Your private self hosted composer repository with user management

Nikita Loges

Last update: Dec 30, 2022

Related tags

Miscellaneous git php app package composer database symfony repository selfhosted self-hosted user-management private self private-composer-package private-repository hosted

Overview

Devliver

Your private self-hosted composer repository.

Requirements

Docker
MariaDB/MySQL
the running docker container has access to private git repositories with ssh.

Installation

Create a docker-compose.yml file in an empty directory.

version: '3.6'

services:
  devliver:
    image: nicklog/devliver:latest
    volumes:
      - ./data:/var/www/html/data
      - ${HOME}/.ssh:/home/docker/.ssh
      - ${HOME}/.composer/:/home/docker/.composer/
    environment:
      - TZ=Europe/Berlin
      - APP_API_KEY=A-TOP-SECRET-KEY
      - DATABASE_NAME=devliver
      - DATABASE_USER=devliver
      - DATABASE_PASSWORD=devliver
      - DATABASE_HOST=database
      - DATABASE_PORT=3306
    depends_on:
      - database
    networks:
      - default
    ports:
      - "9000:80"

  database:
    image: mariadb:latest
    environment:
      - MYSQL_DATABASE=devliver
      - MYSQL_USER=devliver
      - MYSQL_PASSWORD=devliver
      - MYSQL_ROOT_PASSWORD=devliver
    networks:
      - default

Change any settings to your needs and then run simply docker-compose up -d.
You should now be able to access the site under port 9000 or the port you set.

With this example setup the website is not secured by https.
When you want to secure it I suggest to use a reverse proxy.

User

On first call of the website you can create a user. Create one and then login.
The first user becomes an admin and can create more user if necessary.

Clients

The packages.json, available under https://devliver-domain.url/packages.json, is secured by basic http authentication.
Add clients. These clients have access to the packages.json and can download archives.
Each client gets a token automatically.

Repository Authentication

The git repositories will usually be protected. You have to store an SSH key in the ssh directory in the home directory for the corresponding web server or in the directory of the docker-compose directory.
No matter, it must be ensured in any case that the SSH keys are available in the Docker container like in the example.

How to use in composer.json

To use your Devliver installation in Composer, there is a package repository you have to add to the composer.json in your projects.
This is your repository of private packages. Composer will ask you for credentials.
Use a client name as username and the token as password. If you want store these credentials in auth.json. Otherwise Composer will aks you always again.

{
  "repositories": [
    {
      "type": "composer",
      "url": "https://devliver-domain.url",
    }
  ]
}

Webhooks

Creating a Webhook ensures that your package will always be updated instantly when you push to your repository.

GitHub

Go to your GitHub repository
Click the Settings button
Click Webhooks and click on Add webhook
Enter https://devliver-domain.url/api/update-package?token=APP_API_TOKEN in Payload URL
Select application/json in Content type and let Secret empty
Which events would you like to trigger this webhook? - Just the push event.
Finally click on the green button Add webhook

GitLab

Go to your Admin Area
Click the "System Hooks" button in den left panel
Enter https://devliver-domain.url/api/update-package?token=APP_API_TOKEN in url field
Let "Secret Token" empty
Enable "Push events" and "Tag push events"
Submit the form

Bitbucket

Go to your BitBucket repository
Open the settings and select "Webhooks" in the menu
Add a new hook.
Enter https://devliver-domain.url/api/update-package?token=APP_API_TOKEN as URL
Save your changes and you're done.

Manual

If you do not use Bitbucket or GitHub there is a generic endpoint you can call manually from a git post-receive hook or similar. You have to do a POST request to https://devliver-domain.url/api/update-package?token=APP_API_TOKEN with a request body looking like this:

{
  "repository": {
    "git_url": "REPOSITORY_GIT_URL"
  }
}

For example with curl

curl -XPOST -H'content-type:application/json' 'https://devliver-domain.url/api/update-package?token=APP_API_TOKEN' -d'{"repository":{"git_url":"REPOSITORY_GIT_URL"}}'

Update

Just update the docker image with...

docker-compose pull
docker-compose up -d

Comments

Bump ini from 1.3.5 to 1.3.7
Bumps ini from 1.3.5 to 1.3.7.

Commits

c74c8af 1.3.7

024b8b5 update deps, add linting

032fbaf Use Object.create(null) to avoid default object property hazards

2da9039 1.3.6

cfea636 better git push script, before publish instead of after

56d2805 do not allow invalid hazardous string as section name

See full diff in compare view

Maintainer changes

This version was pushed to npm by isaacs, a new releaser for ini since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump http-proxy from 1.17.0 to 1.18.1
Bumps http-proxy from 1.17.0 to 1.18.1.

Changelog

Sourced from http-proxy's changelog.

v1.18.1 - 2020-05-17

Merged

Skip sending the proxyReq event when the expect header is present [#1447](https://github.com/http-party/node-http-proxy/issues/1447)

Remove node6 support, add node12 to build [#1397](https://github.com/http-party/node-http-proxy/issues/1397)

1.18.0 - 2019-09-18

Merged

Added in auto-changelog module set to keepachangelog format [#1373](https://github.com/http-party/node-http-proxy/issues/1373)

fix 'Modify Response' readme section to avoid unnecessary array copying [#1300](https://github.com/http-party/node-http-proxy/issues/1300)

Fix incorrect target name for reverse proxy example [#1135](https://github.com/http-party/node-http-proxy/issues/1135)

Fix modify response middleware example [#1139](https://github.com/http-party/node-http-proxy/issues/1139)

[dist] Update dependency async to v3 [#1359](https://github.com/http-party/node-http-proxy/issues/1359)

Fix path to local http-proxy in examples. [#1072](https://github.com/http-party/node-http-proxy/issues/1072)

fix reverse-proxy example require path [#1067](https://github.com/http-party/node-http-proxy/issues/1067)

Update README.md [#970](https://github.com/http-party/node-http-proxy/issues/970)

[dist] Update dependency request to ~2.88.0 [SECURITY] [#1357](https://github.com/http-party/node-http-proxy/issues/1357)

[dist] Update dependency eventemitter3 to v4 [#1365](https://github.com/http-party/node-http-proxy/issues/1365)

[dist] Update dependency colors to v1 [#1360](https://github.com/http-party/node-http-proxy/issues/1360)

[dist] Update all non-major dependencies [#1356](https://github.com/http-party/node-http-proxy/issues/1356)

[dist] Update dependency agentkeepalive to v4 [#1358](https://github.com/http-party/node-http-proxy/issues/1358)

[dist] Update dependency nyc to v14 [#1367](https://github.com/http-party/node-http-proxy/issues/1367)

[dist] Update dependency concat-stream to v2 [#1363](https://github.com/http-party/node-http-proxy/issues/1363)

x-forwarded-host overwrite for mutli level proxies [#1267](https://github.com/http-party/node-http-proxy/issues/1267)

[refactor doc] Complete rename to http-party org. [#1362](https://github.com/http-party/node-http-proxy/issues/1362)

Highlight correct lines for createProxyServer [#1117](https://github.com/http-party/node-http-proxy/issues/1117)

Fix docs for rewrite options - 201 also handled [#1147](https://github.com/http-party/node-http-proxy/issues/1147)

Update .nyc_output [#1339](https://github.com/http-party/node-http-proxy/issues/1339)

Configure Renovate [#1355](https://github.com/http-party/node-http-proxy/issues/1355)

[examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded [#1264](https://github.com/http-party/node-http-proxy/issues/1264)

Commits

[dist] New test fixtures. 7e4a0e5

[dist] End of an era. a9b09cc

[dist] Version bump. 1.18.0 9bbe486

[fix] Latest versions. 59c4403

[fix test] Update tests. dd1d08b

[dist] Update dependency ws to v3 [SECURITY] b00911c

[dist] .gitattributes all the things. fc93520

[dist] Regenerate package-lock.json. 16d4f8a

Commits

9b96cd7 1.18.1

335aeeb Skip sending the proxyReq event when the expect header is present (#1447)

dba3966 Remove node6 support, add node12 to build (#1397)

9bbe486 [dist] Version bump. 1.18.0

6e4bef4 Added in auto-changelog module set to keepachangelog format (#1373)

d056241 fix 'Modify Response' readme section to avoid unnecessary array copying (#1300)

244303b Fix incorrect target name for reverse proxy example (#1135)

b4028ba Fix modify response middleware example (#1139)

77a9815 [dist] Update dependency async to v3 (#1359)

c662f9e Fix path to local http-proxy in examples. (#1072)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1

Bump node-sass from 4.12.0 to 4.13.1

Bumps node-sass from 4.12.0 to 4.13.1.

Release notes

Sourced from node-sass's releases.

v4.13.1

Community

Fix render example syntax (@ZoranPandovski , #2787)

Fix sourceMap option inconsistencies (@saper , #2394)

Fix possible crash in customer importer (@xzyfer, #2816)

Supported Environments

OS Architecture Node

Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^

Alpine Linux x64 6, 8, 10, 11, 12, 13

FreeBSD i386 amd64 8, 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+ ** Not available on CentOS 5 ^ Only available on x64

v4.13.0

Features

Node 13 support (@saper, #2766 #2767)

Community

Fix broken link to NodeJS docs in README.md (@schwigri, #2753)

Assorted typo fixes (@XhmikosR , #2726)

Remove PR template (@nschonni)

Remove sudo settings from .travis.yml (@abetomo, #2673)

Add note in PR template about node-gyp 4.0 (@nschonni)

Change note about Node 12 support (@nschonni)

Dependencies

lodash@^4.17.15 (@kessenich, #2574)

Supported Environments

OS Architecture Node

Windows x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

OSX x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13

Linux* x86 & x64 0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8**, 9**, 10**^, 11**^, 12**^, 13**^

Alpine Linux x64 6, 8, 10, 11, 12, 13

FreeBSD i386 amd64 6, 8, 10, 12, 13

*Linux support refers to Ubuntu, Debian, and CentOS 5+

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10^, 11^, 12^, 13^
Alpine Linux	x64	6, 8, 10, 11, 12, 13
FreeBSD	i386 amd64	8, 10, 12, 13

OS	Architecture	Node
Windows	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
OSX	x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
Linux*	x86 & x64	0.10, 0.12, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10^, 11^, 12^, 13^
Alpine Linux	x64	6, 8, 10, 11, 12, 13
FreeBSD	i386 amd64	6, 8, 10, 12, 13

Changelog

Sourced from node-sass's changelog.

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

Commits

01db051 4.13.1
338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
c6f2e5a doc: README example fix (#2787)
fbc9ff5 Merge pull request #2754 from saper/no-map-if-not-requested
60fad5f 4.13.0
43db915 Merge pull request #2768 from sass/release-4-13
0c8d308 Update references for v4.13 release
f1cc0d3 Use GCC 6 for Node 12 binaries (#2767)
3838eae Use GCC 6 for Node 12 binaries
e84c6a9 Merge pull request #2766 from saper/node-modules-79
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript

opened by dependabot[bot] 1

Bump elliptic from 6.5.0 to 6.5.3
Bumps elliptic from 6.5.0 to 6.5.3.

Commits

8647803 6.5.3

856fe4d signature: prevent malleability and overflows

6048941 6.5.2

9984964 package: bump dependencies

ec735ed utils: leak less information in getNAF()

71e4e8e 6.5.1

7ec66ff short: add infinity check before multiplying

ee7970b travis: really move on

637d021 travis: move on

5ed0bab package: update deps

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump websocket-extensions from 0.1.3 to 0.1.4
Bumps websocket-extensions from 0.1.3 to 0.1.4.

Changelog

Sourced from websocket-extensions's changelog.

0.1.4 / 2020-06-02

Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)

Change license from MIT to Apache 2.0

Commits

8efd0cd Bump version to 0.1.4

3dad4ad Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser

4a76c75 Add Node versions 13 and 14 on Travis

44a677a Formatting change: {...} should have spaces inside the braces

f6c50ab Let npm reformat package.json

2d211f3 Change markdown formatting of docs.

0b62083 Update Travis target versions.

729a465 Switch license to Apache 2.0.

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump jquery from 3.4.1 to 3.5.0
Bumps jquery from 3.4.1 to 3.5.0.

Commits

7a0a850 3.5.0

8570a08 Release: Update AUTHORS.txt

da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses

065143c Ajax: Overwrite s.contentType with content-type header value, if any

1a4f10d Tests: Blacklist one focusin test in IE

9e15d6b Event: Use only one focusin/out handler per matching window & document

966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9

1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function

04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5

7506c9c Build: Resolve Travis config warnings

Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mgol, a new releaser for jquery since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump acorn from 6.2.0 to 6.4.1
Bumps acorn from 6.2.0 to 6.4.1.

Commits

9a2e9b6 Mark version 6.4.1

90a9548 More rigorously check surrogate pairs in regexp validator

df0cf1a Mark version 6.4.0

5303412 Also export Parser via Parser.acorn

efe273e give token types and etc to plugins

ac6decb Mark version 6.3.0

7e9817d Allow sourceType: module even with ecmaVersion < 6

e2b8cc0 Fix broken parsing of new expressions when allowReserved=="never"

1555c52 Update acorn.d.ts

77c20fa Mark version 6.2.1

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 1
Bump symfony/var-exporter from 4.3.2 to 4.4.4
⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.

Bumps symfony/var-exporter from 4.3.2 to 4.4.4.

Commits

1a76a94 Merge branch '4.3' into 4.4

563f728 Update year in license files

e566070 Merge branch '4.3' into 4.4

8cccc7d Fix CS

72feb69 Merge branch '4.3' into 4.4

097aa4c [VarExporter] fix exporting some strings

9fa6028 Add .gitignore to .gitattributes

a0f02cc Adding .gitattributes to remove Tests directory from "dist"

f0db98d Add more return types after fixing a typo in my script

9da61f8 Add return types to internal & magic methods when possible

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies php
opened by dependabot[bot] 1
Bump symfony/cache from 4.3.2 to 4.3.9
⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.

Bumps symfony/cache from 4.3.2 to 4.3.9.

Commits

2a7bcc5 Merge branch '3.4' into 4.3

3d9f46a Fix failures on PHP 7.4

9dc6d6d Merge branch '3.4' into 4.3

3da9b98 [Cache] Make sure we get the correct number of values from redis::mget()

73e461c [Cache] Disable igbinary on PHP >= 7.4

f94d67b catch exceptions when using PDO directly

83dca34 Merge branch '3.4' into 4.3

8d5db9c security #cve-2019-18889 [Cache] forbid serializing AbstractAdapter and TagAw...

30a51b2 [4.3] Remove unused local variables

08b664a Merge branch '3.4' into 4.3

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump symfony/security-http from 4.3.2 to 4.3.9
⚠️ Dependabot is rebasing this PR ⚠️

If you make any changes to it yourself then they will take precedence over the rebase.

Bumps symfony/security-http from 4.3.2 to 4.3.9.

Commits

75e96df Merge branch '3.4' into 4.3

2ddb064 [Security] Fix clearing remember-me cookie after deauthentication

4fb6913 [Security] Fix SwitchUser is broken when the User Provider always returns a v...

290b23a [Security\Core] throw AccessDeniedException when switch user fails

a2f67df [4.3] Remove unused local variables

e93ee6e Merge branch '3.4' into 4.3

8b123e7 Remove unused local variables in tests

b91b6d4 Replace deprecated calls in tests

e64b44b Merge branch '3.4' into 4.3

fb11079 Don't let falsey usernames slip through

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump dot-prop from 4.2.0 to 4.2.1
Bumps dot-prop from 4.2.0 to 4.2.1.

Release notes

Sourced from dot-prop's releases.

v4.2.1

Backport https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 to the v4.x release line.

Commits

c914124 feat: patch 4.2.0 with fixes for CVE-2020-8116

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies javascript
opened by dependabot[bot] 0