Audit your PHP version for known CVEs and patches

Overview

PHP Version Audit

PHP Version Audit Logo

Github Stars GitHub Workflow Status Packagist Version Docker Pulls license last commit commit activity

PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new releases, and end of life dates.

PHP Version Audit is not: exploit detection/mitigation, vendor-specific version tracking, a replacement for staying informed on PHP releases and security exploits.

Features:

  • List known CVEs for a given version of PHP
  • Check either the runtime version of PHP, or a supplied version
  • Display end-of-life dates for a given version of PHP
  • Display new releases for a given version of PHP with configurable specificity (latest/minor/patch)
    • Patch: 7.3.0 -> 7.3.33
    • Minor: 7.3.0 -> 7.4.27
    • Latest: 7.3.0 -> 8.1.1
  • Rules automatically updated twice a day. Information is sourced directly from php.net - you'll never be waiting on someone like me to merge a pull request before getting the latest patch information.
  • Multiple interfaces: CLI (via PHP Composer), Docker, direct code import
  • Easily scriptable for use with CI/CD workflows. All Docker/CLI outputs are in JSON format to be consumed with your favorite tools - such as jq.
  • Configurable exit conditions. Use CLI flags like --fail-security to set a failure exit code if the given version of PHP has a known CVE or is no longer receiving security updates.
  • Zero dependencies

Example:

docker run --rm -t lightswitch05/php-version-audit:latest --version=8.0.12
{
    "auditVersion": "8.0.12",
    "hasVulnerabilities": true,
    "hasSecuritySupport": true,
    "hasActiveSupport": true,
    "isLatestPatchVersion": false,
    "isLatestMinorVersion": false,
    "isLatestVersion": false,
    "latestPatchVersion": "8.0.14",
    "latestMinorVersion": "8.1.1",
    "latestVersion": "8.1.1",
    "activeSupportEndDate": "2022-11-26T00:00:00+0000",
    "securitySupportEndDate": "2023-11-26T00:00:00+0000",
    "rulesLastUpdatedDate": "2022-01-18T02:13:52+0000",
    "vulnerabilities": {
        "CVE-2021-21707": {
            "id": "CVE-2021-21707",
            "baseScore": 5.3,
            "publishedDate": "2021-11-29T07:15:00+0000",
            "lastModifiedDate": "2022-01-04T16:12:00+0000",
            "description": "In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended."
        }
    }
}

Usage

Docker

Running with docker is the preferred and easiest way to use PHP Version Audit.

Check a specific version of PHP using Docker:

docker run --rm -t lightswitch05/php-version-audit:latest --version=8.1.1

Check the host's PHP version using Docker:

docker run --rm -t lightswitch05/php-version-audit:latest --version=$(php -r 'echo phpversion();')

Run behind an HTTPS proxy (for use on restricted networks). Requires a volume mount of a directory with your trusted cert (with .crt extension) - see update-ca-certificates for more details.

docker run --rm -t -e https_proxy='https://your.proxy.server:port/' --volume /full/path/to/trusted/certs/directory:/usr/local/share/ca-certificates lightswitch05/php-version-audit:latest --version=8.1.1

CLI

Not using docker? Not a problem. It is a couple more steps, but it is just as easy to run directly.

Install the package via composer:

composer require lightswitch05/php-version-audit:~1.0

Execute the PHP script, checking the run-time version of PHP:

./vendor/bin/php-version-audit

Produce an exit code if any CVEs are found:

./vendor/bin/php-version-audit --fail-security

Direct Invocation

Want to integrate with PHP Version Audit? That's certainly possible. A word caution, this is a very early release. I do not have any plans for breaking changes, but I'm also not committed to keeping the interface as-is if there are new features to implement. Docker/CLI is certainly the preferred method over direct invocation.

$phpVersionAudit = new lightswitch05\PhpVersionAudit\Application(phpversion(), false);
$phpVersionAudit->hasVulnerabilities(); #=> true
$phpVersionAudit->getLatestPatchVersion(); #=> '8.1.1'

JSON Rules

The data used to drive PHP Version Audit is automatically updated on a regular basis and is hosted on GitHub pages. This is the real meat-and-potatoes of PHP Version Audit, and you can consume it directly for use in other tools. If you choose to do this, please respect the project license by giving proper attribution notices. Also, I ask any implementations to read the lastUpdatedDate and fail if it has become out of date (2+ weeks). This should not happen since it is automatically updated... but we all know how fragile software is.

Get the latest PHP 8.1 release version directly from the rules using curl and jq:

curl -s https://www.github.developerdan.com/php-version-audit/rules-v1.json | jq '.latestVersions["8.1"]'

Options

usage: php-version-audit        [--help] [--version=PHP_VERSION]
                                [--fail-security] [--fail-support]
                                [--fail-patch] [--fail-latest]
                                [--no-update] [--silent]
                                [--v]

optional arguments:
--help                          show this help message and exit.
--version                       set the PHP Version to run against. Defaults to the runtime version. This is required when running with docker.
--fail-security                 generate a 10 exit code if any CVEs are found, or security support has ended.
--fail-support                  generate a 20 exit code if the version of PHP no longer gets active (bug) support.
--fail-patch                    generate a 30 exit code if there is a newer patch-level release.
--fail-latest                   generate a 40 exit code if there is a newer release.
--no-update                     do not download the latest rules. NOT RECOMMENDED!
--silent                        do not write any error messages to STDERR.
--v                             Set verbosity. v=warnings, vv=info, vvv=debug. Default is error. All logging writes to STDERR.

Output

  • auditVersion: string - The version of PHP that is being audited.
  • hasVulnerabilities: bool - If the auditVersion has any known CVEs or not.
  • hasSecuritySupport: bool - If the auditVersion is still receiving security updates.
  • hasActiveSupport: bool - If the auditVersion is still receiving active support (bug updates).
  • isLatestPatchVersion: bool - If auditVersion is the latest patch-level release (8.0.x).
  • isLatestMinorVersion: bool - If auditVersion is the latest minor-level release (8.x.x).
  • isLatestVersion: bool - If auditVersion is the latest release (x.x.x).
  • latestPatchVersion: string - The latest patch-level version for auditVersion.
  • latestMinorVersion: string - The latest minor-level version for auditVersion.
  • latestVersion: string - The latest PHP version.
  • activeSupportEndDate: string|null - ISO8601 formatted date for the end of active support for auditVersion (bug fixes).
  • securitySupportEndDate: string - ISO8601 formatted date for the end of security support for auditVersion.
  • rulesLastUpdatedDate: string - ISO8601 formatted date for the last time the rules were auto-updated (twice a day)..
  • vulnerabilities: object - CVEs known to affect auditVersion with details about the CVE. CVE Details might be null for recently discovered CVEs.

Project Goals:

  • Always use update-to-date information and fail if it becomes too stale. Since this tool is designed to help its users stay informed, it must in turn fail if it becomes outdated.
  • Fail if the requested information is unavailable. ex. getting the support end date of PHP version 6.0, or 5.7.0. Again, since this tool is designed to help its users stay informed, it must in turn fail if the requested information is unavailable.
  • Work in both open and closed networks (as long as the tool is up-to-date).
  • Minimal footprint and dependencies.
  • Runtime support for the oldest supported version of PHP. If you are using this tool with an unsupported version of PHP, then you already have all the answers that this tool can give you: Yes, you have vulnerabilities and are out of date. Of course that is just for the run-time, it is still the goal of this project to supply information about any reasonable version of PHP.

Acknowledgments & License

  • This project is released under the Apache License 2.0.
  • The accuracy of the information provided by this project cannot be verified or guaranteed. All functions are provided as convenience only and should not be used for reliability, accuracy, or punctuality.
  • The logo was created using Colin Viebrock's PHP Logo as the base image, released under Creative Commons Attribution-Share Alike 4.0 International. The logo has been modified from its original form to include overlay graphics.
  • This project and the use of the modified PHP logo is not endorsed by Colin Viebrock.
  • This project and the use of the PHP name is not endorsed by The PHP Group.
  • CVE details and descriptions are downloaded from National Institute of Standard and Technology's National Vulnerability Database. This project and the use of CVE information is not endorsed by NIST or the NVD. CVE details are provided as convenience only. The accuracy of the information cannot be verified.
  • PHP release details and support dates are parsed from ChangeLogs (4, 5, 7, 8) as well as Supported Versions and EOL dates. The accuracy of the information cannot be verified.
Comments
  • Update minimum PHP version to 7.3 and other fixes

    Update minimum PHP version to 7.3 and other fixes

    Hello,

    This is a nice project you have here, congrats! :)

    Here is my modest contribution. The changeset is bigger than first intended, but worth it IMHO.

    • Bump minimum PHP version to 7.3 7.2 active support ended 4 months ago, there is no need to support it anymore. This also allows us to use PHP 7.3 features like JSON_THROW_ON_ERROR.

    • Update composer dependencies Because we are now using 7.3, we can update a few dependencies to their latest version.

    • Use strict comparison

    • Fix docblocks (these were found with phpstan at max level)

    • Use JSON_THROW_ON_ERROR and set max recursion depth

    • Use cast to int instead of intval

    It's not often that PHP projects use phpstan and psalm. Here is a third one that I think you'll like: rector. I have added a config file (directly copied from my main project) and commands in Makefile so it's easy to use. I chose to use Docker instead of adding rector as a dependency, as it looks like you embraced docker ;)

    • Add rector config file
    • Add rector make commands (rector and rector-dry)

    First use make rector-dry to see what it would modify, and if you like it use make rector so the modifications are done by rector.

    Cheers, ~Nico

    enhancement 
    opened by NicolasCARPi 3
  • Take OS into account

    Take OS into account

    Right now the command will fail if there are any CVE for the current PHP version. But some CVE only apply to a specific OS. It would be nice if there was a flag that would allow me to ignore CVE that do not apply to my current OS.

    enhancement 
    opened by Zae 3
  • Bump vimeo/psalm from 5.1.0 to 5.3.0

    Bump vimeo/psalm from 5.1.0 to 5.3.0

    Bumps vimeo/psalm from 5.1.0 to 5.3.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    5.3.0

    What's Changed

    Features

    Fixes

    Docs

    Internal changes

    New Contributors

    Full Changelog: https://github.com/vimeo/psalm/compare/5.2.0...5.3.0

    5.2.0

    What's Changed

    Features

    Fixes

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump vimeo/psalm from 5.1.0 to 5.2.0

    Bump vimeo/psalm from 5.1.0 to 5.2.0

    Bumps vimeo/psalm from 5.1.0 to 5.2.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    5.2.0

    What's Changed

    Features

    Fixes

    Internal changes

    Typos

    New Contributors

    Full Changelog: https://github.com/vimeo/psalm/compare/5.1.0...5.2.0

    Commits
    • fb685a1 Merge pull request #8890 from weirdan/enum-forbidden-methods
    • 9db0eb3 InvalidEnumMethod requires PHP8.1+
    • 19a1005 Forbid most magic methods on enums
    • ca0b2a1 Merge pull request #8883 from weirdan/unused-messages-duplicates
    • 32eaf12 Prevent duplicate (Possibly)UnusedMethod/(Possibly)UnusedProperty
    • 114552f Merge pull request #8882 from theofidry/feature/update-cpu-core-counter
    • 4a6bfea Upgrade CpuCoreCounter
    • ef02ded Merge pull request #8833 from theofidry/feature/cpu-counter
    • af549fa Merge pull request #8854 from kkmuffme/fix-unsafe-file_get_contents
    • 2a45f18 Merge pull request #8870 from lptn/add-missing-sodium-functions
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump vimeo/psalm from 4.29.0 to 5.0.0

    Bump vimeo/psalm from 4.29.0 to 5.0.0

    Bumps vimeo/psalm from 4.29.0 to 5.0.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    Psalm 5

    Welcome to Psalm 5!

    There's an accompanying post on psalm.dev, written by @​muglug & the current maintainers of Psalm.

    What's Changed

    Removed

    Features

    ... (truncated)

    Commits
    • 4e177bf Merge pull request #8790 from malarzm/patch-1
    • 7877570 Remove CallMapTest.php from Psalm self-analysis
    • 28188d1 Remove unfinished sentence
    • 6fff6df Merge pull request #8788 from weirdan/fix-xml-report-crashes-on-8.1
    • 874eb7d Fix crashes when XML report is used on PHP 8.1
    • 9d597cf Merge pull request #8782 from weirdan/check-runtime-requirements
    • 94dac9f Merge pull request #8783 from weirdan/bump-slevomat-coding-standard
    • ed36f2c Bump slevomat/coding-standard
    • 8fa35c2 Variables should outlive namespaces (#8779)
    • 05b8e0e Replace all references to static variables when moving class (#8780)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump vimeo/psalm from 4.29.0 to 4.30.0

    Bump vimeo/psalm from 4.29.0 to 4.30.0

    Bumps vimeo/psalm from 4.29.0 to 4.30.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    4.30.0

    What's Changed

    Features

    Fixes

    Internal changes

    New Contributors

    Full Changelog: https://github.com/vimeo/psalm/compare/4.29.0...4.30.0

    Commits
    • d0bc6e2 Merge pull request #8677 from orklah/openssl
    • 398cf99 revert wrong commit
    • 74111a3 adding openssl_x509_verify
    • b48a713 Merge pull request #8676 from othercorey/fix-return-callmap
    • b87ebd6 Fix assert testing callmap return types
    • 0e1c638 Merge pull request #8666 from weirdan/remove-argc-argv-from-env
    • 81423dc Remove argc and argv elements from $_ENV
    • 1e454fa Merge pull request #8644 from neclimdul/SplFile-getSize
    • a1f40c9 Fix Spl file handling signatures
    • 3daad0c Merge pull request #8652 from VincentLanglet/improveSerializeSupport
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump codeception/codeception from 5.0.3 to 5.0.4

    Bump codeception/codeception from 5.0.3 to 5.0.4

    Bumps codeception/codeception from 5.0.3 to 5.0.4.

    Release notes

    Sourced from codeception/codeception's releases.

    5.0.4

    • Execute FailFast subscriber before module _failed hooks #6586 by @​yesdevnull
    • Fixed parsing of @​skip annotation #6596
    • Undeprecated untyped method arguments in Cest format #6591
    • Removed unnecessary overrides of $resultAggregator property in Unit format and TestCaseWrapper #6590
    • Print failure/error/warning/skipped/incomplete messages in HTML reports #6595
    • Fixed counting of successful tests #6595
    Changelog

    Sourced from codeception/codeception's changelog.

    5.0.4

    • Execute FailFast subscriber before module _failed hooks #6586 by @​yesdevnull
    • Fixed parsing of @​skip annotation #6596
    • Undeprecated untyped method arguments in Cest format #6591
    • Removed unnecessary overrides of $resultAggregator property in Unit format and TestCaseWrapper #6590
    • Print failure/error/warning/skipped/incomplete messages in HTML reports #6595
    • Fixed counting of successful tests #6595
    Commits
    • e3a6988 5.0.4
    • 9be8431 Merge pull request #6595 from Codeception/display-failure-message-in-html-report
    • 5836574 Merge pull request #6591 from Codeception/undeprecate-positional-cest-parameters
    • d2e403f Merge pull request #6590 from Codeception/result-aggregator-cleanup
    • 3ce5e0d Fixed counting of successful tests
    • d55e5c3 Merge pull request #6596 from Codeception/fix-parsing-of-skip-annotation
    • 0b946e6 Print failure/error/warning/skipped/incomplete messages in HTML reports
    • 2875730 Fix parsing of skip annotation
    • 46f2aa2 Undeprecate untyped method arguments in Cest format
    • 3c27deb Don't override resultAggregator property in test formats
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump vimeo/psalm from 4.27.0 to 4.28.0

    Bump vimeo/psalm from 4.27.0 to 4.28.0

    Bumps vimeo/psalm from 4.27.0 to 4.28.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    4.28.0

    What's Changed

    Features

    Fixes

    Docs

    Internal changes

    New Contributors

    Full Changelog: https://github.com/vimeo/psalm/compare/4.27.0...4.28.0

    Commits
    • 52e96be Merge pull request #8542 from gphargreaves/class-constant-named-class
    • 41a6afd Add check for const with reserved word class
    • b6ddcdf Merge pull request #8537 from ppdeblieck/stubfix
    • 15453d4 Removed imap_delete and imap_undelete from the ignoredFunctions list.
    • ea5c2a1 Changed signature of imap_undelete in 8.1 delta
    • f1d1721 Fixed function signatures of imap_delete and imap_undelete
    • 6051ae7 Merge pull request #8530 from hamburnyog/add-more-int-type-aliases
    • 0c3a62b Update args
    • ae426a0 Remove irrelevant types, use keep aliases
    • 04c9fe8 Arrange use statements alphabetically again
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump vimeo/psalm from 4.22.0 to 4.27.0

    Bump vimeo/psalm from 4.22.0 to 4.27.0

    Bumps vimeo/psalm from 4.22.0 to 4.27.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    4.27.0

    What's Changed

    Features

    Fixes

    Internal changes

    Typos

    New Contributors

    Full Changelog: https://github.com/vimeo/psalm/compare/4.26.0...4.27.0

    4.26.0

    What's Changed

    This release fix an regression introduced in the last version. Upgrade is recommended

    Fixes

    Full Changelog: https://github.com/vimeo/psalm/compare/4.25.0...4.26.0

    4.25.0

    What's Changed

    Features

    ... (truncated)

    Commits
    • faf106e Merge pull request #8444 from SCIF/bugfix-8439
    • d709728 trim(), ltrim(), rtrim() now keep lowercase string attribute
    • 1eeea7c Merge pull request #8428 from den-kuz/4.x
    • 2fdcd5a Merge pull request #8436 from TimWolla/attribute-target
    • 3c2018a Configure a correct attribute target in stubs/CoreGenericClasses.phpstub
    • 88d3382 Merge pull request #8435 from VincentLanglet/arrayReduce
    • 6bc714c Add support for callable in array_reduce
    • 034a796 Merge pull request #8431 from LeSuisse/bin2hex-base64-stub
    • 4b1adaa Allow *bin2hex and *bin2base64 functions to keep non-empty-string type
    • 93a293c Allow any attribute for complex types in schema
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump codeception/codeception from 4.1.31 to 4.2.2

    Bump codeception/codeception from 4.1.31 to 4.2.2

    Bumps codeception/codeception from 4.1.31 to 4.2.2.

    Release notes

    Sourced from codeception/codeception's releases.

    4.2.2

    • Propagate --ext and --override parameters to included test suites (#6536)
    • Fixed false negative message about stecman/symfony-console-completion package (#6541)

    4.2.1

    • Execute setupBeforeClass/tearDownAfterClass only once (#6481)
    • Handle action with intersection return type correctly in dry-run command

    4.2.0

    • Improved multi-application experience, allow filtering suites by name (#6435) by @​calvinalkan
    • Configuration override is passed to included suites (#5978) by @​calvinalkan
    • Made dry-run command work with module methods having return types (#6470)
    • Support for expectError/Warning/Notice/Deprecation methods in unit tests (Requires PHPUnit 8.4+)
    • Implemented new setting convert_deprecations_to_exceptions (#6469)
    • Action file generator: Do not return when return type is never (#6462)
    • Backported test.useless event from Codeception 5.0 (#6459)
    Changelog

    Sourced from codeception/codeception's changelog.

    4.2.2

    • Propagate --ext and --override parameters to included test suites (#6536)
    • Fixed false negative message about stecman/symfony-console-completion package (#6541)

    4.2.1

    • Execute setupBeforeClass/tearDownAfterClass only once (#6481)
    • Handle action with intersection return type correctly in dry-run command

    4.2.0

    • Improved multi-application experience, allow filtering suites by name (#6435) by @​calvinalkan
    • Configuration override is passed to included suites (#5978) by @​calvinalkan
    • Made dry-run command work with module methods having return types (#6470)
    • Support for expectError/Warning/Notice/Deprecation methods in unit tests (Requires PHPUnit 8.4+)
    • Implemented new setting convert_deprecations_to_exceptions (#6469)
    • Action file generator: Do not return when return type is never (#6462)
    • Backported test.useless event from Codeception 5.0 (#6459)
    Commits
    • b88014f 4.2.2
    • c53401d Propagate --ext and --override parameters to included test suites (#6536)
    • 83f6f7b Fixed false negative message about stecman/symfony-console-completion packege
    • 0ce6194 update links (#6544)
    • 30c5ed8 CI: Bump COMPOSER_ROOT_VERSION in 4.2 branch
    • 77b3e20 4.2.1
    • 2bc7b3d Merge pull request #6481 from Codeception/4.2-execute-before-after-class-hook...
    • a9a4c27 Execute before/after class hooks only once
    • 0f93270 RunCest: Improve data provider output of html report tests
    • 71ab0a1 Handle intersection return type correctly in dry-run
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump vimeo/psalm from 4.22.0 to 4.26.0

    Bump vimeo/psalm from 4.22.0 to 4.26.0

    Bumps vimeo/psalm from 4.22.0 to 4.26.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    4.26.0

    What's Changed

    This release fix an regression introduced in the last version. Upgrade is recommended

    Fixes

    Full Changelog: https://github.com/vimeo/psalm/compare/4.25.0...4.26.0

    4.25.0

    What's Changed

    Features

    Fixes

    Internal changes

    New Contributors

    ... (truncated)

    Commits
    • 6998fab Merge pull request #8349 from VincentLanglet/formatCurrency
    • 90ac39d Fix formatCurrency return type
    • dcc6636 Merge pull request #8344 from mathroc/chore/update-ReflectionProperty-getValu...
    • 14241d7 ReflectionProperty::getValue $object is nullable since php 8.0
    • 1482643 Merge pull request #8341 from someniatko/issue-7731
    • 0abde25 #7731 - recognize @psalm-allow-private-mutation in PHP 8+ constructors
    • 489706b Merge pull request #8335 from someniatko/issue-8330
    • 0c652f7 #8330 - take into account that static type may have been unwrapped in Exist...
    • d7cd84c Merge pull request #8302 from kkmuffme/fix-cache-directory-race-conditions
    • 0b482ac Merge pull request #8312 from fluffycondor/dateperiod-stub
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump codeception/codeception from 5.0.5 to 5.0.6

    Bump codeception/codeception from 5.0.5 to 5.0.6

    Bumps codeception/codeception from 5.0.5 to 5.0.6.

    Release notes

    Sourced from codeception/codeception's releases.

    5.0.6

    • Fixed canSee assertions in Unit format #6610
    • tryTo methods must return boolean result #6614
    • Fixed various issues with handling of @skip and @incomplete annotations and attributes in Cest format #6617
    • Stopped adding __mocked field to mocks created by Stub library #6620
    • Fixed deprecated string syntax in Run command #6618 by @​shtiher-pp
    Changelog

    Sourced from codeception/codeception's changelog.

    5.0.6

    • Fixed canSee assertions in Unit format #6610
    • tryTo methods must return boolean result #6614
    • Fixed various issues with handling of @skip and @incomplete annotations and attributes in Cest format #6617
    • Stopped adding __mocked field to mocks created by Stub library #6620
    • Fixed deprecated string syntax in Run command #6618 by @​shtiher-pp
    Commits
    • 994ca6c 5.0.6
    • c437596 Merge pull request #6620 from Codeception/stop-using-__mocked-field-in-stub
    • eca91d5 Stop using __mocked field in objects created by Stub library
    • a6e6dab Remove unnecessary configuration from codeception.yml
    • 3722779 Delete skipped tests from ModuleContainerTest
    • b5668e5 Declare tester property in Unit test classes
    • ab7a6ea Fixed deprecated string syntax in Run command
    • f59570c Merge pull request #6617 from Codeception/fix-skip-issues
    • 7f62fe1 Fix bugs of skip annotation and attribute
    • 8da5932 Tests for skip annotation and attribute
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump vimeo/psalm from 5.1.0 to 5.4.0

    Bump vimeo/psalm from 5.1.0 to 5.4.0

    Bumps vimeo/psalm from 5.1.0 to 5.4.0.

    Release notes

    Sourced from vimeo/psalm's releases.

    5.4.0

    What's Changed

    Features

    Fixes

    Internal changes

    Full Changelog: https://github.com/vimeo/psalm/compare/5.3.0...5.4.0

    5.3.0

    What's Changed

    Features

    Fixes

    Docs

    Internal changes

    New Contributors

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
This package provides a wrapper for Google Lighthouse to audit the quality of web pages with Laravel.

laravel-google-lighthouse This package is based on octoper/lighthouse-php. This package provides a wrapper for Google Lighthouse to audit the quality

Logiek 5 Jun 1, 2022
Patches that prevent malicious Minecraft plugins from saturating host internet resources for DDoS.

Minecraft Host DoS Botnet Patches Patches that prevent malicious Minecraft plugins from saturating host internet resources for DDoS. In recent events,

Riley Nevins 4 Jul 16, 2022
Simple patches plugin for Composer

composer-patches Simple patches plugin for Composer. Applies a patch from a local or remote file to any package required with composer. Support notes

Cameron Eagans 1.3k Jan 5, 2023
As many Magento patches as I can find!

Magento Resources and Links I have been looking for a good repository for all resources for Magento and I thought I will start putting them here for n

Brent W. Peterson 271 Dec 22, 2022
Composer plugin for applying patches from packaged patchsets

Composer Plugin For Applying Patchsets ‼️ NEW Supports both composer branches v1.x and v2.x. This plugin can automatically apply patches to any depend

MageOps 6 Dec 26, 2022
Plugin for composer to apply patches onto dependencies.

composer-patches-plugin This plugin allows you to provide patches for any package from any package. If you don't want a patch package outside the root

Netresearch 75 Aug 7, 2022
SPAM Registration Stopper is a Q2A plugin that prevents highly probable SPAM user registrations based on well-known SPAM checking services and other techniques

SPAM Registration Stopper [by Gabriel Zanetti] Description SPAM Registration Stopper is a Question2Answer plugin that prevents highly probable SPAM us

Gabriel Zanetti 2 Jan 23, 2022
PHP Class Encoding featuring popular Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strings.

forceutf8 PHP Class Encoding featuring popular \ForceUTF8\Encoding::toUTF8() function --formerly known as forceUTF8()-- that fixes mixed encoded strin

Sebastián Grignoli 1.6k Dec 22, 2022
Version is a library that helps with managing the version number of Git-hosted PHP projects

Version Version is a library that helps with managing the version number of Git-hosted PHP projects. Installation You can add this library as a local,

Sebastian Bergmann 6.3k Dec 26, 2022
List of Magento extensions with known security issues.

Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software

Sansec 184 Dec 7, 2022
RMT is a handy tool to help releasing new version of your software

RMT - Release Management Tool RMT is a handy tool to help releasing new versions of your software. You can define the type of version generator you wa

Liip 442 Dec 8, 2022
This is the US hardened version of PHP-Nuke Titanium and is secure and safe

This is the US hardened version of PHP-Nuke Titanium and is secure and safe. Built on PHP Version 7.4.30 - Forums - Blogs - Projects - Advanced Site Map - Web Links - Groups - Advanced Theme Support - Downloads - Advertising - Network Advertising - Link Back System - FAQ - Bookmark Vault - Private Virtual Cemetery - Loan Amortization - Image Hosting

Ernest Allen Buffington (The Ghost) 12 Dec 25, 2022
Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery

Mobile App Version Get mobile app version and other related data from Google Play Store, Apple App Store and Huawei AppGallery. Installation Add to co

Omer Salaj 11 Mar 15, 2022
Simplified and enhanced version of php built-in enum.

PHP Enum enhanced Finally, in php81 has been added support for Enums. But as enums are new in php, we do not have some helpers to work with that easil

Lazizbek Ergashev 40 Nov 20, 2022
Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.

Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas

Aristi_Papastavrou 11 Apr 23, 2022
The light version of NexoPOS 4.x, which is a web-Based Point Of Sale (POS) System build with Laravel, TailwindCSS, and Vue.Js.

About NexoPOS 4.x NexoPOS 4 is a free point of sale system build using Laravel, TailwindCSS, Vue and other open-source resources. This POS System focu

Blair Jersyer 402 Jan 7, 2023
A highly compressed version of the magento 1.9 sample data and a script to create it.

Compressed Magento 1.9 Sample Data The following variations are available: 65M compressed-magento-sample-data-1.9.2.4.tgz 64M compressed-magento-sampl

Vinai Kopp 120 Sep 9, 2022
A PHP library for creating EDI 837 claim equivalent to paper-claim 1500. EDI X12 ANSI 837 File 5010 Version

EDI X12 ANSI 5010 PHP Library for creating EDI X12 ANSI 837 File 5010 Version A Simple PHP function for creating an EDI X12 ANSI 837 file version 0050

WalksWithMe 7 Jan 3, 2023
An improved version of the PHP port of KuzuhaScript

KuzuhaScriptPHP+ (くずはすくりぷとPHP+) An improved version of the PHP port of KuzuhaScript (くずはすくりぷと). To my knowledge, it works with PHP version 4.1.0 and a

Heyuri 4 Nov 16, 2022