a30c
Merge pull request #9146 from glaubinix/f/remotefilesystem-max-file-size 
RemoteFilesystem: avoid warning when setting max file size
 4 years ago
Stephan d140a842fa RemoteFilesystem: avoid warning when setting max file size 4 years ago
Jordi Boggiano 2bd1bd4194
Merge pull request #9142 from oleg-andreyev/fixing-error-message-for-higher-priority-repo 
fixing error message for higher repository priority when it provides only a dev-branch
 4 years ago
Jordi Boggiano 448daea696
Add support for detecting packages not matching only due to minimum stability 4 years ago
Jordi Boggiano 4d83783641
Fix test to avoid network usage 4 years ago
Jordi Boggiano 2646f09c2e
Update lock 4 years ago
Jordi Boggiano e5ba99cf67
Merge branch '1.10' 4 years ago
Jordi Boggiano 45246aca22
Update deps, fixes #9125 4 years ago
Jordi Boggiano 9ea9d20b21
Merge pull request #9130 from glaubinix/t/max-file-size 
Downloader: add a max_file_size option to prevent too big files to be downloaded
 4 years ago
Stephan a16f32484b Downloader: add a max_file_size to prevent too big files to be downloaded 4 years ago
Oleg Andreyev e745e59656
updated repositories-priorities4.test 4 years ago
Oleg Andreyev f262feebec
fixing error message for higher repository priority, when higher repo has only a dev-branch 4 years ago
Jordi Boggiano c5f6413142
Merge pull request #9124 from johnstevenson/deprecation 
Fix openssl_free_key deprecation notice in PHP 8
 4 years ago
Jordi Boggiano 38f49acfdd
Merge pull request #9133 from lstrojny/dev/check-inet-pton 
Fix regression when inet_pton() does not exist
 4 years ago
Lars Strojny 3e750b69f4
Fix name 4 years ago
Lars Strojny a83588f568
The proper fix 4 years ago
Lars Strojny 99fd5c7b49
Add tests 4 years ago
Lars Strojny 4e06aa051a
Check if inet_pton() exists 4 years ago
Jordi Boggiano 4aaff4c4b4
Merge pull request #9131 from GrahamCampbell/actions 
Actions tweaks
 4 years ago