Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add audit command to check for security issues #10798

Closed
wants to merge 29 commits into from
Closed

Add audit command to check for security issues #10798

wants to merge 29 commits into from

Commits on May 31, 2022

  1. Allow chaining methods after calling setTemporaryConstraints 

    This is consistent with the return value of all the other setX() methods
in this class.
    @GuySartorelli
    GuySartorelli committed May 31, 2022
    Copy the full SHA
    bb31ef4 View commit details
    Browse the repository at this point in the history

  2. Allow formatting console output as a table.

    @GuySartorelli
    GuySartorelli committed May 31, 2022
    Copy the full SHA
    ad43746 View commit details
    Browse the repository at this point in the history

Commits on Jun 3, 2022

  1. Add audit command to check for security issues

    @GuySartorelli
    GuySartorelli committed Jun 3, 2022
    Copy the full SHA
    ddc4580 View commit details
    Browse the repository at this point in the history

Commits on Jun 8, 2022

  1. Add audit options to RemoveCommand.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    a2a7176 View commit details
    Browse the repository at this point in the history

  2. Add formats to audit format options for autocomplete.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    6be9e63 View commit details
    Browse the repository at this point in the history

  3. Don't fail installer commands for auditor transport errors

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    ac15082 View commit details
    Browse the repository at this point in the history

  4. Remove unnecessary colour from audit output

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    3465f33 View commit details
    Browse the repository at this point in the history

  5. Add new summary audit format to avoid spamming non-audit commands.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    f624169 View commit details
    Browse the repository at this point in the history

  6. Update reference to packagist.org

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    f60001b View commit details
    Browse the repository at this point in the history

  7. Add missing return type

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    f27d2c9 View commit details
    Browse the repository at this point in the history

  8. Use Loop to get HttpDownloader

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    c6743be View commit details
    Browse the repository at this point in the history

  9. Be more explicit about types that should be const values

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    d944147 View commit details
    Browse the repository at this point in the history

  10. Correctly check for advisories (not packages) before filtering

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    c4d7f81 View commit details
    Browse the repository at this point in the history

  11. Allow more time for slow connections to fetch advisories

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    c7534f7 View commit details
    Browse the repository at this point in the history

  12. Add --locked option to audit command. 

    Audit installed packages by default, and only audit packages in the lock
file if the new --locked option is true.
    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    f2a3627 View commit details
    Browse the repository at this point in the history

  13. Fix error where a non-existent property is used.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    473a4d3 View commit details
    Browse the repository at this point in the history

  14. Use canonical packages in installer audit.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    c3b1d54 View commit details
    Browse the repository at this point in the history

  15. Remove phpstan errors that no longer apply from the baseline

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    000c7f6 View commit details
    Browse the repository at this point in the history

  16. Avoid passing null to parse_str() (deprecated in php8.1)

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    e4f13d0 View commit details
    Browse the repository at this point in the history

  17. Allow any PackageInterface to be used for auditing.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    b722fd1 View commit details
    Browse the repository at this point in the history

  18. Remove unused use directives.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    cd97f8f View commit details
    Browse the repository at this point in the history

  19. use $format as an argument in audit() instead of a class property.

    @GuySartorelli
    GuySartorelli committed Jun 8, 2022
    Copy the full SHA
    bb87e3f View commit details
    Browse the repository at this point in the history

Commits on Jun 12, 2022

  1. Fix typo (remove double fullstop)

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    c75468d View commit details
    Browse the repository at this point in the history

  2. Pass in Composer object instead of creating a new one

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    20adbca View commit details
    Browse the repository at this point in the history

  3. Don't forward values that are already there by default.

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    59c49bf View commit details
    Browse the repository at this point in the history

  4. Correctly set audit format as required and pass autocomplete values

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    52a3a07 View commit details
    Browse the repository at this point in the history

  5. Adjust wording to be more consistent and grammatically correct.

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    04a95e3 View commit details
    Browse the repository at this point in the history

  6. Mark Auditor class as internal and make the URL const private.

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    7cc5039 View commit details
    Browse the repository at this point in the history

  7. Fix test now that URL const is private.

    @GuySartorelli
    GuySartorelli committed Jun 12, 2022
    Copy the full SHA
    9b5d59c View commit details
    Browse the repository at this point in the history