Fix transitive dependencies and add composer-require-checker CI (#35)

Co-authored-by: Sergei Predvoditelev <sergei@predvoditelev.ru>
yiisoft · Nov 3, 2023 · 61c5515 · 61c5515
1 parent 7b14b33
commit 61c5515
Show file tree

Hide file tree

Showing 9 changed files with 108 additions and 31 deletions.
diff --git a/.github/workflows/bc.yml b/.github/workflows/bc.yml
@@ -1,15 +1,33 @@
 on:
   pull_request:
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'infection.json.dist'
+      - 'phpunit.xml.dist'
+      - 'psalm.xml'
   push:
+    branches: ['master']
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'infection.json.dist'
+      - 'phpunit.xml.dist'
+      - 'psalm.xml'
 
 name: backwards compatibility
+
 jobs:
-    roave_bc_check:
-        name: Roave BC Check
-        runs-on: ubuntu-latest
-        steps:
-            - uses: actions/checkout@master
-            - name: fetch tags
-              run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
-            - name: Roave BC Check
-              uses: docker://nyholm/roave-bc-check-ga
+  roave_bc_check:
+    uses: yiisoft/actions/.github/workflows/bc.yml@master
+    with:
+      os: >-
+        ['ubuntu-latest']
+      php: >-
+        ['8.1']
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,6 +10,7 @@ on:
       - 'psalm.xml'
 
   push:
+    branches: ['master']
     paths-ignore:
       - 'docs/**'
       - 'README.md'
@@ -28,4 +29,4 @@ jobs:
       os: >-
         ['ubuntu-latest', 'windows-latest']
       php: >-
-        ['7.4', '8.0', '8.1']
+        ['7.4', '8.0', '8.1', '8.2']
diff --git a/.github/workflows/composer-require-checker.yml b/.github/workflows/composer-require-checker.yml
@@ -0,0 +1,34 @@
+on:
+  pull_request:
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'infection.json.dist'
+      - 'phpunit.xml.dist'
+      - 'psalm.xml'
+
+  push:
+    branches: ['master']
+    paths-ignore:
+      - 'docs/**'
+      - 'README.md'
+      - 'CHANGELOG.md'
+      - '.gitignore'
+      - '.gitattributes'
+      - 'infection.json.dist'
+      - 'phpunit.xml.dist'
+      - 'psalm.xml'
+
+name: Composer require checker
+
+jobs:
+  composer-require-checker:
+    uses: yiisoft/actions/.github/workflows/composer-require-checker.yml@master
+    with:
+      os: >-
+        ['ubuntu-latest']
+      php: >-
+        ['7.4', '8.0', '8.1', '8.2']
diff --git a/.github/workflows/mutation.yml b/.github/workflows/mutation.yml
@@ -9,6 +9,7 @@ on:
       - 'psalm.xml'
 
   push:
+    branches: ['master']
     paths-ignore:
       - 'docs/**'
       - 'README.md'

diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
@@ -10,6 +10,7 @@ on:
       - 'phpunit.xml.dist'
 
   push:
+    branches: ['master']
     paths-ignore:
       - 'docs/**'
       - 'README.md'
@@ -28,4 +29,4 @@ jobs:
       os: >-
         ['ubuntu-latest']
       php: >-
-        ['7.4', '8.0', '8.1']
+        ['7.4', '8.0', '8.1', '8.2']
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,13 +1,12 @@
-# Security Change Log
-
+# Yii Security Change Log
 
 ## 1.0.2 under development
 
-- no changes in this release.
+- Bug #35: Add missed `ext-hash` and `ext-openssl` dependencies (@vjik)
 
 ## 1.0.1 February 10, 2021
 
-- Chg: Update yiisoft/strings dependency (samdark)
+- Chg: Update `yiisoft/strings` dependency (@samdark)
 
 ## 1.0.0 November 1, 2020
 

diff --git a/README.md b/README.md
@@ -6,14 +6,6 @@
     <br>
 </p>
 
-Security package provides a set of classes to handle common security-related tasks:
-
-- Random values generation
-- Password hashing and validation
-- Encryption and decryption
-- Data tampering prevention
-- Masking token length
-
 [![Latest Stable Version](https://poser.pugx.org/yiisoft/security/v/stable.png)](https://packagist.org/packages/yiisoft/security)
 [![Total Downloads](https://poser.pugx.org/yiisoft/security/downloads.png)](https://packagist.org/packages/yiisoft/security)
 [![Build Status](https://github.com/yiisoft/security/workflows/build/badge.svg)](https://github.com/yiisoft/security/actions)
@@ -23,7 +15,30 @@ Security package provides a set of classes to handle common security-related tas
 [![static analysis](https://github.com/yiisoft/security/workflows/static%20analysis/badge.svg)](https://github.com/yiisoft/security/actions?query=workflow%3A%22static+analysis%22)
 [![type-coverage](https://shepherd.dev/github/yiisoft/security/coverage.svg)](https://shepherd.dev/github/yiisoft/security)
 
-## Random values generation
+Security package provides a set of classes to handle common security-related tasks:
+
+- Random values generation
+- Password hashing and validation
+- Encryption and decryption
+- Data tampering prevention
+- Masking token length
+
+## Requirements
+
+- PHP 8.0 or higher.
+- `hash` PHP extension.
+- `openssl` PHP extension.
+- `random` PHP extension.
+
+## Installation
+
+```
+composer require yiisoft/security
+```
+
+## General usage
+
+### Random values generation
 
 In order to generate a string that is 42 characters long use:
 
@@ -36,7 +51,7 @@ The following extras are available via PHP directly:
 - `random_bytes()` for bytes. Note that output may not be ASCII.
 - `random_int()` for integers.
 
-## Password hashing and validation
+### Password hashing and validation
 
 Working with passwords includes two steps. Saving password hashes:
 
@@ -56,7 +71,7 @@ $hash = getHash();
 $result = (new PasswordHasher())->validate($password, $hash); 
 ```
 
-## Encryption and decryption by password
+### Encryption and decryption by password
 
 Encrypting data:
 
@@ -76,7 +91,7 @@ $encryptedData = getEncryptedData();
 $data = (new Crypt())->decryptByPassword($encryptedData, $password);
 ```
 
-## Encryption and decryption by key
+### Encryption and decryption by key
 
 Encrypting data:
 
@@ -96,7 +111,7 @@ $encryptedData = getEncryptedData();
 $data = (new Crypt())->decryptByKey($encryptedData, $key);
 ```
 
-## Data tampering prevention
+### Data tampering prevention
 
 MAC signing could be used in order to prevent data tampering. The `$key` should be present at both sending and receiving
 sides. At the sending side:
@@ -119,7 +134,7 @@ try {
 }
 ```
 
-## Masking token length
+### Masking token length
 
 Masking a token helps to mitigate BREACH attack by randomizing how token outputted on each request.
 A random mask applied to the token making the string always unique.
@@ -136,11 +151,11 @@ In order to get original value from the masked one:
 $token = \Yiisoft\Security\TokenMask::remove($maskedToken);
 ```
 
-## Native PHP functionality
+### Native PHP functionality
 
 Additionally to this library methods, there is a set of handy native PHP methods.
 
-### Timing attack resistant string comparison
+#### Timing attack resistant string comparison
 
 Comparing strings as usual is not secure when dealing with user inputed passwords or key phrases. Usual string comparison
 return as soon as a difference between the strings is found so attacker could efficiently brute-force character by character

diff --git a/composer-require-checker.json b/composer-require-checker.json
@@ -0,0 +1,5 @@
+{
+    "symbol-whitelist": [
+        "random_bytes"
+    ]
+}
diff --git a/composer.json b/composer.json
@@ -25,9 +25,12 @@
     },
     "require": {
         "php": "^7.4|^8.0",
+        "ext-hash": "*",
+        "ext-openssl": "*",
         "yiisoft/strings": "^2.0"
     },
     "require-dev": {
+        "maglnet/composer-require-checker": "^3.8|^4.2",
         "phpunit/phpunit": "^9.5",
         "roave/infection-static-analysis-plugin": "^1.16",
         "spatie/phpunit-watcher": "^1.23",