Skip to content

Commit

Permalink
Merge branch 'composer:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
xerc authored Jan 29, 2024
2 parents 0b9faea + d3aeb13 commit f2cd3bf
Show file tree
Hide file tree
Showing 105 changed files with 2,369 additions and 355 deletions.
1 change: 0 additions & 1 deletion .gitattributes
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
/.php-cs-fixer.php export-ignore
/CHANGELOG.md export-ignore
/CODE_OF_CONDUCT.md export-ignore
/composer.lock export-ignore
/phpunit.xml.dist export-ignore
/PORTING_INFO export-ignore
/README.md export-ignore
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/autoloader.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:

steps:
- name: "Checkout"
uses: "actions/checkout@v3"
uses: "actions/checkout@v4"

- name: "Install Composer dependencies"
run: "composer config platform --unset && composer install"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/close-stale-support.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
pull-requests: write

steps:
- uses: actions/stale@v8
- uses: actions/stale@v9
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: 180
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/continuous-integration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,30 +44,30 @@ jobs:
dependencies: lowest
os: ubuntu-latest
experimental: false
- php-version: "8.1"
- php-version: "8.3"
dependencies: highest
os: ubuntu-latest
experimental: false
- php-version: "8.1"
- php-version: "8.3"
os: windows-latest
dependencies: locked
experimental: false
- php-version: "8.1"
- php-version: "8.3"
os: macos-latest
dependencies: locked
experimental: false
- php-version: "8.3"
- php-version: "8.4"
dependencies: lowest-ignore
os: ubuntu-latest
experimental: false
- php-version: "8.3"
experimental: true
- php-version: "8.4"
dependencies: highest-ignore
os: ubuntu-latest
experimental: false
experimental: true

steps:
- name: "Checkout"
uses: "actions/checkout@v3"
uses: "actions/checkout@v4"

- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
Expand Down Expand Up @@ -138,7 +138,7 @@ jobs:

steps:
- name: "Checkout"
uses: "actions/checkout@v3"
uses: "actions/checkout@v4"

- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:

steps:
- name: "Checkout"
uses: "actions/checkout@v3"
uses: "actions/checkout@v4"

- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/phpstan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:

steps:
- name: "Checkout"
uses: "actions/checkout@v3"
uses: "actions/checkout@v4"

- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
Expand Down Expand Up @@ -86,7 +86,7 @@ jobs:
# This step requires a secret token with `pull` access to composer/docker. The default
# secrets.GITHUB_TOKEN is scoped to this repository only which is not sufficient.
- name: "Open issue @ Docker repository"
uses: actions/github-script@v6
uses: actions/github-script@v7
with:
github-token: ${{ secrets.PUBLIC_REPO_ACCESS_TOKEN }}
script: |
Expand Down
32 changes: 32 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,31 @@
### [2.6.6] 2023-12-08

* Fixed symfony/console requirement to exclude 7.x as Composer 2.6 is not compatible, 2.7 will be (#11741)
* Fixed libpq parsing to use the global constant if available (#11684)
* Fixed error output when updating with a temporary constraint fails (#11692)

### [2.6.5] 2023-10-06

* Fixed error when vendor dir contains broken symlinks (#11670)
* Fixed composer.lock missing from Composer's zip archives (#11674)
* Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8)

### [2.6.4] 2023-09-29

* Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
* Fixed json output of abandoned packages in audit command (#11647)
* Performance improvement in pool optimization step (#11638)
* Performance improvement in `show -a <packagename>` (#11659)

### [2.6.3] 2023-09-15

* Added audit.abandoned config setting. Can be set to `ignore`, `report` (current default) or `fail` (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
* Added a warning when duplicates `files` autoload rules are detected (#11109)
* Fixed unhandled promise rejection regression (#11620)
* Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
* Fixed `archive` command not producing the correct output if the temp dir is a symlink (#11636)
* Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)

### [2.6.2] 2023-09-03

* Reverted "Fixed binary proxies causing scripts inspecting `$_SERVER['SCRIPT_NAME']` to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
Expand Down Expand Up @@ -1767,6 +1795,10 @@

* Initial release

[2.6.6]: https://github.com/composer/composer/compare/2.6.5...2.6.6
[2.6.5]: https://github.com/composer/composer/compare/2.6.4...2.6.5
[2.6.4]: https://github.com/composer/composer/compare/2.6.3...2.6.4
[2.6.3]: https://github.com/composer/composer/compare/2.6.2...2.6.3
[2.6.2]: https://github.com/composer/composer/compare/2.6.1...2.6.2
[2.6.1]: https://github.com/composer/composer/compare/2.6.0...2.6.1
[2.6.0]: https://github.com/composer/composer/compare/2.5.8...2.6.0
Expand Down
5 changes: 5 additions & 0 deletions bin/composer
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,11 @@
<?php

if (PHP_SAPI !== 'cli' && PHP_SAPI !== 'phpdbg') {
if (0 === strpos(__FILE__, 'phar:') && ini_get('register_argc_argv')) {
echo 'Composer cannot be run safely on non-CLI SAPIs with register_argc_argv=On. Aborting.'.PHP_EOL;
exit(1);
}

echo 'Warning: Composer should be invoked via the CLI version of PHP, not the '.PHP_SAPI.' SAPI'.PHP_EOL;
}

Expand Down
4 changes: 2 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@
"seld/signal-handler": "^2.0"
},
"require-dev": {
"symfony/phpunit-bridge": "^6.0 || ^7",
"symfony/phpunit-bridge": "^6.4.1 || ^7.0.1",
"phpstan/phpstan": "^1.9.3",
"phpstan/phpstan-phpunit": "^1.0",
"phpstan/phpstan-deprecation-rules": "^1",
Expand All @@ -65,7 +65,7 @@
},
"extra": {
"branch-alias": {
"dev-main": "2.6-dev"
"dev-main": "2.7-dev"
},
"phpstan": {
"includes": [
Expand Down
Loading

0 comments on commit f2cd3bf

Please sign in to comment.