Composer 2.7.7 & Security Audit by Cure53 funded by Alpha-Omega
Today we’re releasing Composer 2.7.7 (PHP 7.2+) and 2.2.24 (LTS for use on PHP 5.3 to 7.1) to address two security vulnerabilities as well as a number of smaller security hardening measures, please update to the new versions immediately (e.g. with composer self-update ). The problems detailed in this post were identified by security firm Cure53 as part of an audit performed over the last weeks on
Securing Developer Tools: A New Supply Chain Attack on PHP
Key facts Sonar discovered and responsibly disclosed a critical vulnerability in Packagist, a central component of the PHP supply chain, to help secure developer tools. This vulnerability allows gaining control of Packagist. It is used by the PHP package manager Composer to determine and download software dependencies that are included by developers in their projects. Virtually all organizations r
Composerプラグインを作ってみよう /phpcon2016
PHPカンファレンス2016 トラック1 の発表資料です。
Composer 2.0 新機能概論 / New feature introduction of Composer 2.0
2021/10/03 PHPカンファレンス 2021のトークで使用したスライドです
Composer 2.0 is now available!
1/ What's new?The list of changes and improvements is long, check the complete changelog if you are interested in reading it all. I will highlight a few key points here. Performance improvementsWe overhauled pretty much everything from the protocol used between Composer and packagist.org to the dependency resolution, including downloading files in parallel using curl and constraint evaluation opti
Composer 2: What's new and changed
Composer, PHP dependency manager was released about 8 years ago, and its second major version is just around the corner. Over the years, Composer received many new features, and kept up with PHP standards. Composer version 2 will be mostly compatible with your existing workflows, while bringing some more great new features. Faster download times One of the most noticeable changes would be its perf
Composerを自動的にダウンロードする — A Day in Serenity (Reloaded) — PHP, CodeIgniter, FuelPHP, Linux or something
Composerの公式なダウンロード方法 現在、Composerのダウンロード方法は、 https://getcomposer.org/download/ にありますが、以下のようになっています。 php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('SHA384', 'composer-setup.php') === 'bf16ac69bd8b807bc6e4499b28968ee87456e29a3894767b60c2d4dafa3d10d045ffef2aeb2e78827fa5f024fbe93ca2') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlin
Composerのpre-install-cmd、post-install-cmdの仕様が変わっていた — A Day in Serenity (Reloaded) — PHP, CodeIgniter, FuelPHP, Linux or something
Composerのpre-install-cmd、post-install-cmdの仕様が変わっていた たまに仕様が変わって動かなくComposerですが、1か月ほど前にまた仕様変更があったようです。 Before, running install without a lock file did an install that was almost an update, but still ran the pre/post-install-cmd scripts. Now we normalized it to actually run an update and fire pre/post-update-cmd, because that's what it is doing. If you have a lock file though it will run install as b
You are running composer with xdebug enabled. This has a major impact on runtime performance.対策 - Qiita
You are running composer with xdebug enabled. This has a major impact on runtime performance.対策PHPxdebugComposer 新しい記事「必要な時にのみxdebugをオン」を投稿しました(2017/05/19) Composer 1.3.0 - https://github.com/composer/composer/blob/1.3.0/CHANGELOG.md Fixed ext-xdebug not being require-able anymore due to automatic xdebug disabling 自動で無効化されるようになったので、ユーザー側のワークアラウンドはもはや不要になったようです。 以上はコメント欄で@tadsanさんが教えてくれた内容です。 compo
tokenを聞かれFuelPHP 1.7.3がうまくインストールできない場合 — A Day in Serenity (Reloaded) — PHP, CodeIgniter, FuelPHP, Linux or something
FuelPHP 1.7.3をインストールしようとすると以下のようにトークンを聞かれることがあります。 Could not fetch https://api.github.com/repos/fuel/auth/git/refs/heads?per_page=100, please create a GitHub OAuth token to go over the API rate limit Head to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+<servername>+2015-06-26+0933 to retrieve a token. It will be stored in "/home/<username>/.composer/auth.json" for fut
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Composer 2.4 Release
依存ライブラリの定期的な更新のためにRenovateを導入・運用する / phperkaigi2022
Composer 2.0って何?
どう変わるの?
読んでみました! / lets-read-composer2!
#phperkaigi 作って遊ぼう!Composer Plugin
ComposerとInterfaceとDIを使って業務内のコードを外部公開する
Install Composer Dependencies · Actions · GitHub Marketplace · GitHub
GitAttributes for PHP Composer Projects
GitHub - ttskch/WordPress.Skeleton: Composer based WordPress project skeleton.
GitHub - koriym/Koriym.PhpSkeleton: CI ready PHP project skeleton
Composer Cache Injection vulnerability - CVE-2015-8371 — Flyingmanas little World