[SECURITY] Update composer and psr7 to unaffected versions
#553
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CGL | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - '**' | |
| jobs: | |
| cgl: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| # Prepare environment | |
| - name: Setup PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| php-version: 8.1 | |
| tools: composer:v2, composer-require-checker, composer-unused | |
| # Validation | |
| - name: Validate composer.json | |
| run: composer validate --no-check-lock | |
| # Install dependencies | |
| - name: Add required packages | |
| run: composer require composer/composer:"^1.7 || ^2.0" composer/semver:"^1.0 || ^2.0 || ^3.0" --no-update | |
| - name: Install Composer dependencies | |
| uses: ramsey/composer-install@v2 | |
| with: | |
| dependency-versions: highest | |
| # Check Composer dependencies | |
| - name: Check dependencies | |
| run: composer-require-checker check | |
| - name: Reset composer.json | |
| run: git checkout composer.json composer.lock | |
| - name: Re-install Composer dependencies | |
| uses: ramsey/composer-install@v2 | |
| - name: Check for unused dependencies | |
| run: composer-unused | |
| # Linting | |
| - name: Lint composer.json | |
| run: composer lint:composer -- --dry-run | |
| - name: Lint .editorconfig | |
| run: vendor/bin/ec --git-only | |
| - name: Lint PHP | |
| run: composer lint:php -- --dry-run | |
| # SCA | |
| - name: SCA PHP | |
| run: composer sca:php -- --error-format github |