Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Composer dependencies #24455

Merged
merged 5 commits into from Apr 23, 2019

Conversation

Projects
None yet
5 participants
@810
Copy link
Contributor

commented Apr 2, 2019

Pull Request for Issue #24442.

Summary of Changes

composer updates

Testing Instructions

Expected result

Actual result

Documentation Changes Required

Show resolved Hide resolved .gitignore Outdated
@HLeithner

This comment has been minimized.

Copy link
Member

commented Apr 3, 2019

Is it normal that we have the test classes in the autoloader?

e.x. Joomla\Session\Tests\StorageCase

@mbabker

This comment has been minimized.

Copy link
Member

commented Apr 3, 2019

It won't hurt anything. The problem is after you do a composer update more often than not the gitignored files are going to be in your local filesystem, so when Composer generates the autoloaders because the files exist they'll be included in the maps. Short of writing a script to execute at the pre-autoload-dump event to clean this up, you're not going to consistently fix this.

@mbabker

This comment has been minimized.

Copy link
Member

commented Apr 3, 2019

Just for reference, it's a little better with the 4.0 build script because that explicitly runs composer install --no-dev --no-autoloader then cleans out non-shipped files before running composer dump-autoload --no-dev --optimize, but it still relies on regular review of the Composer installation and updating the script's clean_checkout() function.

@HLeithner

This comment has been minimized.

Copy link
Member

commented Apr 3, 2019

thx for the info

@franz-wohlkoenig franz-wohlkoenig added J3 Issue and removed J3 Issue labels Apr 5, 2019

@franz-wohlkoenig franz-wohlkoenig changed the title [3.9] Update Composer dependencies Update Composer dependencies Apr 19, 2019

@HLeithner

This comment has been minimized.

Copy link
Member

commented Apr 23, 2019

@mbabker the phpmailer update prevent the use of urls in addAttachement, even this maybe would be a b/c break for us. I'm not sure show this function is exposed in joomla.

@HLeithner HLeithner self-assigned this Apr 23, 2019

@HLeithner HLeithner merged commit 99d71a8 into joomla:staging Apr 23, 2019

4 checks passed

Hound No violations found. Woof!
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/drone/pr the build was successful
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@HLeithner

This comment has been minimized.

Copy link
Member

commented Apr 23, 2019

thx

@HLeithner HLeithner added this to the Joomla 3.9.6 milestone Apr 23, 2019

@mbabker

This comment has been minimized.

Copy link
Member

commented Apr 23, 2019

You're going to have to review CVE-2018-19296 then as that's the reason URLs aren't allowed in that method.

@HLeithner

This comment has been minimized.

Copy link
Member

commented Apr 23, 2019

I already thought that this change is a security fix, thats the reason I merged it. Thx for the info.

tecpromotion added a commit to tecpromotion/joomla-cms that referenced this pull request May 23, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.