An open source image hosting service powered by Laravel

Overview

Limg

An open source image hosting service powered by Laravel

limg logo

Build Status Total Downloads Latest Stable Version License


Features

  • Upload your image via file, url or ShareX !
  • Manage your image (custom title, public or private, delete, custom size...)
  • Custom Domain for ShareX upload (be sure to add a redirect from the new domain to the main domain)
  • Discord Webhook for every new image uploaded
  • Add image into an album (custom name, public or private, delete)
  • Backpack Admin Panel (ready to use)
  • Like System
  • Possibility to choose to generate shorter links for ShareX uploads
  • Public & Private API

Requirement

Installation

  • clone the repository: git clone https://github.com/Havenstd06/Limg
  • create a database
  • install: composer install
  • create configuration env file .env refer to .env.example
  • generate a new application key php artisan key:generate
  • setup database tables: php artisan migrate:fresh --seed (highly recommanded)
  • create storage link php artisan storage:link
  • install node_module npm i && npm run dev (or npm run prod)
  • Default username: Havens - Password : password (see database/factories/UserFactory.php & database/seeds/UsersTableSeeder)

Setup Discord Login

  • go on https://discordapp.com/developers/applications
  • create new application
  • copy CLIENT ID & CLIENT SECRET
  • paste on .env (CLIENT ID => DISCORD_KEY & CLIENT SECRET => DISCORD_SECRET)
  • go on OAuth2 page and add redirect link : https://YourApp.Domain/login/discord/callback
  • add this redirect link in .env => DISCORD_REDIRECT_URI

API

API endpoint

https://limg.app/api

Authorization Header

For some page (with sensitive information) an API key is necessary, you must add:
Authorization: {UserApiToken}

Stats

  • /stats/global - Return the number of images, albums and users.

User

  • /user/{Username} - Return the user's public information.
  • /user/{Username} (with "Authorization") - Return the user's private information.
  • /user/{Username}/images/discover - Returns all the user's "discover" images.
  • /user/{Username}/images/all (with "Authorization") - Return all user images.
  • /user/{Username}/images/public (with "Authorization") - Returns all the user's "public" images.
  • /user/{Username}/images/private (with "Authorization") - Returns all the user's "private" images.

Images

  • /images/discover - Return all "discover" images.
  • /images/{pageName} - Return the image of the specified image "pageName" (If public).
  • /images/{pageName} (with "Authorization") - Return the image of the specified image "pageName" (If private).
  • /images/delete/{pageName} (with "Authorization") - Delete the image, only if you own the image (does not work with anonymous user images).

Upload

  • /upload - ShareX Compatible API.

Backpack Admin Panel

This software uses Backpack for Laravel as a dependency. So when you use this in production, you'll need a Backpack license. You can get a free non-commercial license here, but if your project is for commercial purposes you need to pay 69 EUR for a license.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. Please make sure to update tests as appropriate.

License

MIT

Comments
  • Fails to install because of yoeunes/notify

    Fails to install because of yoeunes/notify

    The step "composer install" fails because yoeunes/notify does no longer exist. The repo is gone. The author recommends php-flasher/flasher-laravel instead.

    opened by goldug 3
  • Bump ini from 1.3.5 to 1.3.8

    Bump ini from 1.3.5 to 1.3.8

    Bumps ini from 1.3.5 to 1.3.8.

    Commits
    • a2c5da8 1.3.8
    • af5c6bb Do not use Object.create(null)
    • 8b648a1 don't test where our devdeps don't even work
    • c74c8af 1.3.7
    • 024b8b5 update deps, add linting
    • 032fbaf Use Object.create(null) to avoid default object property hazards
    • 2da9039 1.3.6
    • cfea636 better git push script, before publish instead of after
    • 56d2805 do not allow invalid hazardous string as section name
    • See full diff in compare view
    Maintainer changes

    This version was pushed to npm by isaacs, a new releaser for ini since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 3
  • Bump guzzlehttp/guzzle from 7.2.0 to 7.4.4

    Bump guzzlehttp/guzzle from 7.2.0 to 7.4.4

    Bumps guzzlehttp/guzzle from 7.2.0 to 7.4.4.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 7.4.4

    See change log for changes.

    Release 7.4.3

    See change log for changes.

    Release 7.4.2

    See change log for changes.

    Release 7.4.1

    See change log for changes.

    Release 7.4.0

    See change log for changes.

    Release 7.3.0

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    7.4.4 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    7.4.3 - 2022-05-25

    • Fix cross-domain cookie leakage

    7.4.2 - 2022-03-20

    Fixed

    • Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
    • Reject non-HTTP schemes in StreamHandler
    • Set a default ssl.peer_name context in StreamHandler to allow force_ip_resolve

    7.4.1 - 2021-12-06

    Changed

    • Replaced implicit URI to string coercion #2946
    • Allow symfony/deprecation-contracts version 3 #2961

    Fixed

    • Only close curl handle if it's done #2950

    7.4.0 - 2021-10-18

    Added

    Fixed

    • Make sure we always call restore_error_handler() #2915
    • Fix progress parameter type compatibility between the cURL and stream handlers #2936
    • Throw InvalidArgumentException when an incorrect headers array is provided #2916, #2942

    Changed

    7.3.0 - 2021-03-23

    Added

    • Support for DER and P12 certificates #2413

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump guzzlehttp/guzzle from 7.2.0 to 7.4.3

    Bump guzzlehttp/guzzle from 7.2.0 to 7.4.3

    Bumps guzzlehttp/guzzle from 7.2.0 to 7.4.3.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 7.4.3

    See change log for changes.

    Release 7.4.2

    See change log for changes.

    Release 7.4.1

    See change log for changes.

    Release 7.4.0

    See change log for changes.

    Release 7.3.0

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    7.4.3 - 2022-05-25

    • Fix cross-domain cookie leakage

    7.4.2 - 2022-03-20

    Fixed

    • Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
    • Reject non-HTTP schemes in StreamHandler
    • Set a default ssl.peer_name context in StreamHandler to allow force_ip_resolve

    7.4.1 - 2021-12-06

    Changed

    • Replaced implicit URI to string coercion #2946
    • Allow symfony/deprecation-contracts version 3 #2961

    Fixed

    • Only close curl handle if it's done #2950

    7.4.0 - 2021-10-18

    Added

    Fixed

    • Make sure we always call restore_error_handler() #2915
    • Fix progress parameter type compatibility between the cURL and stream handlers #2936
    • Throw InvalidArgumentException when an incorrect headers array is provided #2916, #2942

    Changed

    7.3.0 - 2021-03-23

    Added

    • Support for DER and P12 certificates #2413
    • Support the cURL (http://) scheme for StreamHandler proxies #2850
    • Support for guzzlehttp/psr7:^2.0 #2878

    Fixed

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump url-parse from 1.4.7 to 1.5.7

    Bump url-parse from 1.4.7 to 1.5.7

    Bumps url-parse from 1.4.7 to 1.5.7.

    Commits
    • 8b3f5f2 1.5.7
    • ef45a13 [fix] Readd the empty userinfo to url.href (#226)
    • 88df234 [doc] Add soft deprecation notice
    • 78e9f2f [security] Fix nits
    • e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
    • 4c9fa23 1.5.6
    • 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
    • e4a5807 1.5.5
    • 193b44b [minor] Simplify whitespace regex
    • 319851b [fix] Remove CR, HT, and LF
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Bump follow-redirects from 1.13.0 to 1.14.7

    Bump follow-redirects from 1.13.0 to 1.14.7

    Bumps follow-redirects from 1.13.0 to 1.14.7.

    Commits
    • 2ede36d Release version 1.14.7 of the npm package.
    • 8b347cb Drop Cookie header across domains.
    • 6f5029a Release version 1.14.6 of the npm package.
    • af706be Ignore null headers.
    • d01ab7a Release version 1.14.5 of the npm package.
    • 40052ea Make compatible with Node 17.
    • 86f7572 Fix: clear internal timer on request abort to avoid leakage
    • 2e1eaf0 Keep Authorization header on subdomain redirects.
    • 2ad9e82 Carry over Host header on relative redirects (#172)
    • 77e2a58 Release version 1.14.4 of the npm package.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Bump url-parse from 1.4.7 to 1.5.3

    Bump url-parse from 1.4.7 to 1.5.3

    Bumps url-parse from 1.4.7 to 1.5.3.

    Commits
    • ad44493 [dist] 1.5.3
    • c798461 [fix] Fix host parsing for file URLs (#210)
    • 201034b [dist] 1.5.2
    • 2d9ac2c [fix] Sanitize only special URLs (#209)
    • fb128af [fix] Use 'null' as origin for non special URLs
    • fed6d9e [fix] Add a leading slash only if the URL is special
    • 94872e7 [fix] Do not incorrectly set the slashes property to true
    • 81ab967 [fix] Ignore slashes after the protocol for special URLs
    • ee22050 [ci] Use GitHub Actions
    • d2979b5 [fix] Special case the file: protocol (#204)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Bump composer/composer from 2.0.6 to 2.1.9

    Bump composer/composer from 2.0.6 to 2.1.9

    Bumps composer/composer from 2.0.6 to 2.1.9.

    Release notes

    Sourced from composer/composer's releases.

    2.1.9

    • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
    • Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107)
    • Fixed inline git credentials showing up in output in some conditions (#10115)
    • Fixed support for running updates while offline as long as the cache contains enough information (#10116)
    • Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095)
    • Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132)
    • Fixed CA bundle to remove the expired Let's Encrypt root CA

    2.1.8

    • Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode (#10102)

    2.1.7

    • Added many type annotations internally, which may have an effect on CI/static analysis for people using Composer as a dependency. This work will continue in following releases
    • Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
    • Fixed regression in 2.1.6 where list command was not showing plugin commands (#10075)
    • Fixed issue handling package updates where the package type changed (#10076)
    • Fixed docker being detected as WSL when run inside WSL (#10094)

    2.1.6

    • Updated internal PHAR signatures to be SHA512 instead of SHA1
    • Fixed uncaught exception handler regression (#10022)
    • Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
    • Fixed corrupted zips in the cache from blocking installs until a cache clear, the bad archives are now deleted automatically on first failure (#10028)
    • Fixed URL sanitizer handling of new github tokens (#10048)
    • Fixed issue finding classes with very long heredocs in classmap autoload (#10050)
    • Fixed proc_open being required for simple installs from zip, as well as diagnose (#9253)
    • Fixed path repository bug causing symlinks to be left behind after a package is uninstalled (#10023)
    • Fixed issue in 7-zip support on windows with certain archives (#10058)
    • Fixed bootstrapping process to avoid loading the composer.json and plugins until necessary, speeding things up slightly (#10064)
    • Fixed lib-openssl detection on FreeBSD (#10046)
    • Fixed support for ircs:// protocol for support.irc composer.json entries

    2.1.5

    • Fixed create-project creating a php: directory in the directory it was executed in (#10020, #10021)
    • Fixed curl downloader to respect default_socket_timeout if it is bigger than our default 300s (#10018)

    2.1.4

    • Fixed PHP 8.1 deprecation warnings (#10008)
    • Fixed support for working within UNC/WSL paths on Windows (#9993)
    • Fixed 7-zip support to also be looked up on Linux/macOS as 7z or 7zz (#9951)
    • Fixed repositories' only/exclude properties to avoid matching names as sub-strings of full package names (#10001)
    • Fixed open_basedir regression from #9855
    • Fixed schema errors being reported incorrectly in some conditions (#9986)
    • Fixed archive command not working with async archive extraction
    • Fixed init command being able to generate an invalid composer.json (#9986)

    2.1.3

    • Add "symlink" option for "bin-compat" config to force symlinking even on WSL/Windows (#9959)
    • Fixed source binaries not being made executable when symlinks cannot be used (#9961)

    ... (truncated)

    Changelog

    Sourced from composer/composer's changelog.

    [2.1.9] 2021-10-05

    • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
    • Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107)
    • Fixed inline git credentials showing up in output in some conditions (#10115)
    • Fixed support for running updates while offline as long as the cache contains enough information (#10116)
    • Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095)
    • Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132)
    • Fixed CA bundle to remove the expired Let's Encrypt root CA

    [2.1.8] 2021-09-15

    • Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode (#10102)

    [2.1.7] 2021-09-14

    • Added many type annotations internally, which may have an effect on CI/static analysis for people using Composer as a dependency. This work will continue in following releases
    • Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
    • Fixed regression in 2.1.6 where list command was not showing plugin commands (#10075)
    • Fixed issue handling package updates where the package type changed (#10076)
    • Fixed docker being detected as WSL when run inside WSL (#10094)

    [2.1.6] 2021-08-19

    • Updated internal PHAR signatures to be SHA512 instead of SHA1
    • Fixed uncaught exception handler regression (#10022)
    • Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
    • Fixed corrupted zips in the cache from blocking installs until a cache clear, the bad archives are now deleted automatically on first failure (#10028)
    • Fixed URL sanitizer handling of new github tokens (#10048)
    • Fixed issue finding classes with very long heredocs in classmap autoload (#10050)
    • Fixed proc_open being required for simple installs from zip, as well as diagnose (#9253)
    • Fixed path repository bug causing symlinks to be left behind after a package is uninstalled (#10023)
    • Fixed issue in 7-zip support on windows with certain archives (#10058)
    • Fixed bootstrapping process to avoid loading the composer.json and plugins until necessary, speeding things up slightly (#10064)
    • Fixed lib-openssl detection on FreeBSD (#10046)
    • Fixed support for ircs:// protocol for support.irc composer.json entries

    [2.1.5] 2021-07-23

    • Fixed create-project creating a php: directory in the directory it was executed in (#10020, #10021)
    • Fixed curl downloader to respect default_socket_timeout if it is bigger than our default 300s (#10018)

    [2.1.4] 2021-07-22

    • Fixed PHP 8.1 deprecation warnings (#10008)
    • Fixed support for working within UNC/WSL paths on Windows (#9993)
    • Fixed 7-zip support to also be looked up on Linux/macOS as 7z or 7zz (#9951)
    • Fixed repositories' only/exclude properties to avoid matching names as sub-strings of full package names (#10001)
    • Fixed open_basedir regression from #9855
    • Fixed schema errors being reported incorrectly in some conditions (#9986)

    ... (truncated)

    Commits
    • e558c88 Release 2.1.9
    • cb1e248 Fix type annotation
    • 2f3273b Fix changelog
    • 18e2497 Merge branch '1.10'
    • b67ceb8 Prepare changelog
    • ca5e2f8 Fix escaping issues on Windows which could lead to command injection, fixes G...
    • b3eebeb Merge pull request from GHSA-frqg-7g38-6gcf
    • 532c6e7 Fix show --all showing only the installed version if the package is installed...
    • a7963b7 Fix ComposerRepository handling of offline state to allow resolution as long ...
    • edccad4 VcsRepository: do not continue when receiving 429 rate limit exception (#10132)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump url-parse from 1.4.7 to 1.5.1

    Bump url-parse from 1.4.7 to 1.5.1

    Bumps url-parse from 1.4.7 to 1.5.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 1
  • Bump laravel/framework from 8.24.0 to 8.40.0

    Bump laravel/framework from 8.24.0 to 8.40.0

    Bumps laravel/framework from 8.24.0 to 8.40.0.

    Release notes

    Sourced from laravel/framework's releases.

    v8.39.0

    Added

    • Added Illuminate\Collections\Collection::sole() method (#37034)
    • Support url for php artisan db command (#37064)
    • Added Illuminate\Foundation\Bus\DispatchesJobs::dispatchSync() (#37063)
    • Added Illuminate\Cookie\CookieJar::expire() (#37072, fa3a14f)
    • Added Illuminate\Database\DatabaseManager::setApplication() (#37068)
    • Added Illuminate\Support\Stringable::whenNotEmpty() (#37080)
    • Added Illuminate\Auth\SessionGuard::attemptWhen() (#37090, e3fcd97)
    • Added password validation rule (#36960)

    Fixed

    • Fixed JsonResponse::fromJasonString() double encoding string (#37076)
    • Fallback to primary key if owner key doesnt exist on model at all in MorphTo relation (a011109)
    • Fixes for PHP 8.1 (#37087, #37101)
    • Do not execute beforeSending callbacks twice in HTTP client (#37116)
    • Fixed nullable values for required_if (#37128, 86fd558)

    Changed

    • Schedule list timezone command (#37117)

    v8.38.0

    Added

    • Added a wordCount() string helper (#36990)
    • Allow anonymous and class based migration coexisting (#37006)
    • Added Illuminate\Broadcasting\Broadcasters\PusherBroadcaster::setPusher() (#37033)

    Fixed

    • Fixed required_if boolean validation (#36969)
    • Correctly merge object payload data in Illuminate\Queue\Queue::createObjectPayload() (#36998)
    • Allow the use of temporary views for Blade testing on Windows machines (#37044)
    • Fixed Http::withBody() not being sent (#37057)

    v8.37.0

    Added

    • Allow to retry jobs by queue name (#36898, f2d9b59, c351a30)
    • Added strings to the DetectsLostConnections.php (4210258)
    • Allow testing of Blade components that return closures (#36919)
    • Added anonymous migrations (#36906)
    • Added Session\Store::missing() method (#36937)
    • Handle concurrent asynchronous requests in the HTTP client (#36948, 245a712)
    • Added tinyText data type to Blueprint and to available database grammars (#36949)
    • Added a method to remove a resolved view engine (#36955)
    • Added Illuminate\Database\Eloquent\Model::getAttributesForInsert() protected method (9a9f59f, 314bf87)

    Fixed

    • Fixed clone() on EloquentBuilder (#36924)

    Changed

    ... (truncated)

    Changelog

    Sourced from laravel/framework's changelog.

    Release Notes for 8.x

    Unreleased

    v8.39.0 (2021-04-27)

    Added

    • Added Illuminate\Collections\Collection::sole() method (#37034)
    • Support url for php artisan db command (#37064)
    • Added Illuminate\Foundation\Bus\DispatchesJobs::dispatchSync() (#37063)
    • Added Illuminate\Cookie\CookieJar::expire() (#37072, fa3a14f)
    • Added Illuminate\Database\DatabaseManager::setApplication() (#37068)
    • Added Illuminate\Support\Stringable::whenNotEmpty() (#37080)
    • Added Illuminate\Auth\SessionGuard::attemptWhen() (#37090, e3fcd97)
    • Added password validation rule (#36960)

    Fixed

    • Fixed JsonResponse::fromJasonString() double encoding string (#37076)
    • Fallback to primary key if owner key doesnt exist on model at all in MorphTo relation (a011109)
    • Fixes for PHP 8.1 (#37087, #37101)
    • Do not execute beforeSending callbacks twice in HTTP client (#37116)
    • Fixed nullable values for required_if (#37128, 86fd558)

    Changed

    • Schedule list timezone command (#37117)

    v8.38.0 (2021-04-20)

    Added

    • Added a wordCount() string helper (#36990)
    • Allow anonymous and class based migration coexisting (#37006)
    • Added Illuminate\Broadcasting\Broadcasters\PusherBroadcaster::setPusher() (#37033)

    Fixed

    • Fixed required_if boolean validation (#36969)
    • Correctly merge object payload data in Illuminate\Queue\Queue::createObjectPayload() (#36998)
    • Allow the use of temporary views for Blade testing on Windows machines (#37044)
    • Fixed Http::withBody() not being sent (#37057)

    v8.37.0 (2021-04-13)

    Added

    • Allow to retry jobs by queue name (#36898, f2d9b59, c351a30)
    • Added strings to the DetectsLostConnections.php (4210258)
    • Allow testing of Blade components that return closures (#36919)
    • Added anonymous migrations (#36906)
    • Added Session\Store::missing() method (#36937)

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump composer/composer from 2.0.6 to 2.0.13

    Bump composer/composer from 2.0.6 to 2.0.13

    Bumps composer/composer from 2.0.6 to 2.0.13.

    Release notes

    Sourced from composer/composer's releases.

    2.0.13

    • Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)
    • Fixed install step at the end of the init command to take new dependencies into account correctly
    • Fixed update --lock listing updates which were not really happening (#9812)
    • Fixed support for --no-dev combined with --locked in outdated and show commands (#9788)

    2.0.12

    • Fixed support for new GitHub OAuth token format (#9757)
    • Fixed support for Vagrant/VirtualBox filesystem slowness by adding short sleeps in some places (#9627)
    • Fixed unclear error reporting when a package is in the lock file but not in the remote repositories (#9750)
    • Fixed processes silently ignoring the CWD when it does not exist
    • Fixed new Windows bin handling to avoid proxying phar files (#9742)
    • Fixed issue extracting archives into paths that already exist, fixing problems with some custom installers (composer/installers#479)
    • Fixed support for branch names starting with master/trunk/default (#9739)
    • Fixed self-update to preserve phar file permissions on Windows (#9733)
    • Fixed detection of hg version when localized (#9753)
    • Fixed git execution failures to also include the stdout output (#9720)

    2.0.11

    • Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected

    2.0.10

    • Added COMPOSER_MAX_PARALLEL_HTTP env var to let people set a lower amount of parallel requests if needed
    • Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
    • Fixed exec command suppressing output in some circumstances
    • Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
    • Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
    • Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
    • Fixed regression handling some private Bitbucket repository clones
    • Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
    • Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
    • Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
    • Fixed support for older lib-sodium versions
    • Fixed various minor issues

    2.0.9

    • Added warning if the curl extension is not enabled as it significantly degrades performance
    • Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
    • Fixed download speed when downloading large files
    • Fixed archive and path repo copies mishandling some .gitignore paths
    • Fixed root package classes not being available to the plugins/scripts during the initial install
    • Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
    • Fixed preg jit issues when config or require modifies large composer.json files
    • Fixed compatibility with envs having open_basedir restrictions
    • Fixed exclude-from-classmap causing regex issues when having too many paths
    • Fixed compatibility issue with Symfony 4/5
    • Several small performance and debug output improvements

    2.0.8

    ... (truncated)

    Changelog

    Sourced from composer/composer's changelog.

    [2.0.13] 2021-04-27

    • Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)
    • Fixed install step at the end of the init command to take new dependencies into account correctly
    • Fixed update --lock listing updates which were not really happening (#9812)
    • Fixed support for --no-dev combined with --locked in outdated and show commands (#9788)

    [2.0.12] 2021-04-01

    • Fixed support for new GitHub OAuth token format (#9757)
    • Fixed support for Vagrant/VirtualBox filesystem slowness by adding short sleeps in some places (#9627)
    • Fixed unclear error reporting when a package is in the lock file but not in the remote repositories (#9750)
    • Fixed processes silently ignoring the CWD when it does not exist
    • Fixed new Windows bin handling to avoid proxying phar files (#9742)
    • Fixed issue extracting archives into paths that already exist, fixing problems with some custom installers (composer/installers#479)
    • Fixed support for branch names starting with master/trunk/default (#9739)
    • Fixed self-update to preserve phar file permissions on Windows (#9733)
    • Fixed detection of hg version when localized (#9753)
    • Fixed git execution failures to also include the stdout output (#9720)

    [2.0.11] 2021-02-24

    • Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected

    [2.0.10] 2021-02-23

    • Added COMPOSER_MAX_PARALLEL_HTTP to let people set a lower amount of parallel requests if needed
    • Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
    • Fixed exec command suppressing output in some circumstances
    • Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
    • Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
    • Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
    • Fixed regression handling some private Bitbucket repository clones
    • Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
    • Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
    • Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
    • Fixed support for older lib-sodium versions
    • Fixed various minor issues

    [2.0.9] 2021-01-27

    • Added warning if the curl extension is not enabled as it significantly degrades performance
    • Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
    • Fixed download speed when downloading large files
    • Fixed archive and path repo copies mishandling some .gitignore paths
    • Fixed root package classes not being available to the plugins/scripts during the initial install
    • Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
    • Fixed preg jit issues when config or require modifies large composer.json files
    • Fixed compatibility with envs having open_basedir restrictions
    • Fixed exclude-from-classmap causing regex issues when having too many paths

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 1
  • Bump express from 4.17.1 to 4.18.2

    Bump express from 4.17.1 to 4.18.2

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump qs and express

    Bump qs and express

    Bumps qs and express. These dependencies needed to be updated together. Updates qs from 6.7.0 to 6.11.0

    Changelog

    Sourced from qs's changelog.

    6.11.0

    • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
    • [readme] fix version badge

    6.10.5

    • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

    6.10.4

    • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
    • [meta] use npmignore to autogenerate an npmignore file
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

    6.10.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [actions] reuse common workflows
    • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

    6.10.2

    • [Fix] stringify: actually fix cyclic references (#426)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [actions] update codecov uploader
    • [actions] update workflows
    • [Tests] clean up stringify tests slightly
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

    6.10.1

    • [Fix] stringify: avoid exception on repeated object values (#402)

    6.10.0

    • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
    • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
    • [meta] fix README.md (#399)
    • [meta] only run npm run dist in publish, not install
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
    • [Tests] fix tests on node v0.6
    • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
    • [Tests] Revert "[meta] ignore eclint transitive audit warning"

    6.9.7

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [Tests] clean up stringify tests slightly
    • [meta] fix README.md (#399)
    • Revert "[meta] ignore eclint transitive audit warning"

    ... (truncated)

    Commits
    • 56763c1 v6.11.0
    • ddd3e29 [readme] fix version badge
    • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
    • 95bc018 v6.10.5
    • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
    • ba9703c v6.10.4
    • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
    • 113b990 [Dev Deps] update object-inspect
    • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
    • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
    • Additional commits viewable in compare view

    Updates express from 4.17.1 to 4.18.2

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Bump loader-utils and resolve-url-loader

    Bump loader-utils and resolve-url-loader

    Bumps loader-utils to 1.4.2 and updates ancestor dependency resolve-url-loader. These dependencies need to be updated together.

    Updates loader-utils from 1.4.0 to 1.4.2

    Release notes

    Sourced from loader-utils's releases.

    v1.4.2

    1.4.2 (2022-11-11)

    Bug Fixes

    v1.4.1

    1.4.1 (2022-11-07)

    Bug Fixes

    Changelog

    Sourced from loader-utils's changelog.

    1.4.2 (2022-11-11)

    Bug Fixes

    1.4.1 (2022-11-07)

    Bug Fixes

    Commits

    Updates resolve-url-loader from 3.1.1 to 5.0.0

    Release notes

    Sourced from resolve-url-loader's releases.

    5.0.0

    Breaking changes

    • Require node>=12.
    • Support only webpack>=4.
    • Update to postcss@^8.
    • Remove rework engine (which was deprecated in V4).

    Bugfixes

    • Fix log messages not correctly normalising absolute paths to posix style on Windows platform
    • Fixes to end-to-end tests and test framework.

    5.0.0-beta.1

    Breaking changes

    • Require node>=12.
    • Support only webpack>=4.
    • Update to postcss@^8.
    • Remove rework engine (which was deprecated in V4).

    Bugfixes

    • Fix log messages not correctly normalising absolute paths to posix style on Windows platform
    • Fixes to end-to-end tests and test framework.

    5.0.0-alpha.1

    Breaking changes

    • Require node>=12.
    • Support only webpack>=4.
    • Update to postcss@^8.
    • Remove rework engine (which was deprecated in V4).

    Bugfixes

    • Fix log messages not correctly normalising absolute paths to posix style on Windows platform

    4.0.0

    Features

    • Better resolution of the original source location - You can more successfully use url() in variables and mixins.
    • Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

    Breaking Changes

    • The engine option is deprecated which means the old rework engine is deprecated.
    • The keepQuery behaviour is now the default, the keepQuery option has been removed.
    • The removeCR option defaults to true when executing on Windows OS.
    • The absolute option has been removed.
    • The join option has changed.

    Migrating

    See the changlog.

    ... (truncated)

    Changelog

    Sourced from resolve-url-loader's changelog.

    resolve-url-loader

    Version 5

    Features

    • Update postcss and completely remove rework parser.

    Breaking Changes

    • Require node@>=12.
    • Support webpack@>=4 (no longer tested for earlier versions).
    • The engine option has been removed.

    Migrating

    Remove the engine option if you are using it.

    Version 4

    Features

    • Better resolution of the original source location - You can more successfully use url() in variables and mixins.
    • Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

    Breaking Changes

    • The engine option is deprecated which means the old rework engine is deprecated.
    • The keepQuery behaviour is now the default, the keepQuery option has been removed.
    • The removeCR option defaults to true when executing on Windows OS.
    • The absolute option has been removed.
    • The join option has changed.

    Migrating

    Remove the engine option if you are using it - the default "postcss" engine is much more reliable. The "rework" engine will still work for now but will be removed in the next major version.

    Remove the keepQuery option if you are using it.

    Remove the absolute option, webpack should work fine without it. If you have a specific need to rebase url() then you should use a separate loader.

    If you use a custom join function then you will need to refactor it to the new API. Refer to the advanced usage documentation.

    If you wish to still use engine: "rework" then note that rework and rework-visit packages are now peerDependencies that must be explicitly installed by you.

    Version 3

    Features

    • Use postcss parser by default. This is long overdue as the old rework parser doesn't cope with modern css.

    ... (truncated)

    Commits
    • bf01da9 5.0.0
    • 78393f6 update branch references to v5
    • 6787839 github actions for CI
    • 1457038 update changelog and readme
    • a01faf9 5.0.0-beta.1
    • fb09fae remove the engine option harder, ensure deprecation warning is tested
    • 5654fa4 remove the engine option and related tests, use getOptions from loader where ...
    • 10f9cdb 5.0.0-alpha.1
    • b168dd3 adjust deprecation message for engine option
    • 29e142a normalise windows absolute paths to posix format in log messages
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Install failed because of ConsoleTVs/Charts

    Install failed because of ConsoleTVs/Charts

    The step "composer install" fails because ConsoleTVs/Charts does no longer exist. The repo is gone.

    (yes, I basically copied my previous bug report, but it's the same problem with another repo)

    opened by goldug 2
  • Bump guzzlehttp/guzzle from 7.2.0 to 7.4.5

    Bump guzzlehttp/guzzle from 7.2.0 to 7.4.5

    Bumps guzzlehttp/guzzle from 7.2.0 to 7.4.5.

    Release notes

    Sourced from guzzlehttp/guzzle's releases.

    Release 7.4.5

    See change log for changes.

    Release 7.4.4

    See change log for changes.

    Release 7.4.3

    See change log for changes.

    Release 7.4.2

    See change log for changes.

    Release 7.4.1

    See change log for changes.

    Release 7.4.0

    See change log for changes.

    Release 7.3.0

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/guzzle's changelog.

    7.4.5 - 2022-06-20

    • Fix change in port should be considered a change in origin
    • Fix CURLOPT_HTTPAUTH option not cleared on change of origin

    7.4.4 - 2022-06-09

    • Fix failure to strip Authorization header on HTTP downgrade
    • Fix failure to strip the Cookie header on change in host or HTTP downgrade

    7.4.3 - 2022-05-25

    • Fix cross-domain cookie leakage

    7.4.2 - 2022-03-20

    Fixed

    • Remove curl auth on cross-domain redirects to align with the Authorization HTTP header
    • Reject non-HTTP schemes in StreamHandler
    • Set a default ssl.peer_name context in StreamHandler to allow force_ip_resolve

    7.4.1 - 2021-12-06

    Changed

    • Replaced implicit URI to string coercion #2946
    • Allow symfony/deprecation-contracts version 3 #2961

    Fixed

    • Only close curl handle if it's done #2950

    7.4.0 - 2021-10-18

    Added

    Fixed

    • Make sure we always call restore_error_handler() #2915
    • Fix progress parameter type compatibility between the cURL and stream handlers #2936
    • Throw InvalidArgumentException when an incorrect headers array is provided #2916, #2942

    Changed

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies php 
    opened by dependabot[bot] 0
Auto Image & file upload, resize and crop for Laravel eloquent model using Intervention image

Laravel ImageUp The qcod/laravel-imageup is a trait which gives you auto upload, resize and crop for image feature with tons of customization. Install

QCode.in 708 Dec 22, 2022
A Laravel Gravatar package for retrieving gravatar image URLs or checking the existance of an image.

Gravatar for Laravel 5.x, 6, 7 and 8 Installation First, pull in the package through Composer via the command line: composer require creativeorange/gr

Creativeorange 477 Dec 1, 2022
This plugin adds a new image style for the Core Image block.

This plugin adds a new image style for the Core Image block. Introduction How to use? Go to Gutenberg Editor and add a image block. e.g. Add new image

Mahesh Waghmare 3 Feb 17, 2022
A Sharex IMG uploader that runs with PHP | Use a hosting site if you're a beginner use 000webhost

Sharex-Img-Uploader A Sharex IMG uploader that runs with PHP | Use a hosting site if you're a beginner use 000webhost Setting up SXCU In YOUR_DOMAIN_U

Pix 10 Nov 26, 2022
Picasso is a Laravel Image Management and Optimization Package

Picasso is a Laravel Image Management and Optimization Package. Define image dimensions and options, store uploaded image in multiple dimensions with or without a watermark and retrieve optimized images on your website when needed.

Laravelista 82 Nov 24, 2022
This is an image manipulation REST API written in PHP Laravel Framework

Laravel Image Manipulation REST API Demo Here is fully working Demo: https://www.lobiimages.com/ You have to register first in order to generate acces

TheCodeholic 42 Dec 15, 2022
Manage your photos with Piwigo, a full featured open source photo gallery application for the web

Manage your photos with Piwigo, a full featured open source photo gallery application for the web. Star us on Github! More than 200 plugins and themes available. Join us and contribute!

Piwigo 1.8k Apr 14, 2022
PHP Image Manipulation

Intervention Image Intervention Image is a PHP image handling and manipulation library providing an easier and expressive way to create, edit, and com

null 13k Jan 3, 2023
PHP 5.3 Object Oriented image manipulation library

Imagine Tweet about it using the #php_imagine hashtag. Image manipulation library for PHP 5.3 inspired by Python's PIL and other image libraries. Requ

Bulat Shakirzyanov 4.3k Jan 6, 2023
Wonderfully easy on-demand image manipulation library with an HTTP based API.

Glide Glide is a wonderfully easy on-demand image manipulation library written in PHP. Its straightforward API is exposed via HTTP, similar to cloud i

The League of Extraordinary Packages 2.4k Dec 19, 2022
🌄 Perceptual image hashing for PHP

ImageHash A perceptual hash is a fingerprint of a multimedia file derived from various features from its content. Unlike cryptographic hash functions

Jens Segers 1.9k Dec 28, 2022
Image optimization / compression library. This library is able to optimize png, jpg and gif files in very easy and handy way. It uses optipng, pngquant, pngcrush, pngout, gifsicle, jpegoptim and jpegtran tools.

Image Optimizer This library is handy and very easy to use optimizer for image files. It uses optipng, pngquant, jpegoptim, svgo and few more librarie

Piotr Śliwa 879 Dec 30, 2022
:racehorse: find the size of an image without downloading the whole file. Supports batch requests.

FasterImage FasterImage finds the dimensions or filetype of a remote image file given its uri by fetching as little as needed, based on the excellent

Will Washburn 58 Nov 30, 2022
Extract colors from an image like a human would do.

ColorExtractor Extract colors from an image like a human would do. Install Via Composer $ composer require league/color-extractor:0.3.* Usage require

The League of Extraordinary Packages 1.2k Jan 1, 2023
php-gd based image templates

gdaisy A highly experimental image templating system based on PHP-GD to dynamically generate image banners and covers. Installation 1. Require erikahe

Erika Heidi 67 Nov 22, 2022
A simple page view counter that store data as text and shows data as a PNG image

Image Counter A simple page view counter that store data as text and shows the counter as a PNG image.

Victor Ribeiro 10 Apr 19, 2022
Grabs the dominant color or a representative color palette from an image. Uses PHP and GD, Imagick or Gmagick.

Color Thief PHP A PHP class for grabbing the color palette from an image. Uses PHP and GD or Imagick libraries to make it happen. It's a PHP port of t

Kevin Subileau 610 Dec 28, 2022
PHP library to easily edit image with GD extension. Resize, crop, merge, draw, and many more options !

PHP Image Editor PHP library to easily edit image with GD extension. Resize, crop, merge, draw, and many more options ! ✨ Supporting ⭐ Star this repos

Franck Alary 17 Nov 13, 2022
image sharing site made in PHP just for fun and freetime

2bart image sharing site made in PHP just for fun and freetime To-do list: upload system [DONE] ✔️ views system [DONE] ✔️ image list system [DONE] ✔️

goom 1 Oct 22, 2021