diff --git a/.circleci/config.yml b/.circleci/config.yml index 41d264f2bc..296232e409 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -18,9 +18,8 @@ test_74_steps: &test74steps steps: - checkout - run: cp .docker/zz-php.ini /usr/local/etc/php/conf.d/ - - run: composer -n require enlightn/security-checker --no-update - - run: composer -n update - run: mkdir -p /tmp/results + - run: composer -n install - run: composer -n lint - run: composer -n unit -- --log-junit /tmp/results/unit.junit.xml - run: composer -n functional -- --log-junit /tmp/results/functional.junit.xml @@ -34,7 +33,7 @@ test_74_steps: &test74steps version: 2.1 jobs: # Code style test: - # FAIL if code does not conform to PSR-2 conventions + # FAIL if code does not conform to code style conventions # PASS otherwise code_style: <<: *defaults @@ -104,7 +103,6 @@ jobs: - run: cp .docker/zz-php.ini /usr/local/etc/php/conf.d/ - run: composer -n require --dev drupal/core-recommended:9.2.8 --no-update - run: composer -n require symfony/polyfill-php80:"1.23 as 1.20" --no-update - - run: composer -n require enlightn/security-checker --no-update - run: php --version - run: composer -n update - run: composer -n phpunit -- --testsuite integration --filter=testInsecureDrupalPackage --stop-on-skipped diff --git a/appveyor.yml b/appveyor.yml index c4ba7c61bd..d2aecb76d1 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -55,7 +55,6 @@ install: - php -r "readfile('http://getcomposer.org/installer');" | php #Install dependencies via Composer - php composer.phar install --prefer-dist -n - - php composer.phar require enlightn/security-checker -n - SET PATH=%APPVEYOR_BUILD_FOLDER%;%APPVEYOR_BUILD_FOLDER%/vendor/bin;%PATH% # Uncomment this and on_finish line below to enable RDP into build machine https://www.appveyor.com/docs/how-to/rdp-to-build-worker/ # - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1')) diff --git a/composer.json b/composer.json index a198bb2f56..3fba5b5f7b 100644 --- a/composer.json +++ b/composer.json @@ -40,6 +40,7 @@ "consolidation/robo": "^3.0.9", "consolidation/site-alias": "^3.1.3", "consolidation/site-process": "^4.1.3 || ^5", + "enlightn/security-checker": "^1", "guzzlehttp/guzzle": "^6.3 || ^7.0", "league/container": "^3.4 || ^4", "psr/log": "~1.0", @@ -64,9 +65,6 @@ "vlucas/phpdotenv": "^2.4", "yoast/phpunit-polyfills": "^0.2.0" }, - "suggest": { - "enlightn/security-checker": "Required to use pm:security command" - }, "conflict": { "drupal/core": "< 9.2", "drupal/migrate_run": "*", diff --git a/composer.lock b/composer.lock index 9dbf028a4f..e005ec0ba1 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "b06e81c98217e3d47c958136a69c1a16", + "content-hash": "eb0314015a7d949f11cf54e1ceb56502", "packages": [ { "name": "chi-teck/drupal-code-generator", @@ -772,6 +772,72 @@ }, "time": "2021-08-13T13:06:58+00:00" }, + { + "name": "enlightn/security-checker", + "version": "v1.10.0", + "source": { + "type": "git", + "url": "https://github.com/enlightn/security-checker.git", + "reference": "196bacc76e7a72a63d0e1220926dbb190272db97" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/enlightn/security-checker/zipball/196bacc76e7a72a63d0e1220926dbb190272db97", + "reference": "196bacc76e7a72a63d0e1220926dbb190272db97", + "shasum": "" + }, + "require": { + "ext-json": "*", + "guzzlehttp/guzzle": "^6.3|^7.0", + "php": ">=5.6", + "symfony/console": "^3.4|^4|^5|^6", + "symfony/finder": "^3|^4|^5|^6", + "symfony/process": "^3.4|^4|^5|^6", + "symfony/yaml": "^3.4|^4|^5|^6" + }, + "require-dev": { + "ext-zip": "*", + "friendsofphp/php-cs-fixer": "^2.18|^3.0", + "phpunit/phpunit": "^5.5|^6|^7|^8|^9" + }, + "bin": [ + "security-checker" + ], + "type": "library", + "autoload": { + "psr-4": { + "Enlightn\\SecurityChecker\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Paras Malhotra", + "email": "paras@laravel-enlightn.com" + }, + { + "name": "Miguel Piedrafita", + "email": "soy@miguelpiedrafita.com" + } + ], + "description": "A PHP dependency vulnerabilities scanner based on the Security Advisories Database.", + "keywords": [ + "package", + "php", + "scanner", + "security", + "security advisories", + "vulnerability scanner" + ], + "support": { + "issues": "https://github.com/enlightn/security-checker/issues", + "source": "https://github.com/enlightn/security-checker/tree/v1.10.0" + }, + "time": "2022-02-21T22:40:16+00:00" + }, { "name": "grasmash/expander", "version": "2.0.1", @@ -8627,5 +8693,5 @@ "platform-overrides": { "php": "7.4" }, - "plugin-api-version": "2.2.0" + "plugin-api-version": "2.1.0" } diff --git a/src/Commands/pm/SecurityUpdateCommands.php b/src/Commands/pm/SecurityUpdateCommands.php index a8e778ba9f..208ffdf0c4 100644 --- a/src/Commands/pm/SecurityUpdateCommands.php +++ b/src/Commands/pm/SecurityUpdateCommands.php @@ -63,10 +63,6 @@ public static function composerLockPath(): string */ public function security(array $options = ['no-dev' => false]) { - if (!class_exists(SecurityChecker::class)) { - throw new \Exception("Enlightn\SecurityChecker not available. To use, run: composer require enlightn/security-checker"); - } - $security_advisories_composer_json = $this->fetchAdvisoryComposerJson(); $composer_lock_data = $this->loadSiteComposerLock(); $updates = $this->calculateSecurityUpdates($composer_lock_data, $security_advisories_composer_json, $options['no-dev']); diff --git a/tests/integration/SecurityUpdatesTest.php b/tests/integration/SecurityUpdatesTest.php index 78eec6c892..a38f8f6090 100644 --- a/tests/integration/SecurityUpdatesTest.php +++ b/tests/integration/SecurityUpdatesTest.php @@ -16,7 +16,6 @@ class SecurityUpdatesTest extends UnishIntegrationTestCase */ public function testInsecureDrupalPackage() { - $this->skipIfSecurityCheckerNotAvailable(); list($expected_package, $expected_version) = ['drupal/semver_example', '2.3.0']; $this->drush('pm:security', [], ['format' => 'json'], self::EXIT_ERROR_WITH_CLARITY); $this->assertStringContainsString('One or more of your dependencies has an outstanding security update.', $this->getErrorOutput()); @@ -41,7 +40,6 @@ public function testInsecureDrupalPackage() */ public function testNoInsecureProductionDrupalPackage() { - $this->skipIfSecurityCheckerNotAvailable(); $this->drush('pm:security', [], ['format' => 'json', 'no-dev' => true], self::EXIT_SUCCESS); $this->assertStringContainsString('There are no outstanding security updates for Drupal projects', $this->getErrorOutput()); } @@ -51,7 +49,6 @@ public function testNoInsecureProductionDrupalPackage() */ public function testInsecurePhpPackage() { - $this->skipIfSecurityCheckerNotAvailable(); $this->drush('pm:security-php', [], ['format' => 'json'], self::EXIT_ERROR_WITH_CLARITY); $this->assertStringContainsString('One or more of your dependencies has an outstanding security update.', $this->getErrorOutput()); $this->assertStringContainsString('Run composer why david-garcia/phpwhois', $this->getErrorOutput()); @@ -64,18 +61,7 @@ public function testInsecurePhpPackage() */ public function testNoInsecureProductionPhpPackage() { - $this->skipIfSecurityCheckerNotAvailable(); $this->drush('pm:security-php', [], ['format' => 'json', 'no-dev' => true], self::EXIT_SUCCESS); $this->assertStringContainsString('There are no outstanding security updates for your dependencies.', $this->getErrorOutput()); } - - /** - * Mark the test skipped if we don't expect enlightn/security-checker to be available. - */ - protected function skipIfSecurityCheckerNotAvailable() - { - if ($this->isDrupalGreaterThanOrEqualTo('10.0.0@dev')) { - $this->markTestSkipped('enlightn/security-checker not yet available for Drupal 10.'); - } - } }