Composer as a service

Pascal Borreli

Last update: Nov 23, 2021

Related tags

Overview

Composer as a service

What is it?

Originally the idea came from @pgodel

Having some issue with little instances or slow connection, I decided to make the tool as a side-project.

Requirements

rabbitmq-server
pusher.com account (free plan for few connections)

Installation

composer create-project pborreli/composer-service -sdev
cd composer-service
php -S localhost:9090 -t web &
rabbitmq-server &
php app/console sonata:notification:start

Run test suite

You will need phantomjs executable:

brew update && brew install phantomjs

Future

An API is planned so it could be possible to be called from inside composer itself.
More tests
Better code
Insert your needed feature here

License

It's MIT, you can do whatever you like without need of thank or anything. I'd be glad if you use it, happy if you enjoy it and very happy if you decide to contribute to make it better.

Quality

Contributing

If you wish to contribute to this website, please fork it on GitHub, push your change to a named branch, then send me a pull request.

Contributors

@pborreli
@ubermuda
@cordoval
@youbs
@norzechowicz
@staabm
@aitboudad

Comments

support private repositories

Yey we got a mention from @Seldaek from the composer repository, creating the issue based on https://github.com/composer/composer/issues/843#issuecomment-31428586

:baby:
enhancement

opened by cordoval 14
[RFC] Vagrant

What do you guys think about adding to this project vagrant configuration? It might be helpful especially when somebody wants to fix some simple issue but he have no idea how to set up rabbitmq-server.

opened by norberttech 11
[WIP] PHPSpec introduction
I'll try to add specs for all existing classes.

[ ] /Consumer

[x] /Controller

[ ] /DependencyInjection - not sure if there is a need to add specs for DI

[x] /Form

[x] /Pusher

[x] AyalineComposerBundle
opened by norberttech 10
TransportException when trying "repositories"

Hi, I've got the following Exception

Loading composer repositories with package information [Composer\Downloader\TransportException] The "https://api.github.com/repos/drupal/drupal /tags?per_page=100" file could not be downloaded (HTTP/1.0 400 Bad request) update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-plugins] [--no-custom-installers] [--no-scripts] [--no-progress] [--with-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [packages1] ... [packagesN]

Using this configuration

{ "repositories": [{ "type": "vcs", "url": "https://github.com/drupal/drupal " }], "require": { "drupal/drupal": "8.0-alpha11@dev" } }

opened by egulias 6

Composer script execute support?

I wanna to install global package via composer's pre-update-cmd script.

But it seems does not work.

Example:

{
  "name": "yiisoft/yii2-app-advanced",
  "description": "Yii 2 Advanced Application Template",
  "keywords": ["yii2", "framework", "advanced", "application template"],
  "type": "project",
  "license": "BSD-3-Clause",
  "minimum-stability": "stable",
  "require": {
    "php": ">=5.4.0",
    "yiisoft/yii2": "*",
    "light/apistore": "*"
  },
  "require-dev": {
    "yiisoft/yii2-codeception": "*",
    "yiisoft/yii2-debug": "*",
    "yiisoft/yii2-gii": "*",
    "yiisoft/yii2-faker": "*"
  },
  "config": {
    "process-timeout": 1800,
    "preferred-install": "dist",
    "optimize-autoloader": true
  },
  "extra": {
    "asset-installer-paths": {
      "npm-asset-library": "vendor/npm",
      "bower-asset-library": "vendor/bower"
    }
  },
  "scripts": {
    "pre-install-cmd": [
      "composer self-update",
      "composer global require fxp/composer-asset-plugin:~1.1.1"
    ],
    "pre-update-cmd": [
      "composer self-update",
      "composer global require fxp/composer-asset-plugin:~1.1.1"
    ]
  }
}

opened by lichunqiang 4

User should be able to download only generated composer.lock

For example, I have little change that is important bugfix as dependency in OS project, but I can't run the update on my own. With change to only download composer.lock without the zips, I can simply & quickly fix lock file in the project.

What do you think?
enhancement

opened by stloyd 4
Adding an 'about' page
With :

list of contributors with gravatar like :

a "thank you" section with statuspages.io, pusher.com who gives us a paying plan for free to encourage OSS

a little word for my company which host the webserver

Feedback welcome for the content and design ..
opened by pborreli 4
Bump nelmio/security-bundle from 1.10.0 to 2.5.1
Bumps nelmio/security-bundle from 1.10.0 to 2.5.1.

Release notes

Sourced from nelmio/security-bundle's releases.

2.5.1

Abort CSP compiler pass when CSP is not enabled

2.5.0

Allows matching the query parameter for clickjacking protection

Cleanup content type restrictable listener

Added Symfony 4 support

Added support for 'worker-src' CSP directive

Removed PHP 5.3 support guarantees F- ix CSP noise filter compiler pass registration

2.4.0

Deprecate calling ContentSecurityPolicyListener::getNonce without usage ('script' or 'style')

Added forced_ssl > redirect_status_code option to allow switching to permanent redirect (301) responses

Fixed HSTS header being sent even in non-secure responses unnecessarily

Fixed URLs with whitespace prefix not being seen as external redirects

2.3.1

Fix arguments for Twig extension

2.3.0

Add support for script-src 'strict-dynamic' (see https://w3c.github.io/webappsec-csp/#strict-dynamic-usage)

Improve CSP filtering

Remove Twig extension compiler pass in favor of tag

Use symfony/phpunit-bridge for testing on IC

2.2.4

Fix exceptions thrown by Report::fromRequest

2.2.3

Improve CSP filtering

2.2.1

Fix dependency on UAParser

2.2.0

Add CSP report filter

Fix Twig 2 support

Version 2.1.0

Add support for Referrer Policy

Content-Security-Policy header can now be disabled

Fix encrypter deprecation

Run the test suite on PHP 7.1

Run the test suite with lowest dependencies

2.0.4

Enable manifest-src directive for Chrome, Opera and Firefox

2.0.3
... (truncated)

Changelog

Sourced from nelmio/security-bundle's changelog.

2.5.1 (2018-03-21)

Abort CSP compiler pass when CSP is not enabled

2.5.0 (2018-02-26)

Allows matching the query parameter for clickjacking protection

Cleanup content type restrictable listener

Added Symfony 4 support

Added support for 'worker-src' CSP directive

Removed PHP 5.3 support guarantees

Fix CSP noise filter compiler pass registration

2.4.0 (2017-06-22)

Deprecate calling ContentSecurityPolicyListener::getNonce without usage ('script' or 'style')

Added forced_ssl > redirect_status_code option to allow switching to permanent redirect (301) responses

Fixed HSTS header being sent even in non-secure responses unnecessarily

Fixed URLs with whitespace prefix not being seen as external redirects

2.3.1 (2017-03-17)

Fix arguments for Twig extension

2.3.0 (2017-03-17)

Add support for script-src 'strict-dynamic' (see https://w3c.github.io/webappsec-csp/#strict-dynamic-usage)

Improve CSP filtering

Remove Twig extension compiler pass in favor of tag

Use symfony/phpunit-bridge for testing on IC

2.2.4 (2017-02-13)

Fix exceptions thrown by Report::fromRequest

2.2.3 (2017-02-13)

Improve CSP filtering

2.2.2 (2017-02-07)

Improve CSP filtering

Fix injected script noise detector loading

2.2.1 (2017-02-07)

Fix dependency on UAParser

2.2.0 (2017-02-06)
... (truncated)

Commits

fe1d31e Update CHANGELOG.md

633544f Merge pull request #175 from rpkamp/patch-1

9c05472 Update CHANGELOG.md

2cc12bb Add tests for CspReportFilterCompilerPass

0878762 Abort CSP compiler pass when CSP is not enabled

e895e05 Update Changelog

4228044 Merge pull request #168 from Bruce17/patch-1

cb75132 Merge pull request #170 from smalot/master

66b753c Merge pull request #173 from lstrojny/dev/noise-detector-pass

752d70d Actually add compiler pass

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot merge will merge this PR after your CI passes on it

@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Pull request limits (per update run and/or open at any time)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

dependencies
opened by dependabot-preview[bot] 3

[Insight] A Symfony2 application should be bootable

SensioLabsInsight was not able to boot your Symfony2 application. If you need to customize files or run commands to make it bootable, you can edit your SensioLabsInsight project configuration to override the default "pre_composer_script" and/or "post_composer_script" settings.

An exception occured in driver: SQLSTATE[HY000] [2002] Connection refused in /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/AbstractMySQLDriver.php on line 103
Stack trace:
#0 /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/DBALException.php(133): Doctrine\DBAL\Driver\AbstractMySQLDriver->convertException(&#039;An exception oc...&#039;, Object(Doctrine\DBAL\Driver\PDOException))
#1 /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOMySql/Driver.php(47): Doctrine\DBAL\DBALException::driverException(Object(Doctrine\DBAL\Driver\PDOMySql\Driver), Object(Doctrine\DBAL\Driver\PDOException))
#2 /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(360): Doctrine\DBAL\Driver\PDOMySql\Driver->connect(Array, &#039;root&#039;, NULL, Array)
#3 /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(429): Doctrine\DBAL\Connection->connect()
#4 /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(389): Doctrine\DBAL\Connection->getDatabasePlatformVersion()
#5 /home/foobar/code/vendor/doctrine/dbal/lib/Doctrine/DBAL/Connection.php(328): Doctrine\DBAL\Connection->detectDatabasePlatform()
#6 /home/foobar/code/vendor/doctrine/orm/lib/Doctrine/ORM/Mapping/ClassMetadataFactory.php(81): Doctrine\DBAL\Connection->getDatabasePlatform()
#7 /home/foobar/code/vendor/doctrine/common/lib/Doctrine/Common/Persistence/Mapping/AbstractClassMetadataFactory.php(108): Doctrine\ORM\Mapping\ClassMetadataFactory->initialize()
#8 /home/foobar/code/vendor/symfony/symfony/src/Symfony/Bridge/Doctrine/CacheWarmer/ProxyCacheWarmer.php(69): Doctrine\Common\Persistence\Mapping\AbstractClassMetadataFactory->getAllMetadata()
#9 /home/foobar/code/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/CacheWarmer/CacheWarmerAggregate.php(48): Symfony\Bridge\Doctrine\CacheWarmer\ProxyCacheWarmer->warmUp(&#039;/home/foobar/co...&#039;)
#10 /home/foobar/code/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(546): Symfony\Component\HttpKernel\CacheWarmer\CacheWarmerAggregate->warmUp(&#039;/home/foobar/co...&#039;)
#11 /home/foobar/code/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php(128): Symfony\Component\HttpKernel\Kernel->initializeContainer()
#12 /home/foobar/code/app/InsightAppKernel.php(15) : eval()&#039;d code(7): Symfony\Component\HttpKernel\Kernel->boot()
#13 /home/foobar/code/app/InsightAppKernel.php(15): eval()
#14 {main}

Posted from SensioLabsInsight

opened by pborreli 3

[Security] Bump symfony/mime from 4.3.5 to 4.4.27
Bumps symfony/mime from 4.3.5 to 4.4.27. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

Affected versions: >=4.3.0, <4.3.8

Release notes

Sourced from symfony/mime's releases.

v4.4.27

Changelog (https://github.com/symfony/mime/compare/v4.4.26...v4.4.27)

no significant changes

v4.4.26

Changelog (https://github.com/symfony/mime/compare/v4.4.25...v4.4.26)

no significant changes

v4.4.25

Changelog (https://github.com/symfony/mime/compare/v4.4.24...v4.4.25)

no significant changes

v4.4.24

Changelog (https://github.com/symfony/mime/compare/v4.4.23...v4.4.24)

bug #41240 Fixed deprecation warnings about passing null as parameter (derrabus)

v4.4.22

Changelog (https://github.com/symfony/mime/compare/v4.4.21...v4.4.22)

no significant changes

v4.4.21

Changelog (https://github.com/symfony/mime/compare/v4.4.20...v4.4.21)

bug #39685 Allow egulias/email-validator 3.x (derrabus)

bug #39866 Escape commas in address names (YaFou)

v4.4.20

Changelog (https://github.com/symfony/mime/compare/v4.4.19...v4.4.20)

bug #39980 Update inline part names with newly generated ContentId (ddegentesh)

bug #40062 Fix case-sensitive handling of header names (piku235)

v4.4.19

Changelog (https://github.com/symfony/mime/compare/v4.4.18...v4.4.19)

bug #39794 Dont allow unserializing classes with a destructor - 4.4 (jderusse)

v4.4.18

Changelog (https://github.com/symfony/mime/compare/v4.4.17...v4.4.18)

bug #39252 Leverage PHP 8's detection of CSV files (derrabus)

v4.4.17

Changelog (https://github.com/symfony/mime/compare/v4.4.16...v4.4.17)

... (truncated)

Changelog

Sourced from symfony/mime's changelog.

CHANGELOG

5.2.0

Add support for DKIM

Deprecated Address::fromString(), use Address::create() instead

4.4.0

[BC BREAK] Removed NamedAddress (Address now supports a name)

Added PHPUnit constraints

Added AbstractPart::asDebugString()

Added Address::fromString()

4.3.3

[BC BREAK] Renamed method Headers::getAll() to Headers::all().

4.3.0

Introduced the component as experimental

Commits

6ab91e8 Leverage str_contains/str_starts_with

9179ed3 Leverage str_ends_with

aefb996 Optimized some strlen() calls when possible

012c146 Backport type fixes

1a2bdd5 [DependencyInjection] Fix CSV file mime type guess test for PHP 8.1

35ae521 Fix tests (bis)

264565f Fix markdown

7e8e919 Fixed deprecation warnings about passing null as parameter

36f2e59 [Mime] DataPart: remove confusing fix-me comment

6198e1d [PHPDoc] Fix some union type cases

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies security
opened by dependabot-preview[bot] 0
[Security] Bump symfony/http-client from 4.3.5 to 4.4.27
Bumps symfony/http-client from 4.3.5 to 4.4.27. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient

Affected versions: >=4.3.0, =5.1.0, <5.1.5

Release notes

Sourced from symfony/http-client's releases.

v4.4.27

Changelog (https://github.com/symfony/http-client/compare/v4.4.26...v4.4.27)

bug #42174 Indicate compatibility with psr/log 2 and 3 (derrabus)

v4.4.26

Changelog (https://github.com/symfony/http-client/compare/v4.4.25...v4.4.26)

bug #41807 fix Psr18Client when allow_url_fopen=0 (nicolas-grekas)

bug #41624 Revert bindto workaround for unaffected PHP versions (derrabus)

v4.4.25

Changelog (https://github.com/symfony/http-client/compare/v4.4.24...v4.4.25)

no significant changes

v4.4.24

Changelog (https://github.com/symfony/http-client/compare/v4.4.23...v4.4.24)

bug #41224 fix adding query string to relative URLs with scoped clients (nicolas-grekas)

v4.4.23

Changelog (https://github.com/symfony/http-client/compare/v4.4.22...v4.4.23)

bug #41160 Don't prepare the request in ScopingHttpClient (nicolas-grekas)

v4.4.22

Changelog (https://github.com/symfony/http-client/compare/v4.4.21...v4.4.22)

bug #40702 allow CurlHttpClient on Windows (n0rbyt3)

v4.4.21

Changelog (https://github.com/symfony/http-client/compare/v4.4.20...v4.4.21)

bug #40587 fix using stream_copy_to_stream() with responses cast to php streams (nicolas-grekas)

bug #40538 remove using $http_response_header (nicolas-grekas)

v4.4.20

Changelog (https://github.com/symfony/http-client/compare/v4.4.19...v4.4.20)

bug #40239 MockResponse total_time should not be simulated when provided (Pierrick VIGNAND)

v4.4.19

Changelog (https://github.com/symfony/http-client/compare/v4.4.18...v4.4.19)

bug #39889 Add check for constant in Curl client (pierredup)

bug #39794 Dont allow unserializing classes with a destructor - 4.4 (jderusse)

v4.4.18

Changelog (https://github.com/symfony/http-client/compare/v4.4.17...v4.4.18)

... (truncated)

Changelog

Sourced from symfony/http-client's changelog.

CHANGELOG

5.3

Implement HttpClientInterface::withOptions() from symfony/contracts v2.4

Add DecoratorTrait to ease writing simple decorators

5.2.0

added AsyncDecoratorTrait to ease processing responses without breaking async

added support for pausing responses with a new pause_handler callable exposed as an info item

added StreamableInterface to ease turning responses into PHP streams

added MockResponse::getRequestMethod() and getRequestUrl() to allow inspecting which request has been sent

added EventSourceHttpClient a Server-Sent events stream implementing the EventSource specification

added option "extra.curl" to allow setting additional curl options in CurlHttpClient

added RetryableHttpClient to automatically retry failed HTTP requests.

added extra.trace_content option to TraceableHttpClient to prevent it from keeping the content in memory

5.1.0

added NoPrivateNetworkHttpClient decorator

added AmpHttpClient, a portable HTTP/2 implementation based on Amp

added LoggerAwareInterface to ScopingHttpClient and TraceableHttpClient

made HttpClient::create() return an AmpHttpClient when amphp/http-client is found but curl is not or too old

4.4.0

added canceled to ResponseInterface::getInfo()

added HttpClient::createForBaseUri()

added HttplugClient with support for sync and async requests

added max_duration option

added support for NTLM authentication

added StreamWrapper to cast any ResponseInterface instances to PHP streams.

added $response->toStream() to cast responses to regular PHP streams

made Psr18Client implement relevant PSR-17 factories and have streaming responses

added TraceableHttpClient, HttpClientDataCollector and HttpClientPass to integrate with the web profiler

allow enabling buffering conditionally with a Closure

allow option "buffer" to be a stream resource

allow arbitrary values for the "json" option

4.3.0

added the component

Commits

ade6979 [4.4] Add missing @return annotations

7eae617 Fix typo

48df568 Leverage str_contains/str_starts_with

24936f6 Leverage str_ends_with

343ba5b Indicate compatibility with psr/log 2 and 3

5c9b42e Backport type fixes

78bd379 [HttpClient] fix Psr18Client when allow_url_fopen=0

534bac2 [HttpClient] Revert bindto workaround

d6c0260 fix tests (quinter)

0b97bcf fix tests (ter)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies security
opened by dependabot-preview[bot] 0
Upgrade to GitHub-native Dependabot

Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then.

Dependabot has been fully integrated into GitHub, so you no longer have to install and manage a separate app. This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When merged, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates, and you'll configure Dependabot through the new config file rather than a UI.

If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

Learn more about migrating to GitHub-native Dependabot

Please note that regular @dependabot commands do not work on this pull request.
dependencies

opened by dependabot-preview[bot] 1
[Security] Bump composer/composer from 1.9.0 to 1.10.22
Bumps composer/composer from 1.9.0 to 1.10.22. This update includes a security fix.

Vulnerabilities fixed

Sourced from The PHP Security Advisories Database.

Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with Mercurial

Affected versions: >=2.0.0-alpha1, <2.0.13; <1.10.22

Release notes

Sourced from composer/composer's releases.

1.10.22

Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

1.10.21

Fixed support for new GitHub OAuth token format

Fixed processes silently ignoring the CWD when it does not exist

1.10.20

Fixed exclude-from-classmap causing regex issues when having too many paths

Fixed compatibility issue with Symfony 4/5

1.10.19

Fixed regression on PHP 8.0

1.10.18

Allow installation on PHP 8.0

1.10.17

Fixed Bitbucket API authentication issue

Fixed parsing of Composer 2 lock files breaking in some rare conditions

1.10.16

Added warning to validate command for cases where packages provide/replace a package that they also require

Fixed JSON schema validation issue with PHPStorm

Fixed symlink handling in archive command

1.10.15

Fixed path repo version guessing issue

1.10.14

Fixed version guesser to look at remote branches as well as local ones

Fixed path repositories version guessing to handle edge cases where version is different from the VCS-guessed version

Fixed COMPOSER env var causing issues when combined with the global command

Fixed a few issues dealing with PHP without openssl extension (not recommended at all but sometimes needed for testing)

1.10.13

Fixed regressions with old version validation

Fixed invalid root aliases not being reported

1.10.12

Fixed regressions with old version validation

1.10.11

Fixed more PHP 8 compatibility issues

Fixed regression in handling of CTRL-C when xdebug is loaded

Fixed status handling of broken symlinks

1.10.10

Fixed create-project not triggering events while installing the root package

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[1.10.22] 2021-04-27

Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

[1.10.21] 2021-04-01

Fixed support for new GitHub OAuth token format

Fixed processes silently ignoring the CWD when it does not exist

[1.10.20] 2021-01-27

Fixed exclude-from-classmap causing regex issues when having too many paths

Fixed compatibility issue with Symfony 4/5

[1.10.19] 2020-12-04

Fixed regression on PHP 8.0

[1.10.18] 2020-12-03

Allow installation on PHP 8.0

[1.10.17] 2020-10-30

Fixed Bitbucket API authentication issue

Fixed parsing of Composer 2 lock files breaking in some rare conditions

[1.10.16] 2020-10-24

Added warning to validate command for cases where packages provide/replace a package that they also require

Fixed JSON schema validation issue with PHPStorm

Fixed symlink handling in archive command

[1.10.15] 2020-10-13

Fixed path repo version guessing issue

[1.10.14] 2020-10-13

Fixed version guesser to look at remote branches as well as local ones

Fixed path repositories version guessing to handle edge cases where version is different from the VCS-guessed version

Fixed COMPOSER env var causing issues when combined with the global command

Fixed a few issues dealing with PHP without openssl extension (not recommended at all but sometimes needed for testing)

[1.10.13] 2020-09-09

Fixed regressions with old version validation

Fixed invalid root aliases not being reported

[1.10.12] 2020-09-08

... (truncated)

Commits

28c9dfb Release 1.10.22

cd682f9 Update xdebug-handler to latest

1cdbacb Update changelog

083b735 Merge pull request from GHSA-h5h8-pc6h-jvvx

4dc293b Update changelog

96acad1 Update github token pattern to match their latest updates

54889ca Document GH token usage and also make sure we redact them in Process debug ou...

dc83ba9 Update GitHub token pattern

06003f4 Update release step to use php8 as it produces slightly different output wrt ...

812207c Merge pull request #9695 from Seldaek/avoid-invalid-dir

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies security
opened by dependabot-preview[bot] 0
Bump php-amqplib/php-amqplib from 2.10.1 to 3.0.0
Bumps php-amqplib/php-amqplib from 2.10.1 to 3.0.0.

Release notes

Sourced from php-amqplib/php-amqplib's releases.

v3.0.0

No release notes provided.

php-amqplib v3.0.0-rc1

GitHub Milestone

Bugfix release

Fix autoloader issues when authorative class maps are enabled

2.12.2

No release notes provided.

php-amqplib v2.12.0

GitHub Milestone

https://packagist.org/packages/php-amqplib/php-amqplib#v2.12.0

php-amqplib v2.11.3

GitHub Milestone

https://packagist.org/packages/php-amqplib/php-amqplib#v2.11.3

php-amqplib v2.11.2

GitHub Milestone

https://packagist.org/packages/php-amqplib/php-amqplib#v2.11.2

php-amqplib v2.11.0

GitHub milestone

Changelog

Sourced from php-amqplib/php-amqplib's changelog.

3.0.0 - 2021-03-16

This version introduces PHP8 compatibility.

GitHub Milestone

2.12.2 - 2021-02-12

GitHub Milestone

2.12.1 - 2020-08-24

GitHub Milestone

2.12.0 - 2020-08-24

GitHub Milestone

2.11.3 - 2020-05-13

GitHub Milestone

2.11.2 - 2020-04-30

GitHub Milestone

2.11.1 - 2020-02-24

GitHub Milestone

2.11.0 - 2019-11-19

GitHub Milestone

Commits

c0a8ead 3.0.0 CHANGELOG

516c504 fix missing scrutinizer code coverage data

4128d61 Merge pull request #905 from adoy/composer-php-requirement

9058cd9 Change php required version in composer.json

00d65f3 use appveyor rabbitmq install scripts from organization library

12d094b 3.0.0-rc2

89372d5 Merge pull request #904 from patrickkusebauch/master

83048dc 3.0.0 CHANGELOG

8fce64c fix

f15ec3c fix

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0
Bump nelmio/security-bundle from 2.7.0 to 2.10.3
Bumps nelmio/security-bundle from 2.7.0 to 2.10.3.

Release notes

Sourced from nelmio/security-bundle's releases.

v2.10.3

Fixed Symfony 5 compatibility issues

v2.10.2

Fixed dependencies (allow installing on PHP 8 and explicitly require symfony/yaml)

v2.10.1

Fix ContentSecurityPolicyController

v2.10.0

Ensure compatibility with Symfony EventDispatcher 5.x

v2.9.1

Ensure passing the correct type to UAParser::parse

Use Symfony DI Reference instead of Definition

Optimize regular expressions in the sha computer

Show non-deprecated usage of the csp_nonce Twig function

v2.9.0

Symfony 5 compatibility added

Bump minimal Twig version to 1.38.0

v2.8.0

Fixed deprecated/invalid method usage on logger interface

Drop tests for PHP 5.4

Changelog

Sourced from nelmio/security-bundle's changelog.

2.10.1 (2020-06-18)

Fix ContentSecurityPolicyController

2.10.0 (2020-06-18)

Ensure compatibility with Symfony EventDispatcher 5.x

2.9.1 (2020-05-11)

Ensure passing the correct type to UAParser::parse

Use Symfony DI Reference instead of Definition

Optimize regular expressions in the sha computer

Show non-deprecated usage of the csp_nonce Twig function

2.9.0 (2020-03-02)

Symfony 5 compatibility added

Bump minimal Twig version to 1.38.0

2.8.0 (2020-03-02)

Fixed deprecated/invalid method usage on logger interface

Drop tests for PHP 5.4

Commits

40d5ac1 Merge pull request #226 from freezy-sk/uap-php

c901eee Merge pull request #221 from Matth--/fix/csp-violation-event

302b0f5 Merge pull request #236 from bobdenotter/patch-2

18576dc Update composer.json

f40d105 Merge pull request #238 from azjezz/patch-1

8ff7a21 depend on symfony/yaml

e8b4f94 Allow installation alongside paragonie/random_compat 9.99.100

03f92da Fix the ClassNotFoundError Exception

cb580a0 removed uap-php from suggest

80d6e10 Update changelog

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)

Pull request limits (per update run and/or open at any time)

Automerge options (never/patch/minor, and dev/runtime dependencies)

Out-of-range updates (receive only lockfile updates, if desired)

Security updates (receive only security updates, if desired)

dependencies
opened by dependabot-preview[bot] 0