PHP Framework Benchmark

Overview

PHP Framework Benchmark

This project attempts to measure minimum overhead (minimum bootstrap cost) of PHP frameworks in the real world.

So I think the minimum applications to benchmark should not include:

  • cost of template engine (HTML output)
  • cost of database manipulation
  • cost of debugging information

Components like Template engine or ORM/Database libraries are out of scope in this project.

Benchmarking Policy

This is master branch.

  • Install a framework according to the official documentation.
  • Use the default configuration.
    • Don't remove any components/configurations even if they are not used.
    • With minimum changes to run this benchmark.
  • Set environment production/Turn off debug mode.
  • Run optimization which you normally do in your production environment, like Composer's --optimize-autoloader.
  • Use controller or action class if a framework has the functionality.

Some people may think using default configuration is not fair. But I think a framework's default configuration is an assertion of what it is. Default configuration is a good starting point to know a framework. And I can't optimize all the frameworks. Some frameworks are optimized, some are not, it is not fair. So I don't remove any components/configurations.

But if you are interested in benchmarking with optimization (removing components/configurations which are not used), See optimize branch.

If you find something wrong with my code, please feel free to send Pull Requests. But please note optimizing only for "Hello World" is not acceptable. Building fastest "Hello World" application is not the goal in this project.

Results

Benchmarking Environment

  • CentOS 6.8 64bit (VM; VirtualBox)
    • PHP 5.6.30 (Remi RPM)
      • Zend OPcache v7.0.6-dev
    • Apache 2.2

Hello World Benchmark

These are my benchmarks, not yours. I encourage you to run on your (production equivalent) environments.

(2017/02/14)

Benchmark Results Graph

framework requests per second relative peak memory relative
siler-0.6 2,069.69 20.3 0.25 1.0
kumbia-1.0-dev 1,753.60 17.2 0.29 1.2
staticphp-0.9 1,665.28 16.3 0.27 1.1
phalcon-2.0 1,618.39 15.9 0.26 1.1
tipsy-0.10 1,376.97 13.5 0.32 1.3
fatfree-3.5 965.16 9.5 0.41 1.7
ci-3.0 753.09 7.4 0.42 1.7
nofuss-1.2 667.24 6.5 0.40 1.6
slim-3.0 550.43 5.4 0.61 2.5
bear-1.0 502.52 4.9 0.73 3.0
lumen-5.1 415.57 4.1 0.85 3.5
yii-2.0 410.08 4.0 1.32 5.4
ze-1.0 403.34 4.0 0.75 3.1
cygnite-1.3 369.12 3.6 0.71 2.9
fuel-1.8 344.26 3.4 0.63 2.6
silex-2.0 342.81 3.4 0.78 3.2
phpixie-3.2 267.24 2.6 1.25 5.1
aura-2.0 233.54 2.3 0.88 3.6
cake-3.2 174.91 1.7 1.95 7.9
zf-3.0 133.87 1.3 2.24 9.1
symfony-3.0 131.50 1.3 2.18 8.9
laravel-5.3 101.94 1.0 2.83 11.5

Note(1): All the results are run on php with phalcon.so and ice.so. If you don't load phalcon.so or ice.so, the rps except for Phalcon or Ice probably increase a bit.

Note(2): This benchmarks are limited by ab performance. See #62.

How to Benchmark

If you want to benchmark PHP extension frameworks like Phalcon, you need to install the extenstions.

Install source code as http://localhost/php-framework-benchmark/:

$ git clone https://github.com/kenjis/php-framework-benchmark.git
$ cd php-framework-benchmark
$ bash setup.sh

Run benchmarks:

$ bash benchmark.sh

See http://localhost/php-framework-benchmark/.

If you want to benchmark some frameworks:

$ bash setup.sh fatfree-3.5/ slim-3.0/ lumen-5.1/ silex-1.3/
$ bash benchmark.sh fatfree-3.5/ slim-3.0/ lumen-5.1/ silex-1.3/

Linux Kernel Configuration

I added below in /etc/sysctl.conf

# Added
net.netfilter.nf_conntrack_max = 100000
net.nf_conntrack_max = 100000
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 10

and run sudo sysctl -p.

If you want to see current configuration, run sudo sysctl -a.

Apache Virtual Host Configuration

<VirtualHost *:80>
  DocumentRoot /home/vagrant/public
</VirtualHost>

References

Other Benchmarks

Comments
  • Why my Lumen is so much slower than Taylor's?

    Why my Lumen is so much slower than Taylor's?

    According to http://taylorotwell.com/how-lumen-is-benchmarked/ :

    | framework | requests per second | | --- | --: | | Slim 2 | 1700-1800 | | Lumen | 1800-1900 | | Slim 3 | 1200-1300 |

    • Lumen is a bit faster than Slim2.

    But my benchmarks (2015/04/15) :

    | framework | requests per second | | --- | --: | | slim-2.6 | 774.31 | | lumen-5.0 | 372.07 |

    • Slim2 is about two times faster than Lumen.

    I've found some differences in code, but overall benchmarking methodology seems to be the same.

    don’t be surprised if your numbers are different than my numbers.

    Yes, benchmarking environments change numbers. But the difference (relatively to Slim2) is too much, isn't it?

    I simply want to know why. What makes the huge difference?

    opened by kenjis 80
  • Small changes related to CakePHP best practices and performance tweaks

    Small changes related to CakePHP best practices and performance tweaks

    I have made a few changes to correct how the frameworks was being used, specially echoing in the controller which is not an accepted practice in the community.

    I have also made some slight changes for performance in a way that they are still fair to the other frameworks in this repository:

    • Only connected a single route. The majority of the other framework samples only had 1 route.
    • Removed development plugins, there is no need for them
    • Removed the development oriented "AssetsDispatcher". That's an usual common practice before going live.
    • Removed the use of unused component in the application, loading code that is not needed by default is not something you would do in a normal application.
    opened by lorenzo 21
  • Phalcon benchmarking!

    Phalcon benchmarking!

    Hi Kenjis,

    I have a question about Phalcon Benchmarking. Since we haven't installed the extension of Phalcon and we haven't configured anything on our server, how can then phalcon run? If you read the documentation of Phalcon https://docs.phalconphp.com/en/latest/index.html you know what I mean. So my question is Phalcon benchmarking legitimate? Personally I don't know, but when I have tried to open the link of the phalcon-2.0 app that being generated after I run the benchmark, I got an error and I couldn't open the link : http://127.0.0.1/php-framework-benchmark/phalcon-2.0/public/index.php?_url=/hello/index

    Thanks,

    Peshmerge

    opened by peshmerge 13
  • Improved the Symfony application configuration

    Improved the Symfony application configuration

    @kenjis thanks for creating this benchmark of PHP frameworks and thanks for including Symfony in it.

    I was checking the configuration of the tested Symfony application and I realized that it's not correct. The problem is that right now Symfony is loading a lot of things that are unneeded for the benchmark (database access, logs, emails, etc.)

    I propose you the changes included in this pull request to disable anything that Symfony doesn't need to run the test. I'd be great if you could accept this pull request and re-run the benchmark tests. If you have any question about these changes, please ask me. Thanks!

    opened by javiereguiluz 11
  • Compare against using no framework at all and use it as base for the relative results

    Compare against using no framework at all and use it as base for the relative results

    This approach is used here: https://github.com/Big-Shark/forked-php-orm-benchmark#results and makes sense because what most really want to know is how much slower your app becomes by using a framework vs plain php.

    This would make it easier to compare against different benchmarking environments as well. Also, it would make it less important whether or not phalcon.so was loaded or not.

    opened by motin 6
  • Can you explain what the parameters for the benchmarks are?

    Can you explain what the parameters for the benchmarks are?

    First of all thank you very much for making such a great tool to benchmark all the php-frameworks. I have question about the bash script located in _functions.sh this ab -c 10 -t 3 "$url" > "$ab_log" do the actual test. It's not clear for me how many request per seconds are sent to the framework. I have read the documentation about ab and we should specify the amount of requests with -n. I didn't see that in your benchmarking, correct me if I am wrong, please! :+1:

    Please can you maybe explain what you are doing? I mean how much request or maybe how many concurrent users.

    I have ran the benchmark for Symfony 3.0 and Laravel5.2 and I got the following results.

    screenshot_3

    What I don't understand what does memory usage here mean? I mean I didn't know how many requests are sent and also what the is relation between theses results. For example Symfony could handle 639 rps and has spent 7.879 ms with 2.92 MB memory usage. 214 files were included.

    This is specifications of my laptop where I have done the benchmark. screenshot_3

    These are the results: screencapture-127-0-1-1-php-framework-benchmark-1461243921694 The number beside the framework name is the amount of (rps, mb of ms) I did that because I wanted to make a screenshot for the page. Otherwise you should save it as a html page and hover on it with your mouse to be able to see the amount.

    Here info about the version of apache and php screenshot_1

    screenshot_2

    opened by peshmerge 5
  • Add number of included files

    Add number of included files

    What do you think about adding info about included files?

    printf(
        "\n%' 8d:%f:%f",
        memory_get_peak_usage(true),
        microtime(true) - $_SERVER['REQUEST_TIME_FLOAT'],
        count(get_included_files())
    );
    
    opened by mruz 4
  • Zend Framework 2.4 basic optimization

    Zend Framework 2.4 basic optimization

    Based on: http://blog.hock.in/2014/05/14/maximising-performance-in-zf2-phpuk/ http://www.masterzendframework.com/performance-2/classmap-autoloader http://hounddog.github.io/blog/performance-in-zend-framework-2/

    opened by jorelcb 4
  • Add a control case?

    Add a control case?

    I think the comparison could gain some useful context if you added a plain vanilla php file to the mix. Since the goal is to see how much overhead is placed on a request, having a control case of no overhead at all gives a clear baseline for the capabilities of the testing hardware.

    opened by Twipped 4
  • Adding another framework

    Adding another framework

    I'm in the process of writing my own micro-framework mainly for learning purposes and to test different functionalities, my goal is to get to the most optimized end product possible. Although it's really messy at the moment and has barely any functionality (list of functionalities available in my repo), I'd like to know how many requests it could handle per second. Unfortunately I cannot setup a Linux environment and run the benchmark on my personal computer so I'd really appreciate it if you could add this to your benchmarks and update the repo, my micro-framework is open source and available here: https://github.com/snopboy/Sporter

    Thanks in advance, I really appreciate it.

    opened by snopboy 3
  • Bump twig/twig from 1.18.0 to 1.44.7 in /bear-0.10

    Bump twig/twig from 1.18.0 to 1.44.7 in /bear-0.10

    Bumps twig/twig from 1.18.0 to 1.44.7.

    Changelog

    Sourced from twig/twig's changelog.

    1.44.7 (2022-09-28)

    • Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

    1.44.6 (2021-11-25)

    • Last version for the 1.x series

    1.44.5 (2021-09-17)

    • Improve compatibility with PHP 8.1
    • Explicitly specify the encoding for mb_ord in JS escaper

    1.44.4 (2021-05-16)

    • Revert "Throw a proper exception when a template name is an absolute path (as it has never been supported)"

    1.44.3 (2021-05-12)

    • Fix PHP 8.1 compatibility
    • Throw a proper exception when a template name is an absolute path (as it has never been supported)

    1.44.2 (2021-01-05)

    • Fix "odd" not working for negative numbers

    1.44.1 (2020-10-27)

    • Fix "include(template_from_string())"

    1.44.0 (2020-10-21)

    • Remove implicit dependency on ext/iconv in JS escaper
    • Fix sandbox support when using "include(template_from_string())"
    • Make round brackets optional for one argument tests like "same as" or "divisible by"
    • Add support for ES2015 style object initialisation shortcut { a } is the same as { 'a': a }
    • Fix filter(), map(), and reduce() to throw a RuntimeError instead of a PHP TypeError
    • Drop PHP 7.1 support

    1.43.1 (2020-08-05)

    • Fix sandbox not disabled if syntax error occurs within {% sandbox %} tag
    • Fix a regression when not using a space before an operator
    • Restrict callables to closures in filters
    • Allow trailing commas in argument lists (in calls as well as definitions)

    1.43.0 (2020-07-05)

    • Throw exception in case non-Traversable data is passed to "filter"
    • Fix context optimization on PHP 7.4

    ... (truncated)

    Commits
    • 0887422 Prepare the 1.44.7 release
    • 35f3035 security #cve- Fix a security issue on filesystem loader (possibility to load...
    • f800934 Fix a security issue on filesystem loader (possibility to load a template out...
    • ae39480 Prepare the last release for the 1.x series
    • 7e5ba95 minor #3584 Fix emphasis on compiler to bold styling (jonnyeom)
    • 97ae3c8 Fix emphasis on compiler to bold styling
    • 8bab813 minor #3570 Update .gitattributes to exclude non-dist files (kaznovac)
    • 92766d0 Update .gitattributes to exclude non-dist files
    • 3a18bb3 Fix CS
    • 212e49b minor #3563 Missing Environment and LoaderInterface (remicollet)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump twig/twig from 1.31.0 to 1.44.7 in /cygnite-1.3

    Bump twig/twig from 1.31.0 to 1.44.7 in /cygnite-1.3

    Bumps twig/twig from 1.31.0 to 1.44.7.

    Changelog

    Sourced from twig/twig's changelog.

    1.44.7 (2022-09-28)

    • Fix a security issue on filesystem loader (possibility to load a template outside a configured directory)

    1.44.6 (2021-11-25)

    • Last version for the 1.x series

    1.44.5 (2021-09-17)

    • Improve compatibility with PHP 8.1
    • Explicitly specify the encoding for mb_ord in JS escaper

    1.44.4 (2021-05-16)

    • Revert "Throw a proper exception when a template name is an absolute path (as it has never been supported)"

    1.44.3 (2021-05-12)

    • Fix PHP 8.1 compatibility
    • Throw a proper exception when a template name is an absolute path (as it has never been supported)

    1.44.2 (2021-01-05)

    • Fix "odd" not working for negative numbers

    1.44.1 (2020-10-27)

    • Fix "include(template_from_string())"

    1.44.0 (2020-10-21)

    • Remove implicit dependency on ext/iconv in JS escaper
    • Fix sandbox support when using "include(template_from_string())"
    • Make round brackets optional for one argument tests like "same as" or "divisible by"
    • Add support for ES2015 style object initialisation shortcut { a } is the same as { 'a': a }
    • Fix filter(), map(), and reduce() to throw a RuntimeError instead of a PHP TypeError
    • Drop PHP 7.1 support

    1.43.1 (2020-08-05)

    • Fix sandbox not disabled if syntax error occurs within {% sandbox %} tag
    • Fix a regression when not using a space before an operator
    • Restrict callables to closures in filters
    • Allow trailing commas in argument lists (in calls as well as definitions)

    1.43.0 (2020-07-05)

    • Throw exception in case non-Traversable data is passed to "filter"
    • Fix context optimization on PHP 7.4

    ... (truncated)

    Commits
    • 0887422 Prepare the 1.44.7 release
    • 35f3035 security #cve- Fix a security issue on filesystem loader (possibility to load...
    • f800934 Fix a security issue on filesystem loader (possibility to load a template out...
    • ae39480 Prepare the last release for the 1.x series
    • 7e5ba95 minor #3584 Fix emphasis on compiler to bold styling (jonnyeom)
    • 97ae3c8 Fix emphasis on compiler to bold styling
    • 8bab813 minor #3570 Update .gitattributes to exclude non-dist files (kaznovac)
    • 92766d0 Update .gitattributes to exclude non-dist files
    • 3a18bb3 Fix CS
    • 212e49b minor #3563 Missing Environment and LoaderInterface (remicollet)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump zendframework/zend-feed from 2.7.0 to 2.10.3 in /zf-2.5

    Bump zendframework/zend-feed from 2.7.0 to 2.10.3 in /zf-2.5

    Bumps zendframework/zend-feed from 2.7.0 to 2.10.3.

    Release notes

    Sourced from zendframework/zend-feed's releases.

    zend-feed 2.10.3

    Added

    • Nothing.

    Changed

    • This release modifies how Zend\Feed\Pubsubhubbub\AbstractCallback::_detectCallbackUrl() marshals the request URI. In prior releases, we would attempt to inspect the X-Rewrite-Url and X-Original-Url headers, using their values, if present. These headers are issued by the ISAPI_Rewrite module for IIS (developed by HeliconTech). However, we have no way of guaranteeing that the module is what issued the headers, making it an unreliable source for discovering the URI. As such, we have removed this feature in this release.

      The method is not called internally. If you are calling the method from your own extension and need support for ISAPI_Rewrite, you will need to override the method as follows:

      protected function _detectCallbackUrl()
      {
          $callbackUrl = null;
          if (isset($_SERVER['HTTP_X_REWRITE_URL'])) {
              $callbackUrl = $_SERVER['HTTP_X_REWRITE_URL'];
          }
          if (isset($_SERVER['HTTP_X_ORIGINAL_URL'])) {
              $callbackUrl = $_SERVER['HTTP_X_ORIGINAL_URL'];
          }
      
      return $callbackUrl ?: parent::__detectCallbackUrl();
      

      }

      If you use an approach such as the above, make sure you also instruct your web server to strip any incoming headers of the same name so that you can guarantee they are issued by the ISAPI_Rewrite module.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    ... (truncated)

    Changelog

    Sourced from zendframework/zend-feed's changelog.

    2.10.3 - 2018-08-01

    Added

    • Nothing.

    Changed

    • This release modifies how Zend\Feed\Pubsubhubbub\AbstractCallback::_detectCallbackUrl() marshals the request URI. In prior releases, we would attempt to inspect the X-Rewrite-Url and X-Original-Url headers, using their values, if present. These headers are issued by the ISAPI_Rewrite module for IIS (developed by HeliconTech). However, we have no way of guaranteeing that the module is what issued the headers, making it an unreliable source for discovering the URI. As such, we have removed this feature in this release.

      The method is not called internally. If you are calling the method from your own extension and need support for ISAPI_Rewrite, you will need to override the method as follows:

      protected function _detectCallbackUrl()
      {
          $callbackUrl = null;
          if (isset($_SERVER['HTTP_X_REWRITE_URL'])) {
              $callbackUrl = $_SERVER['HTTP_X_REWRITE_URL'];
          }
          if (isset($_SERVER['HTTP_X_ORIGINAL_URL'])) {
              $callbackUrl = $_SERVER['HTTP_X_ORIGINAL_URL'];
          }
      
      return $callbackUrl ?: parent::__detectCallbackUrl();
      

      }

      If you use an approach such as the above, make sure you also instruct your web server to strip any incoming headers of the same name so that you can guarantee they are issued by the ISAPI_Rewrite module.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • Nothing.

    ... (truncated)

    Commits
    • 6641f4c Merge branch 'security/zf2018-01'
    • b28589c Remove support for the X-Original-Url and X-Rewrite-Url headers
    • b3d847a Bumped version
    • dc3a035 Bumped to next dev version (2.10.3)
    • 5253f94 Merge branch 'hotfix/google-play-podcast-extension-entry'
    • c67833a Setting date for 2.10.2 release in CHANGELOG
    • bfd6b1a Adds CHANGELOG entry for #81
    • af6dc41 Follow same pattern in Writer subcomponent regarding GooglePlayPodcast extension
    • dfbb10f Allow usage of Reader without GooglePlayPodcast extension
    • 875414e Bumped version
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump composer/composer from 1.3.2 to 1.10.26 in /ze-1.0

    Bump composer/composer from 1.3.2 to 1.10.26 in /ze-1.0

    Bumps composer/composer from 1.3.2 to 1.10.26.

    Release notes

    Sourced from composer/composer's releases.

    1.10.26

    • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)

    1.10.25

    • Fixed selfupdate on Windows + PHP 8.1 regression (#10446)

    1.10.24

    1.10.23

    • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)

    1.10.22

    • Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

    1.10.21

    • Fixed support for new GitHub OAuth token format
    • Fixed processes silently ignoring the CWD when it does not exist

    1.10.20

    • Fixed exclude-from-classmap causing regex issues when having too many paths
    • Fixed compatibility issue with Symfony 4/5

    1.10.19

    • Fixed regression on PHP 8.0

    1.10.18

    • Allow installation on PHP 8.0

    1.10.17

    • Fixed Bitbucket API authentication issue
    • Fixed parsing of Composer 2 lock files breaking in some rare conditions

    1.10.16

    • Added warning to validate command for cases where packages provide/replace a package that they also require
    • Fixed JSON schema validation issue with PHPStorm
    • Fixed symlink handling in archive command

    1.10.15

    • Fixed path repo version guessing issue

    1.10.14

    • Fixed version guesser to look at remote branches as well as local ones
    • Fixed path repositories version guessing to handle edge cases where version is different from the VCS-guessed version
    • Fixed COMPOSER env var causing issues when combined with the global command
    • Fixed a few issues dealing with PHP without openssl extension (not recommended at all but sometimes needed for testing)

    ... (truncated)

    Changelog

    Sourced from composer/composer's changelog.

    [1.10.26] 2022-04-13

    • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)

    [1.10.25] 2022-01-21

    • Fixed selfupdate on Windows + PHP 8.1 regression (#10446)

    [1.10.24] 2021-12-09

    [1.10.23] 2021-10-05

    • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)

    [1.10.22] 2021-04-27

    • Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

    [1.10.21] 2021-04-01

    • Fixed support for new GitHub OAuth token format
    • Fixed processes silently ignoring the CWD when it does not exist

    [1.10.20] 2021-01-27

    • Fixed exclude-from-classmap causing regex issues when having too many paths
    • Fixed compatibility issue with Symfony 4/5

    [1.10.19] 2020-12-04

    • Fixed regression on PHP 8.0

    [1.10.18] 2020-12-03

    • Allow installation on PHP 8.0

    [1.10.17] 2020-10-30

    • Fixed Bitbucket API authentication issue
    • Fixed parsing of Composer 2 lock files breaking in some rare conditions

    [1.10.16] 2020-10-24

    • Added warning to validate command for cases where packages provide/replace a package that they also require
    • Fixed JSON schema validation issue with PHPStorm
    • Fixed symlink handling in archive command

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump zendframework/zend-diactoros from 1.3.7 to 1.8.7 in /zf-2.5

    Bump zendframework/zend-diactoros from 1.3.7 to 1.8.7 in /zf-2.5

    Bumps zendframework/zend-diactoros from 1.3.7 to 1.8.7.

    Release notes

    Sourced from zendframework/zend-diactoros's releases.

    zend-diactoros 1.8.7

    Added

    • Nothing.

    Changed

    • Nothing.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • #364 modifies detection of HTTPS schemas via the $_SERVER['HTTPS'] value such that an empty HTTPS-key will result in a scheme of http and not https.

    zend-diactoros 1.8.6

    Added

    • Nothing.

    Changed

    • #325 changes the behavior of ServerRequest::withParsedBody(). Per PSR-7, it now no longer allows values other than null, arrays, or objects.

    • #325 changes the behavior of each of Request, ServerRequest, and Response in relation to the validation of header values. Previously, we allowed empty arrays to be provided via withHeader(); however, this was contrary to the PSR-7 specification. Empty arrays are no longer allowed.

    Deprecated

    • Nothing.

    Removed

    ... (truncated)

    Changelog

    Sourced from zendframework/zend-diactoros's changelog.

    1.8.7 - 2019-08-06

    Added

    • Nothing.

    Changed

    • Nothing.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • #364 modifies detection of HTTPS schemas via the $_SERVER['HTTPS'] value such that an empty HTTPS-key will result in a scheme of http and not https.

    1.8.6 - 2018-09-05

    Added

    • Nothing.

    Changed

    • #325 changes the behavior of ServerRequest::withParsedBody(). Per

    • PSR-7, it now no longer allows values other than null, arrays, or objects.

    • #325 changes the behavior of each of Request, ServerRequest, and Response in relation to the validation of header values. Previously, we allowed empty arrays to be provided via withHeader(); however, this was contrary to the PSR-7 specification. Empty arrays are no longer allowed.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    ... (truncated)

    Commits
    • a85e67b 1.8.7 readiness
    • 65d4105 Fixed failing tests: set user agent on load external content
    • 97bfc56 Merge branch 'hotfix/364' into release-1.8
    • 07cd173 CS fix: shorten http user agent name as it doesn't matter for the test
    • a3446e5 Fixed invalid header value in test
    • 3fb8cc2 Remove typehints and RTH to work on PHP 5.6
    • b8ca384 Fix more CS issues
    • dd593d0 Apply changes to comply with CodeReview
    • e383d13 Add test to verify Scheme retrieval is correct
    • ae3aec8 Modify detection of HTTPS
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Bump zendframework/zend-http from 2.5.5 to 2.8.4 in /zf-2.5

    Bump zendframework/zend-http from 2.5.5 to 2.8.4 in /zf-2.5

    Bumps zendframework/zend-http from 2.5.5 to 2.8.4.

    Release notes

    Sourced from zendframework/zend-http's releases.

    zend-http 2.8.4

    Added

    • Nothing.

    Changed

    • Nothing.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • #168 fixes a problem when validating the connection timeout for the Curl and Socket client adapters; it now correctly identifies both integer and string integer values.

    zend-http 2.8.3

    Added

    • Nothing.

    Changed

    • Nothing.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    ... (truncated)

    Changelog

    Sourced from zendframework/zend-http's changelog.

    2.8.4 - 2019-02-07

    Added

    • Nothing.

    Changed

    • Nothing.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • #168 fixes a problem when validating the connection timeout for the Curl and Socket client adapters; it now correctly identifies both integer and string integer values.

    2.8.3 - 2019-01-08

    Added

    • Nothing.

    Changed

    • Nothing.

    Deprecated

    • Nothing.

    Removed

    • Nothing.

    Fixed

    • #165 fixes detection of the base URL when operating under a CLI environment.

    • #149 provides fixes to Client::setUri() to ensure its status as a relative or absolute URI is correctly memoized.

    • #162 fixes a typo in an exception message raised within Cookies::fromString().

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Owner
kenjis
kenjis
I made my own simple php framework inspired from laravel framework.

Simple MVC About Since 2019, I started learning the php programming language and have worked on many projects using the php framework. Laravel is one

null 14 Aug 14, 2022
PHPR or PHP Array Framework is a framework highly dependent to an array structure.

this is new repository for php-framework Introduction PHPR or PHP Array Framework is a framework highly dependent to an array structure. PHPR Framewor

Agung Zon Blade 2 Feb 12, 2022
I made my own simple php framework inspired from laravel framework.

Simple MVC About Since 2019, I started learning the php programming language and have worked on many projects using the php framework. Laravel is one

Rizky Alamsyah 14 Aug 14, 2022
Framework X is a simple and fast micro framework based on PHP

Framework X is a simple and fast micro framework based on PHP. I've created a simple CRUD application to understand how it works. I used twig and I created a custom middleware to handle PUT, DELETE methods.

Mahmut Bayri 6 Oct 14, 2022
Spiral Framework is a High-Performance PHP/Go Full-Stack framework and group of over sixty PSR-compatible components

Spiral HTTP Application Skeleton Spiral Framework is a High-Performance PHP/Go Full-Stack framework and group of over sixty PSR-compatible components.

Spiral Scout 152 Dec 18, 2022
Sunhill Framework is a simple, fast, and powerful PHP App Development Framework

Sunhill Framework is a simple, fast, and powerful PHP App Development Framework that enables you to develop more modern applications by using MVC (Model - View - Controller) pattern.

Mehmet Selcuk Batal 3 Dec 29, 2022
Framework X – the simple and fast micro framework for building reactive web applications that run anywhere.

Framework X Framework X – the simple and fast micro framework for building reactive web applications that run anywhere. Quickstart Documentation Tests

Christian Lück 620 Jan 7, 2023
FuelPHP v1.x is a simple, flexible, community driven PHP 5.3+ framework, based on the best ideas of other frameworks, with a fresh start! FuelPHP is fully PHP 7 compatible.

FuelPHP Version: 1.8.2 Website Release Documentation Release API browser Development branch Documentation Development branch API browser Support Forum

Fuel 1.5k Dec 28, 2022
An asynchronous event driven PHP socket framework. Supports HTTP, Websocket, SSL and other custom protocols. PHP>=5.3.

Workerman What is it Workerman is an asynchronous event-driven PHP framework with high performance to build fast and scalable network applications. Wo

walkor 10.2k Dec 31, 2022
Fast php framework written in c, built in php extension

Yaf - Yet Another Framework PHP framework written in c and built as a PHP extension. Requirement PHP 7.0+ (master branch)) PHP 5.2+ (php5 branch) Inst

Xinchen Hui 4.5k Dec 28, 2022
💫 Vega is a CLI mode HTTP web framework written in PHP support Swoole, WorkerMan / Vega 是一个用 PHP 编写的 CLI 模式 HTTP 网络框架,支持 Swoole、WorkerMan

Mix Vega 中文 | English Vega is a CLI mode HTTP web framework written in PHP support Swoole, WorkerMan Vega 是一个用 PHP 编写的 CLI 模式 HTTP 网络框架,支持 Swoole、Work

Mix PHP 46 Apr 28, 2022
A PHP framework for web artisans.

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

The Laravel Framework 72k Jan 7, 2023
The Symfony PHP framework

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony is used by thousands of web applications (in

Symfony 27.8k Jan 2, 2023
Open Source PHP Framework (originally from EllisLab)

What is CodeIgniter CodeIgniter is an Application Development Framework - a toolkit - for people who build web sites using PHP. Its goal is to enable

B.C. Institute of Technology 18.2k Dec 29, 2022
Yii 2: The Fast, Secure and Professional PHP Framework

Yii 2 is a modern framework designed to be a solid foundation for your PHP application. It is fast, secure and efficient and works right out of the bo

Yii Software 14k Dec 31, 2022
CakePHP: The Rapid Development Framework for PHP - Official Repository

CakePHP is a rapid development framework for PHP which uses commonly known design patterns like Associative Data Mapping, Front Controller, and MVC. O

CakePHP 8.6k Dec 31, 2022
Slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs.

Slim Framework Slim is a PHP micro-framework that helps you quickly write simple yet powerful web applications and APIs. Installation It's recommended

Slim Framework 11.5k Jan 4, 2023
High performance, full-stack PHP framework delivered as a C extension.

Phalcon Framework Phalcon is an open source web framework delivered as a C extension for the PHP language providing high performance and lower resourc

The Phalcon PHP Framework 10.7k Jan 8, 2023
🚀 PHP Microservice Full Coroutine Framework

PHP microservice coroutine framework 中文说明 Introduction Swoft is a PHP microservices coroutine framework based on the Swoole extension. Like Go, Swoft

Swoft Cloud 5.5k Dec 28, 2022