From e2536f1a571ee505774912bbb361fad220f719f7 Mon Sep 17 00:00:00 2001 From: Ryan Rathsam Date: Wed, 31 Jul 2024 15:48:21 -0400 Subject: [PATCH] Updating Silex to the latest version 2.3.0 - There are a number of outstanding Dependabot alerts on our symfony/* dependencies from our current version of Silex. This update resolves all of them. - There are three outstanding SimpleSAMLPHP CVEs that we are unable to address via simply upgrading to a fixed version. Therefor to remediate these threats I've included patches that will be applied in the pre-build step of RPM generation ( `open_xdmod/modules/xdmod/build.json` ). Below is a list of the CVE's, the corresponding fix in SimpleSAMLPHP's github repo, the patch file to resolve the CVE and any notes. - CVE-2020-5301: Information disclosure of source code in SimpleSAMLphp. - GitHub: https://github.com/simplesamlphp/simplesamlphp/commit/47968d26a2fd3ed52da70dc09210921d612ce44e - `open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5031.diff` - Notes: The file that is patched in the original commit does not exist in our version of the library so I identified the equivalent file in our library, `www/errorreport.php`, and updated that instead. - CVE-2020-5225: Log injection in SimpleSAMLphp - Github: https://github.com/simplesamlphp/simplesamlphp/commit/46238517757c123ec014681a1c96cd13a8420abe - `open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.diff` - `open_xdmod/modules/xdmod/assets/setup.sh` - removing lines that are either no longer accurate ( echo ) or commented out ( composer install ) - `open_xdmod/modules/xdmod/build.json` - Since the build process happens twice during a CI build, once during the initial build and again during the qa tests for the build test, and we are patching files in vendor/simplesamlphp/simplesamlphp we need to make sure that we start fresh for each build. - `tests/ci/qa-test-setup.sh` - Added some code to capture the `COMPOSER` env variable before changing it so that we can reset it to the original value after the qa setup process is done. --- .circleci/config.yml | 2 +- .../Controllers/BaseControllerProvider.php | 2 +- classes/Rest/XdmodApplicationFactory.php | 9 +- composer.json | 4 +- composer.lock | 1442 ++++++++++++++--- open_xdmod/modules/xdmod/assets/setup.sh | 6 +- .../assets/simplesamlphp-CVE-2020-5225.patch | 15 + .../assets/simplesamlphp-CVE-2020-5301.patch | 22 + .../simplesamlphp-SSPSA_201907-01_HTTP.patch | 36 + ...samlphp-SSPSA_201907-01_postredirect.patch | 5 + open_xdmod/modules/xdmod/build.json | 6 + tests/ci/scripts/qa-test-setup.sh | 3 + 12 files changed, 1272 insertions(+), 280 deletions(-) create mode 100644 open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.patch create mode 100644 open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5301.patch create mode 100644 open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_HTTP.patch create mode 100644 open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_postredirect.patch diff --git a/.circleci/config.yml b/.circleci/config.yml index 9c49714f0a..c7f9131f56 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -43,7 +43,7 @@ jobs: command: dnf install -y php libzip-devel php-pear php-devel - run: name: Install MongoDB Pear module - command: yes '' | pecl install mongodb || true + command: yes '' | pecl install mongodb-1.19.3 || true - run: name: install the composer dependencies command: composer install diff --git a/classes/Rest/Controllers/BaseControllerProvider.php b/classes/Rest/Controllers/BaseControllerProvider.php index bf3ba0d75b..01cd548a4b 100644 --- a/classes/Rest/Controllers/BaseControllerProvider.php +++ b/classes/Rest/Controllers/BaseControllerProvider.php @@ -8,7 +8,7 @@ use Rest\Utilities\Authorization; use Silex\Application; use Silex\ControllerCollection; -use Silex\ControllerProviderInterface; +use Silex\Api\ControllerProviderInterface; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\ResponseHeaderBag; diff --git a/classes/Rest/XdmodApplicationFactory.php b/classes/Rest/XdmodApplicationFactory.php index 9e02192bad..abd85184c2 100644 --- a/classes/Rest/XdmodApplicationFactory.php +++ b/classes/Rest/XdmodApplicationFactory.php @@ -7,7 +7,6 @@ use Rest\Controllers\BaseControllerProvider; use Rest\Utilities\Authentication; use Silex\Application; -use Silex\Provider\UrlGeneratorServiceProvider; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; @@ -64,7 +63,7 @@ public static function getInstance() $app['debug'] = filter_var(\xd_utilities\getConfiguration('general', 'debug_mode'), FILTER_VALIDATE_BOOLEAN); // REGISTER: a URL Generator. - $app->register(new UrlGeneratorServiceProvider()); + $app->register(new \Silex\Provider\RoutingServiceProvider()); // SET: the regex that will be used to filter the API_SYMBOL in a route. // in this case we're using it as our base url. @@ -74,14 +73,14 @@ public static function getInstance() // representing the latest version. $app['controllers']->value(self::API_SYMBOL, 'latest'); - $app['logger.db'] = $app->share(function () { + $app['logger.db'] = function () { return \CCR\Log::factory('rest.logger.db', array( 'console' => false, 'file' => false, 'mail' => false, 'dbLogLevel' => \CCR\Log::INFO )); - }); + }; $app->before(function (Request $request, Application $app) { $request->attributes->set('timing.start', microtime(true)); @@ -226,7 +225,7 @@ public static function getInstance() } // SETUP: error handler - $app->error(function (\Exception $e, $code) use ($app) { + $app->error(function (\Exception $e, Request $request, $code) { if($code == 405 && strtoupper($_SERVER['REQUEST_METHOD']) === 'OPTIONS' && array_key_exists('HTTP_ORIGIN', $_SERVER)){ try { $corsDomains = \xd_utilities\getConfiguration('cors', 'domains'); diff --git a/composer.json b/composer.json index ae2507e5cf..0892044779 100644 --- a/composer.json +++ b/composer.json @@ -16,7 +16,7 @@ "phpmailer/phpmailer": "~6.9", "robrichards/xmlseclibs": "~3.0", "sencha/extjs-gpl": "3.4.*", - "silex/silex": "~1.2", + "silex/silex": "v2.3.0", "simplesamlphp/simplesamlphp": "^1.16", "symfony/polyfill-php56": "~1.11", "symfony/process": "~2.0", @@ -30,7 +30,7 @@ "kassner/log-parser": "~1.5", "geoip2/geoip2": "~2.0", "ua-parser/uap-php": "^3.9", - "mongodb/mongodb": "^1.14" + "mongodb/mongodb": "^1.19.0" }, "require-dev": { "phpunit/phpunit": "^9.0", diff --git a/composer.lock b/composer.lock index b5a347f3eb..44c3d224d5 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "5f9252fd6ac55fb122f7fda10801f35a", + "content-hash": "8789b2923f0d6149424c74579b7b3e8e", "packages": [ { "name": "composer/ca-bundle", @@ -1530,30 +1530,34 @@ }, { "name": "pimple/pimple", - "version": "v1.1.1", + "version": "v3.5.0", "source": { "type": "git", "url": "https://github.com/silexphp/Pimple.git", - "reference": "2019c145fe393923f3441b23f29bbdfaa5c58c4d" + "reference": "a94b3a4db7fb774b3d78dad2315ddc07629e1bed" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/silexphp/Pimple/zipball/2019c145fe393923f3441b23f29bbdfaa5c58c4d", - "reference": "2019c145fe393923f3441b23f29bbdfaa5c58c4d", + "url": "https://api.github.com/repos/silexphp/Pimple/zipball/a94b3a4db7fb774b3d78dad2315ddc07629e1bed", + "reference": "a94b3a4db7fb774b3d78dad2315ddc07629e1bed", "shasum": "" }, "require": { - "php": ">=5.3.0" + "php": ">=7.2.5", + "psr/container": "^1.1 || ^2.0" + }, + "require-dev": { + "symfony/phpunit-bridge": "^5.4@dev" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.1.x-dev" + "dev-master": "3.4.x-dev" } }, "autoload": { "psr-0": { - "Pimple": "lib/" + "Pimple": "src/" } }, "notification-url": "https://packagist.org/downloads/", @@ -1566,17 +1570,16 @@ "email": "fabien@symfony.com" } ], - "description": "Pimple is a simple Dependency Injection Container for PHP 5.3", - "homepage": "http://pimple.sensiolabs.org", + "description": "Pimple, a simple Dependency Injection Container", + "homepage": "https://pimple.symfony.com", "keywords": [ "container", "dependency injection" ], "support": { - "issues": "https://github.com/silexphp/Pimple/issues", - "source": "https://github.com/silexphp/Pimple/tree/v1.1.1" + "source": "https://github.com/silexphp/Pimple/tree/v3.5.0" }, - "time": "2013-11-22T08:30:29+00:00" + "time": "2021-10-28T11:13:42+00:00" }, { "name": "plotly/plotly", @@ -1598,6 +1601,59 @@ ], "homepage": "https://github.com/plotly/plotly.js" }, + { + "name": "psr/container", + "version": "2.0.2", + "source": { + "type": "git", + "url": "https://github.com/php-fig/container.git", + "reference": "c71ecc56dfe541dbd90c5360474fbc405f8d5963" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/container/zipball/c71ecc56dfe541dbd90c5360474fbc405f8d5963", + "reference": "c71ecc56dfe541dbd90c5360474fbc405f8d5963", + "shasum": "" + }, + "require": { + "php": ">=7.4.0" + }, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "2.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Container\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common Container Interface (PHP FIG PSR-11)", + "homepage": "https://github.com/php-fig/container", + "keywords": [ + "PSR-11", + "container", + "container-interface", + "container-interop", + "psr" + ], + "support": { + "issues": "https://github.com/php-fig/container/issues", + "source": "https://github.com/php-fig/container/tree/2.0.2" + }, + "time": "2021-11-05T16:47:00+00:00" + }, { "name": "psr/log", "version": "1.1.4", @@ -1712,53 +1768,62 @@ }, { "name": "silex/silex", - "version": "v1.3.6", + "version": "v2.3.0", "source": { "type": "git", "url": "https://github.com/silexphp/Silex.git", - "reference": "ff8aa6bc2e066e14b07e0c63e9bd9dd1458af136" + "reference": "6bc31c1b8c4ef614a7115320fd2d3b958032f131" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/silexphp/Silex/zipball/ff8aa6bc2e066e14b07e0c63e9bd9dd1458af136", - "reference": "ff8aa6bc2e066e14b07e0c63e9bd9dd1458af136", + "url": "https://api.github.com/repos/silexphp/Silex/zipball/6bc31c1b8c4ef614a7115320fd2d3b958032f131", + "reference": "6bc31c1b8c4ef614a7115320fd2d3b958032f131", "shasum": "" }, "require": { - "php": ">=5.3.9", - "pimple/pimple": "~1.0", - "symfony/event-dispatcher": "~2.3|3.0.*", - "symfony/http-foundation": "~2.3|3.0.*", - "symfony/http-kernel": "~2.3|3.0.*", - "symfony/routing": "~2.3|3.0.*" + "php": ">=7.1.3", + "pimple/pimple": "^3.0", + "symfony/event-dispatcher": "^4.0", + "symfony/http-foundation": "^4.0", + "symfony/http-kernel": "^4.0", + "symfony/routing": "^4.0" + }, + "replace": { + "silex/api": "self.version", + "silex/providers": "self.version" }, "require-dev": { - "doctrine/dbal": "~2.2", + "doctrine/dbal": "^2.2", "monolog/monolog": "^1.4.1", - "swiftmailer/swiftmailer": "~5", - "symfony/browser-kit": "~2.3|3.0.*", - "symfony/config": "~2.3|3.0.*", - "symfony/css-selector": "~2.3|3.0.*", - "symfony/debug": "~2.3|3.0.*", - "symfony/dom-crawler": "~2.3|3.0.*", - "symfony/finder": "~2.3|3.0.*", - "symfony/form": "~2.3|3.0.*", - "symfony/intl": "~2.3|3.0.*", - "symfony/monolog-bridge": "~2.3|3.0.*", - "symfony/options-resolver": "~2.3|3.0.*", - "symfony/phpunit-bridge": "~2.7", - "symfony/process": "~2.3|3.0.*", - "symfony/security": "~2.3|3.0.*", - "symfony/serializer": "~2.3|3.0.*", - "symfony/translation": "~2.3|3.0.*", - "symfony/twig-bridge": "~2.3|3.0.*", - "symfony/validator": "~2.3|3.0.*", - "twig/twig": "~1.28|~2.0" + "swiftmailer/swiftmailer": "^5", + "symfony/asset": "^4.0", + "symfony/browser-kit": "^4.0", + "symfony/config": "^4.0", + "symfony/css-selector": "^4.0", + "symfony/debug": "^4.0", + "symfony/doctrine-bridge": "^4.0", + "symfony/dom-crawler": "^4.0", + "symfony/expression-language": "^4.0", + "symfony/finder": "^4.0", + "symfony/form": "^4.0", + "symfony/intl": "^4.0", + "symfony/monolog-bridge": "^4.0", + "symfony/options-resolver": "^4.0", + "symfony/phpunit-bridge": "^3.2", + "symfony/process": "^4.0", + "symfony/security": "^4.0", + "symfony/serializer": "^4.0", + "symfony/translation": "^4.0", + "symfony/twig-bridge": "^4.0", + "symfony/validator": "^4.0", + "symfony/var-dumper": "^4.0", + "symfony/web-link": "^4.0", + "twig/twig": "^2.0" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.3.x-dev" + "dev-master": "2.3.x-dev" } }, "autoload": { @@ -1787,10 +1852,10 @@ ], "support": { "issues": "https://github.com/silexphp/Silex/issues", - "source": "https://github.com/silexphp/Silex/tree/1.3" + "source": "https://github.com/silexphp/Silex/tree/v2.3.0" }, "abandoned": "symfony/flex", - "time": "2017-04-30T16:26:54+00:00" + "time": "2018-04-20T05:17:01+00:00" }, { "name": "simplesamlphp/assert", @@ -2032,27 +2097,27 @@ }, { "name": "symfony/debug", - "version": "v3.4.47", + "version": "v4.4.44", "source": { "type": "git", "url": "https://github.com/symfony/debug.git", - "reference": "ab42889de57fdfcfcc0759ab102e2fd4ea72dcae" + "reference": "1a692492190773c5310bc7877cb590c04c2f05be" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/debug/zipball/ab42889de57fdfcfcc0759ab102e2fd4ea72dcae", - "reference": "ab42889de57fdfcfcc0759ab102e2fd4ea72dcae", + "url": "https://api.github.com/repos/symfony/debug/zipball/1a692492190773c5310bc7877cb590c04c2f05be", + "reference": "1a692492190773c5310bc7877cb590c04c2f05be", "shasum": "" }, "require": { - "php": "^5.5.9|>=7.0.8", - "psr/log": "~1.0" + "php": ">=7.1.3", + "psr/log": "^1|^2|^3" }, "conflict": { - "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2" + "symfony/http-kernel": "<3.4" }, "require-dev": { - "symfony/http-kernel": "~2.8|~3.0|~4.0" + "symfony/http-kernel": "^3.4|^4.0|^5.0" }, "type": "library", "autoload": { @@ -2077,10 +2142,10 @@ "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony Debug Component", + "description": "Provides tools to ease debugging PHP code", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/debug/tree/v3.4.47" + "source": "https://github.com/symfony/debug/tree/v4.4.44" }, "funding": [ { @@ -2097,48 +2162,38 @@ } ], "abandoned": "symfony/error-handler", - "time": "2020-10-24T10:57:07+00:00" + "time": "2022-07-28T16:29:46+00:00" }, { - "name": "symfony/event-dispatcher", - "version": "v3.0.9", + "name": "symfony/deprecation-contracts", + "version": "v2.5.3", "source": { "type": "git", - "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "54da3ff63dec3c9c0e32ec3f95a7d94ef64baa00" + "url": "https://github.com/symfony/deprecation-contracts.git", + "reference": "80d075412b557d41002320b96a096ca65aa2c98d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/54da3ff63dec3c9c0e32ec3f95a7d94ef64baa00", - "reference": "54da3ff63dec3c9c0e32ec3f95a7d94ef64baa00", + "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/80d075412b557d41002320b96a096ca65aa2c98d", + "reference": "80d075412b557d41002320b96a096ca65aa2c98d", "shasum": "" }, "require": { - "php": ">=5.5.9" - }, - "require-dev": { - "psr/log": "~1.0", - "symfony/config": "~2.8|~3.0", - "symfony/dependency-injection": "~2.8|~3.0", - "symfony/expression-language": "~2.8|~3.0", - "symfony/stopwatch": "~2.8|~3.0" - }, - "suggest": { - "symfony/dependency-injection": "", - "symfony/http-kernel": "" + "php": ">=7.1" }, "type": "library", "extra": { "branch-alias": { - "dev-master": "3.0-dev" + "dev-main": "2.5-dev" + }, + "thanks": { + "name": "symfony/contracts", + "url": "https://github.com/symfony/contracts" } }, "autoload": { - "psr-4": { - "Symfony\\Component\\EventDispatcher\\": "" - }, - "exclude-from-classmap": [ - "/Tests/" + "files": [ + "function.php" ] }, "notification-url": "https://packagist.org/downloads/", @@ -2147,51 +2202,63 @@ ], "authors": [ { - "name": "Fabien Potencier", - "email": "fabien@symfony.com" + "name": "Nicolas Grekas", + "email": "p@tchwork.com" }, { "name": "Symfony Community", "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony EventDispatcher Component", + "description": "A generic function and convention to trigger deprecation notices", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/event-dispatcher/tree/3.0" + "source": "https://github.com/symfony/deprecation-contracts/tree/v2.5.3" }, - "time": "2016-07-19T10:44:15+00:00" + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-01-24T14:02:46+00:00" }, { - "name": "symfony/http-foundation", - "version": "v3.0.9", + "name": "symfony/error-handler", + "version": "v4.4.44", "source": { "type": "git", - "url": "https://github.com/symfony/http-foundation.git", - "reference": "49ba00f8ede742169cb6b70abe33243f4d673f82" + "url": "https://github.com/symfony/error-handler.git", + "reference": "be731658121ef2d8be88f3a1ec938148a9237291" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-foundation/zipball/49ba00f8ede742169cb6b70abe33243f4d673f82", - "reference": "49ba00f8ede742169cb6b70abe33243f4d673f82", + "url": "https://api.github.com/repos/symfony/error-handler/zipball/be731658121ef2d8be88f3a1ec938148a9237291", + "reference": "be731658121ef2d8be88f3a1ec938148a9237291", "shasum": "" }, "require": { - "php": ">=5.5.9", - "symfony/polyfill-mbstring": "~1.1" + "php": ">=7.1.3", + "psr/log": "^1|^2|^3", + "symfony/debug": "^4.4.5", + "symfony/var-dumper": "^4.4|^5.0" }, "require-dev": { - "symfony/expression-language": "~2.8|~3.0" + "symfony/http-kernel": "^4.4|^5.0", + "symfony/serializer": "^4.4|^5.0" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "3.0-dev" - } - }, "autoload": { "psr-4": { - "Symfony\\Component\\HttpFoundation\\": "" + "Symfony\\Component\\ErrorHandler\\": "" }, "exclude-from-classmap": [ "/Tests/" @@ -2211,72 +2278,71 @@ "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony HttpFoundation Component", + "description": "Provides tools to manage errors and ease debugging PHP code", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/http-foundation/tree/3.0" + "source": "https://github.com/symfony/error-handler/tree/v4.4.44" }, - "time": "2016-07-17T13:54:30+00:00" + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2022-07-28T16:29:46+00:00" }, { - "name": "symfony/http-kernel", - "version": "v3.0.9", + "name": "symfony/event-dispatcher", + "version": "v4.4.44", "source": { "type": "git", - "url": "https://github.com/symfony/http-kernel.git", - "reference": "d97ba4425e36e79c794e7d14ff36f00f081b37b3" + "url": "https://github.com/symfony/event-dispatcher.git", + "reference": "1e866e9e5c1b22168e0ce5f0b467f19bba61266a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-kernel/zipball/d97ba4425e36e79c794e7d14ff36f00f081b37b3", - "reference": "d97ba4425e36e79c794e7d14ff36f00f081b37b3", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/1e866e9e5c1b22168e0ce5f0b467f19bba61266a", + "reference": "1e866e9e5c1b22168e0ce5f0b467f19bba61266a", "shasum": "" }, "require": { - "php": ">=5.5.9", - "psr/log": "~1.0", - "symfony/debug": "~2.8|~3.0", - "symfony/event-dispatcher": "~2.8|~3.0", - "symfony/http-foundation": "~2.8.8|~3.0.8|~3.1.2|~3.2" + "php": ">=7.1.3", + "symfony/event-dispatcher-contracts": "^1.1", + "symfony/polyfill-php80": "^1.16" }, "conflict": { - "symfony/config": "<2.8" + "symfony/dependency-injection": "<3.4" + }, + "provide": { + "psr/event-dispatcher-implementation": "1.0", + "symfony/event-dispatcher-implementation": "1.1" }, "require-dev": { - "symfony/browser-kit": "~2.8|~3.0", - "symfony/class-loader": "~2.8|~3.0", - "symfony/config": "~2.8|~3.0", - "symfony/console": "~2.8|~3.0", - "symfony/css-selector": "~2.8|~3.0", - "symfony/dependency-injection": "~2.8|~3.0", - "symfony/dom-crawler": "~2.8|~3.0", - "symfony/expression-language": "~2.8|~3.0", - "symfony/finder": "~2.8|~3.0", - "symfony/process": "~2.8|~3.0", - "symfony/routing": "~2.8|~3.0", - "symfony/stopwatch": "~2.8|~3.0", - "symfony/templating": "~2.8|~3.0", - "symfony/translation": "~2.8|~3.0", - "symfony/var-dumper": "~2.8|~3.0" + "psr/log": "^1|^2|^3", + "symfony/config": "^3.4|^4.0|^5.0", + "symfony/dependency-injection": "^3.4|^4.0|^5.0", + "symfony/error-handler": "~3.4|~4.4", + "symfony/expression-language": "^3.4|^4.0|^5.0", + "symfony/http-foundation": "^3.4|^4.0|^5.0", + "symfony/service-contracts": "^1.1|^2", + "symfony/stopwatch": "^3.4|^4.0|^5.0" }, "suggest": { - "symfony/browser-kit": "", - "symfony/class-loader": "", - "symfony/config": "", - "symfony/console": "", "symfony/dependency-injection": "", - "symfony/finder": "", - "symfony/var-dumper": "" + "symfony/http-kernel": "" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "3.0-dev" - } - }, "autoload": { "psr-4": { - "Symfony\\Component\\HttpKernel\\": "" + "Symfony\\Component\\EventDispatcher\\": "" }, "exclude-from-classmap": [ "/Tests/" @@ -2296,49 +2362,61 @@ "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony HttpKernel Component", + "description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/http-kernel/tree/3.0" + "source": "https://github.com/symfony/event-dispatcher/tree/v4.4.44" }, - "time": "2016-07-30T09:10:37+00:00" + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2022-07-20T09:59:04+00:00" }, { - "name": "symfony/polyfill-ctype", - "version": "v1.29.0", + "name": "symfony/event-dispatcher-contracts", + "version": "v1.10.0", "source": { "type": "git", - "url": "https://github.com/symfony/polyfill-ctype.git", - "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4" + "url": "https://github.com/symfony/event-dispatcher-contracts.git", + "reference": "761c8b8387cfe5f8026594a75fdf0a4e83ba6974" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4", - "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4", + "url": "https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/761c8b8387cfe5f8026594a75fdf0a4e83ba6974", + "reference": "761c8b8387cfe5f8026594a75fdf0a4e83ba6974", "shasum": "" }, "require": { - "php": ">=7.1" - }, - "provide": { - "ext-ctype": "*" + "php": ">=7.1.3" }, "suggest": { - "ext-ctype": "For best performance" + "psr/event-dispatcher": "", + "symfony/event-dispatcher-implementation": "" }, "type": "library", "extra": { + "branch-alias": { + "dev-main": "1.1-dev" + }, "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "name": "symfony/contracts", + "url": "https://github.com/symfony/contracts" } }, "autoload": { - "files": [ - "bootstrap.php" - ], "psr-4": { - "Symfony\\Polyfill\\Ctype\\": "" + "Symfony\\Contracts\\EventDispatcher\\": "" } }, "notification-url": "https://packagist.org/downloads/", @@ -2347,24 +2425,26 @@ ], "authors": [ { - "name": "Gert de Pagter", - "email": "BackEndTea@gmail.com" + "name": "Nicolas Grekas", + "email": "p@tchwork.com" }, { "name": "Symfony Community", "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony polyfill for ctype functions", + "description": "Generic abstractions related to dispatching event", "homepage": "https://symfony.com", "keywords": [ - "compatibility", - "ctype", - "polyfill", - "portable" + "abstractions", + "contracts", + "decoupling", + "interfaces", + "interoperability", + "standards" ], "support": { - "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0" + "source": "https://github.com/symfony/event-dispatcher-contracts/tree/v1.10.0" }, "funding": [ { @@ -2380,44 +2460,41 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2022-07-20T09:59:04+00:00" }, { - "name": "symfony/polyfill-mbstring", - "version": "v1.29.0", + "name": "symfony/http-client-contracts", + "version": "v2.5.3", "source": { "type": "git", - "url": "https://github.com/symfony/polyfill-mbstring.git", - "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec" + "url": "https://github.com/symfony/http-client-contracts.git", + "reference": "e5cc97c2b4a4db0ba26bebc154f1426e3fd1d2f1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec", - "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec", + "url": "https://api.github.com/repos/symfony/http-client-contracts/zipball/e5cc97c2b4a4db0ba26bebc154f1426e3fd1d2f1", + "reference": "e5cc97c2b4a4db0ba26bebc154f1426e3fd1d2f1", "shasum": "" }, "require": { - "php": ">=7.1" - }, - "provide": { - "ext-mbstring": "*" + "php": ">=7.2.5" }, "suggest": { - "ext-mbstring": "For best performance" + "symfony/http-client-implementation": "" }, "type": "library", "extra": { + "branch-alias": { + "dev-main": "2.5-dev" + }, "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" + "name": "symfony/contracts", + "url": "https://github.com/symfony/contracts" } }, "autoload": { - "files": [ - "bootstrap.php" - ], "psr-4": { - "Symfony\\Polyfill\\Mbstring\\": "" + "Symfony\\Contracts\\HttpClient\\": "" } }, "notification-url": "https://packagist.org/downloads/", @@ -2434,17 +2511,18 @@ "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony polyfill for the Mbstring extension", + "description": "Generic abstractions related to HTTP clients", "homepage": "https://symfony.com", "keywords": [ - "compatibility", - "mbstring", - "polyfill", - "portable", - "shim" + "abstractions", + "contracts", + "decoupling", + "interfaces", + "interoperability", + "standards" ], "support": { - "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0" + "source": "https://github.com/symfony/http-client-contracts/tree/v2.5.3" }, "funding": [ { @@ -2460,34 +2538,40 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-03-26T19:42:53+00:00" }, { - "name": "symfony/polyfill-php56", - "version": "v1.20.0", + "name": "symfony/http-foundation", + "version": "v4.4.49", "source": { "type": "git", - "url": "https://github.com/symfony/polyfill-php56.git", - "reference": "54b8cd7e6c1643d78d011f3be89f3ef1f9f4c675" + "url": "https://github.com/symfony/http-foundation.git", + "reference": "191413c7b832c015bb38eae963f2e57498c3c173" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/54b8cd7e6c1643d78d011f3be89f3ef1f9f4c675", - "reference": "54b8cd7e6c1643d78d011f3be89f3ef1f9f4c675", + "url": "https://api.github.com/repos/symfony/http-foundation/zipball/191413c7b832c015bb38eae963f2e57498c3c173", + "reference": "191413c7b832c015bb38eae963f2e57498c3c173", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.1.3", + "symfony/mime": "^4.3|^5.0", + "symfony/polyfill-mbstring": "~1.1", + "symfony/polyfill-php80": "^1.16" }, - "type": "metapackage", - "extra": { - "branch-alias": { - "dev-main": "1.20-dev" + "require-dev": { + "predis/predis": "~1.0", + "symfony/expression-language": "^3.4|^4.0|^5.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\HttpFoundation\\": "" }, - "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" - } + "exclude-from-classmap": [ + "/Tests/" + ] }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -2495,24 +2579,18 @@ ], "authors": [ { - "name": "Nicolas Grekas", - "email": "p@tchwork.com" + "name": "Fabien Potencier", + "email": "fabien@symfony.com" }, { "name": "Symfony Community", "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions", + "description": "Defines an object-oriented layer for the HTTP specification", "homepage": "https://symfony.com", - "keywords": [ - "compatibility", - "polyfill", - "portable", - "shim" - ], "support": { - "source": "https://github.com/symfony/polyfill-php56/tree/v1.20.0" + "source": "https://github.com/symfony/http-foundation/tree/v4.4.49" }, "funding": [ { @@ -2528,41 +2606,75 @@ "type": "tidelift" } ], - "time": "2020-10-23T14:02:19+00:00" + "time": "2022-11-04T16:17:57+00:00" }, { - "name": "symfony/polyfill-php80", - "version": "v1.29.0", + "name": "symfony/http-kernel", + "version": "v4.4.51", "source": { "type": "git", - "url": "https://github.com/symfony/polyfill-php80.git", - "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b" + "url": "https://github.com/symfony/http-kernel.git", + "reference": "ad8ab192cb619ff7285c95d28c69b36d718416c7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b", - "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b", + "url": "https://api.github.com/repos/symfony/http-kernel/zipball/ad8ab192cb619ff7285c95d28c69b36d718416c7", + "reference": "ad8ab192cb619ff7285c95d28c69b36d718416c7", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.1.3", + "psr/log": "^1|^2", + "symfony/error-handler": "^4.4", + "symfony/event-dispatcher": "^4.4", + "symfony/http-client-contracts": "^1.1|^2", + "symfony/http-foundation": "^4.4.30|^5.3.7", + "symfony/polyfill-ctype": "^1.8", + "symfony/polyfill-php73": "^1.9", + "symfony/polyfill-php80": "^1.16" }, - "type": "library", - "extra": { - "thanks": { - "name": "symfony/polyfill", - "url": "https://github.com/symfony/polyfill" - } + "conflict": { + "symfony/browser-kit": "<4.3", + "symfony/config": "<3.4", + "symfony/console": ">=5", + "symfony/dependency-injection": "<4.3", + "symfony/translation": "<4.2", + "twig/twig": "<1.43|<2.13,>=2" + }, + "provide": { + "psr/log-implementation": "1.0|2.0" + }, + "require-dev": { + "psr/cache": "^1.0|^2.0|^3.0", + "symfony/browser-kit": "^4.3|^5.0", + "symfony/config": "^3.4|^4.0|^5.0", + "symfony/console": "^3.4|^4.0", + "symfony/css-selector": "^3.4|^4.0|^5.0", + "symfony/dependency-injection": "^4.3|^5.0", + "symfony/dom-crawler": "^3.4|^4.0|^5.0", + "symfony/expression-language": "^3.4|^4.0|^5.0", + "symfony/finder": "^3.4|^4.0|^5.0", + "symfony/process": "^3.4|^4.0|^5.0", + "symfony/routing": "^3.4|^4.0|^5.0", + "symfony/stopwatch": "^3.4|^4.0|^5.0", + "symfony/templating": "^3.4|^4.0|^5.0", + "symfony/translation": "^4.2|^5.0", + "symfony/translation-contracts": "^1.1|^2", + "twig/twig": "^1.43|^2.13|^3.0.4" }, + "suggest": { + "symfony/browser-kit": "", + "symfony/config": "", + "symfony/console": "", + "symfony/dependency-injection": "" + }, + "type": "library", "autoload": { - "files": [ - "bootstrap.php" - ], "psr-4": { - "Symfony\\Polyfill\\Php80\\": "" + "Symfony\\Component\\HttpKernel\\": "" }, - "classmap": [ - "Resources/stubs" + "exclude-from-classmap": [ + "/Tests/" ] }, "notification-url": "https://packagist.org/downloads/", @@ -2571,7 +2683,703 @@ ], "authors": [ { - "name": "Ion Bazan", + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides a structured process for converting a Request into a Response", + "homepage": "https://symfony.com", + "support": { + "source": "https://github.com/symfony/http-kernel/tree/v4.4.51" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2023-11-10T13:31:29+00:00" + }, + { + "name": "symfony/mime", + "version": "v5.4.41", + "source": { + "type": "git", + "url": "https://github.com/symfony/mime.git", + "reference": "c71c7a1aeed60b22d05e738197e31daf2120bd42" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/mime/zipball/c71c7a1aeed60b22d05e738197e31daf2120bd42", + "reference": "c71c7a1aeed60b22d05e738197e31daf2120bd42", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "symfony/deprecation-contracts": "^2.1|^3", + "symfony/polyfill-intl-idn": "^1.10", + "symfony/polyfill-mbstring": "^1.0", + "symfony/polyfill-php80": "^1.16" + }, + "conflict": { + "egulias/email-validator": "~3.0.0", + "phpdocumentor/reflection-docblock": "<3.2.2", + "phpdocumentor/type-resolver": "<1.4.0", + "symfony/mailer": "<4.4", + "symfony/serializer": "<5.4.35|>=6,<6.3.12|>=6.4,<6.4.3" + }, + "require-dev": { + "egulias/email-validator": "^2.1.10|^3.1|^4", + "phpdocumentor/reflection-docblock": "^3.0|^4.0|^5.0", + "symfony/dependency-injection": "^4.4|^5.0|^6.0", + "symfony/process": "^5.4|^6.4", + "symfony/property-access": "^4.4|^5.1|^6.0", + "symfony/property-info": "^4.4|^5.1|^6.0", + "symfony/serializer": "^5.4.35|~6.3.12|^6.4.3" + }, + "type": "library", + "autoload": { + "psr-4": { + "Symfony\\Component\\Mime\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Allows manipulating MIME messages", + "homepage": "https://symfony.com", + "keywords": [ + "mime", + "mime-type" + ], + "support": { + "source": "https://github.com/symfony/mime/tree/v5.4.41" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-06-28T09:36:24+00:00" + }, + { + "name": "symfony/polyfill-ctype", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-ctype.git", + "reference": "0424dff1c58f028c451efff2045f5d92410bd540" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/0424dff1c58f028c451efff2045f5d92410bd540", + "reference": "0424dff1c58f028c451efff2045f5d92410bd540", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "provide": { + "ext-ctype": "*" + }, + "suggest": { + "ext-ctype": "For best performance" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Ctype\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Gert de Pagter", + "email": "BackEndTea@gmail.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for ctype functions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "ctype", + "polyfill", + "portable" + ], + "support": { + "source": "https://github.com/symfony/polyfill-ctype/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-05-31T15:07:36+00:00" + }, + { + "name": "symfony/polyfill-intl-idn", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-intl-idn.git", + "reference": "a6e83bdeb3c84391d1dfe16f42e40727ce524a5c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/a6e83bdeb3c84391d1dfe16f42e40727ce524a5c", + "reference": "a6e83bdeb3c84391d1dfe16f42e40727ce524a5c", + "shasum": "" + }, + "require": { + "php": ">=7.1", + "symfony/polyfill-intl-normalizer": "^1.10", + "symfony/polyfill-php72": "^1.10" + }, + "suggest": { + "ext-intl": "For best performance" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Idn\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Laurent Bassin", + "email": "laurent@bassin.info" + }, + { + "name": "Trevor Rowbotham", + "email": "trevor.rowbotham@pm.me" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for intl's idn_to_ascii and idn_to_utf8 functions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "idn", + "intl", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-intl-idn/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-05-31T15:07:36+00:00" + }, + { + "name": "symfony/polyfill-intl-normalizer", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-intl-normalizer.git", + "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/a95281b0be0d9ab48050ebd988b967875cdb9fdb", + "reference": "a95281b0be0d9ab48050ebd988b967875cdb9fdb", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "suggest": { + "ext-intl": "For best performance" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Intl\\Normalizer\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for intl's Normalizer class and related functions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "intl", + "normalizer", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-05-31T15:07:36+00:00" + }, + { + "name": "symfony/polyfill-mbstring", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-mbstring.git", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "provide": { + "ext-mbstring": "*" + }, + "suggest": { + "ext-mbstring": "For best performance" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Mbstring\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill for the Mbstring extension", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "mbstring", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-06-19T12:30:46+00:00" + }, + { + "name": "symfony/polyfill-php56", + "version": "v1.20.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php56.git", + "reference": "54b8cd7e6c1643d78d011f3be89f3ef1f9f4c675" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php56/zipball/54b8cd7e6c1643d78d011f3be89f3ef1f9f4c675", + "reference": "54b8cd7e6c1643d78d011f3be89f3ef1f9f4c675", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "type": "metapackage", + "extra": { + "branch-alias": { + "dev-main": "1.20-dev" + }, + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 5.6+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php56/tree/v1.20.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2020-10-23T14:02:19+00:00" + }, + { + "name": "symfony/polyfill-php72", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php72.git", + "reference": "10112722600777e02d2745716b70c5db4ca70442" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php72/zipball/10112722600777e02d2745716b70c5db4ca70442", + "reference": "10112722600777e02d2745716b70c5db4ca70442", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php72\\": "" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php72/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-06-19T12:30:46+00:00" + }, + { + "name": "symfony/polyfill-php73", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php73.git", + "reference": "ec444d3f3f6505bb28d11afa41e75faadebc10a1" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/ec444d3f3f6505bb28d11afa41e75faadebc10a1", + "reference": "ec444d3f3f6505bb28d11afa41e75faadebc10a1", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php73\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Symfony polyfill backporting some PHP 7.3+ features to lower PHP versions", + "homepage": "https://symfony.com", + "keywords": [ + "compatibility", + "polyfill", + "portable", + "shim" + ], + "support": { + "source": "https://github.com/symfony/polyfill-php73/tree/v1.30.0" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-05-31T15:07:36+00:00" + }, + { + "name": "symfony/polyfill-php80", + "version": "v1.30.0", + "source": { + "type": "git", + "url": "https://github.com/symfony/polyfill-php80.git", + "reference": "77fa7995ac1b21ab60769b7323d600a991a90433" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/77fa7995ac1b21ab60769b7323d600a991a90433", + "reference": "77fa7995ac1b21ab60769b7323d600a991a90433", + "shasum": "" + }, + "require": { + "php": ">=7.1" + }, + "type": "library", + "extra": { + "thanks": { + "name": "symfony/polyfill", + "url": "https://github.com/symfony/polyfill" + } + }, + "autoload": { + "files": [ + "bootstrap.php" + ], + "psr-4": { + "Symfony\\Polyfill\\Php80\\": "" + }, + "classmap": [ + "Resources/stubs" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Ion Bazan", "email": "ion.bazan@gmail.com" }, { @@ -2592,7 +3400,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0" + "source": "https://github.com/symfony/polyfill-php80/tree/v1.30.0" }, "funding": [ { @@ -2608,7 +3416,7 @@ "type": "tidelift" } ], - "time": "2024-01-29T20:11:03+00:00" + "time": "2024-05-31T15:07:36+00:00" }, { "name": "symfony/polyfill-php81", @@ -2740,47 +3548,44 @@ }, { "name": "symfony/routing", - "version": "v3.0.9", + "version": "v4.4.44", "source": { "type": "git", "url": "https://github.com/symfony/routing.git", - "reference": "9038984bd9c05ab07280121e9e10f61a7231457b" + "reference": "f7751fd8b60a07f3f349947a309b5bdfce22d6ae" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/routing/zipball/9038984bd9c05ab07280121e9e10f61a7231457b", - "reference": "9038984bd9c05ab07280121e9e10f61a7231457b", + "url": "https://api.github.com/repos/symfony/routing/zipball/f7751fd8b60a07f3f349947a309b5bdfce22d6ae", + "reference": "f7751fd8b60a07f3f349947a309b5bdfce22d6ae", "shasum": "" }, "require": { - "php": ">=5.5.9" + "php": ">=7.1.3", + "symfony/polyfill-php80": "^1.16" }, "conflict": { - "symfony/config": "<2.8" + "symfony/config": "<4.2", + "symfony/dependency-injection": "<3.4", + "symfony/yaml": "<3.4" }, "require-dev": { - "doctrine/annotations": "~1.0", - "doctrine/common": "~2.2", - "psr/log": "~1.0", - "symfony/config": "~2.8|~3.0", - "symfony/expression-language": "~2.8|~3.0", - "symfony/http-foundation": "~2.8|~3.0", - "symfony/yaml": "~2.8|~3.0" + "doctrine/annotations": "^1.10.4", + "psr/log": "^1|^2|^3", + "symfony/config": "^4.2|^5.0", + "symfony/dependency-injection": "^3.4|^4.0|^5.0", + "symfony/expression-language": "^3.4|^4.0|^5.0", + "symfony/http-foundation": "^3.4|^4.0|^5.0", + "symfony/yaml": "^3.4|^4.0|^5.0" }, "suggest": { "doctrine/annotations": "For using the annotation loader", "symfony/config": "For using the all-in-one router or any loader", - "symfony/dependency-injection": "For loading routes from a service", "symfony/expression-language": "For using expression matching", "symfony/http-foundation": "For using a Symfony Request object", "symfony/yaml": "For using the YAML loader" }, "type": "library", - "extra": { - "branch-alias": { - "dev-master": "3.0-dev" - } - }, "autoload": { "psr-4": { "Symfony\\Component\\Routing\\": "" @@ -2803,7 +3608,7 @@ "homepage": "https://symfony.com/contributors" } ], - "description": "Symfony Routing Component", + "description": "Maps an HTTP request to a set of configuration variables", "homepage": "https://symfony.com", "keywords": [ "router", @@ -2812,9 +3617,112 @@ "url" ], "support": { - "source": "https://github.com/symfony/routing/tree/3.0" + "source": "https://github.com/symfony/routing/tree/v4.4.44" + }, + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2022-07-20T09:59:04+00:00" + }, + { + "name": "symfony/var-dumper", + "version": "v5.4.42", + "source": { + "type": "git", + "url": "https://github.com/symfony/var-dumper.git", + "reference": "0c17c56d8ea052fc33942251c75d0e28936e043d" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/symfony/var-dumper/zipball/0c17c56d8ea052fc33942251c75d0e28936e043d", + "reference": "0c17c56d8ea052fc33942251c75d0e28936e043d", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "symfony/polyfill-mbstring": "~1.0", + "symfony/polyfill-php80": "^1.16" + }, + "conflict": { + "symfony/console": "<4.4" + }, + "require-dev": { + "ext-iconv": "*", + "symfony/console": "^4.4|^5.0|^6.0", + "symfony/http-kernel": "^4.4|^5.0|^6.0", + "symfony/process": "^4.4|^5.0|^6.0", + "symfony/uid": "^5.1|^6.0", + "twig/twig": "^2.13|^3.0.4" + }, + "suggest": { + "ext-iconv": "To convert non-UTF-8 strings to UTF-8 (or symfony/polyfill-iconv in case ext-iconv cannot be used).", + "ext-intl": "To show region name in time zone dump", + "symfony/console": "To use the ServerDumpCommand and/or the bin/var-dump-server script" + }, + "bin": [ + "Resources/bin/var-dump-server" + ], + "type": "library", + "autoload": { + "files": [ + "Resources/functions/dump.php" + ], + "psr-4": { + "Symfony\\Component\\VarDumper\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Nicolas Grekas", + "email": "p@tchwork.com" + }, + { + "name": "Symfony Community", + "homepage": "https://symfony.com/contributors" + } + ], + "description": "Provides mechanisms for walking through any arbitrary PHP variable", + "homepage": "https://symfony.com", + "keywords": [ + "debug", + "dump" + ], + "support": { + "source": "https://github.com/symfony/var-dumper/tree/v5.4.42" }, - "time": "2016-06-29T05:40:00+00:00" + "funding": [ + { + "url": "https://symfony.com/sponsor", + "type": "custom" + }, + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/symfony/symfony", + "type": "tidelift" + } + ], + "time": "2024-07-26T12:23:09+00:00" }, { "name": "taq/pdooci", diff --git a/open_xdmod/modules/xdmod/assets/setup.sh b/open_xdmod/modules/xdmod/assets/setup.sh index ab2d2de6d1..cea376210b 100755 --- a/open_xdmod/modules/xdmod/assets/setup.sh +++ b/open_xdmod/modules/xdmod/assets/setup.sh @@ -7,10 +7,8 @@ assets_dir="$( module_dir="$assets_dir/.." xdmod_dir="$module_dir/../../.." -echo Installing composer managed dependencies -cd $xdmod_dir -composer install --no-dev - +pushd $xdmod_dir || exit echo Installing npm managed dependencies npm install --production --prefix etl/js npm install --production --prefix background_scripts/chrome-helper +popd || exit diff --git a/open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.patch b/open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.patch new file mode 100644 index 0000000000..2f70683f6c --- /dev/null +++ b/open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.patch @@ -0,0 +1,15 @@ +diff --git a/www/errorreport.php b/www/errorreport.php +index a95631083..81c10a238 100644 +--- a/www/errorreport.php ++++ b/www/errorreport.php +@@ -17,6 +17,10 @@ $reportId = (string) $_REQUEST['reportId']; + $email = (string) $_REQUEST['email']; + $text = htmlspecialchars((string) $_REQUEST['text']); + ++if (!preg_match('/^[0-9a-f]{8}$/', $reportId)) { ++ throw new SimpleSAML_Error_Exception('Invalid reportID'); ++} ++ + $data = null; + try { + $session = SimpleSAML_Session::getSessionFromRequest(); diff --git a/open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5301.patch b/open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5301.patch new file mode 100644 index 0000000000..19b7971241 --- /dev/null +++ b/open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5301.patch @@ -0,0 +1,22 @@ +diff --git a/www/module.php b/www/module.php +index 8e122f78e..c395d60ba 100644 +--- a/www/module.php ++++ b/www/module.php +@@ -79,7 +79,7 @@ if (strpos($url, '\\') !== false) { + $moduleDir = SimpleSAML\Module::getModuleDir($module).'/www/'; + + // check for '.php/' in the path, the presence of which indicates that another php-script should handle the request +-for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, '.php/', $phpPos + 1)) { ++for ($phpPos = strpos(strtolower($url), '.php/'); $phpPos !== false; $phpPos = strpos(strtolower($url), '.php/', $phpPos + 1)) { + + $newURL = substr($url, 0, $phpPos + 4); + $param = substr($url, $phpPos + 4); +@@ -94,7 +94,7 @@ for ($phpPos = strpos($url, '.php/'); $phpPos !== false; $phpPos = strpos($url, + } + } + +-$path = $moduleDir.$url; ++$path = strtolower($moduleDir.$url); + + if ($path[strlen($path) - 1] === '/') { + // path ends with a slash - directory reference. Attempt to find index file in directory diff --git a/open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_HTTP.patch b/open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_HTTP.patch new file mode 100644 index 0000000000..10feeeef52 --- /dev/null +++ b/open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_HTTP.patch @@ -0,0 +1,36 @@ +120a121,141 +> } +> +> +> /** +> * Verify that a given URL is valid. +> * +> * @param string $url The URL we want to verify. +> * +> * @return boolean True if the given URL is valid, false otherwise. +> */ +> public static function isValidURL($url) +> { +> $url = filter_var($url, FILTER_VALIDATE_URL); +> if ($url === false) { +> return false; +> } +> $scheme = parse_url($url, PHP_URL_SCHEME); +> if ($scheme !== false && in_array(strtolower($scheme), ['http', 'https'], true)) { +> return true; +> } +> return false; +150a172,174 +> } +> if (!self::isValidURL($url)) { +> throw new \SimpleSAML_Error_Exception('Invalid destination URL.'); +151a176 +> +328c353 +< if (filter_var($url, FILTER_VALIDATE_URL) === false) { +--- +> if (!self::isValidURL($url)) { +1206a1232,1234 +> if (!self::isValidURL($destination)) { +> throw new \SimpleSAML_Error_Exception('Invalid destination URL.'); +> } diff --git a/open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_postredirect.patch b/open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_postredirect.patch new file mode 100644 index 0000000000..590357475b --- /dev/null +++ b/open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_postredirect.patch @@ -0,0 +1,5 @@ +46a47,50 +> if (!\SimpleSAML\Utils\HTTP::isValidURL($postData['url'])) { +> throw new \SimpleSAML\Error\Exception('Invalid destination URL.'); +> } +> diff --git a/open_xdmod/modules/xdmod/build.json b/open_xdmod/modules/xdmod/build.json index a767d1c7c1..b207690cc5 100644 --- a/open_xdmod/modules/xdmod/build.json +++ b/open_xdmod/modules/xdmod/build.json @@ -104,6 +104,12 @@ "commands": { "pre_build": [ "sed -i 's/SimpleSAML_Error_Assertion::installHandler();//g' vendor/simplesamlphp/simplesamlphp/www/_include.php", + "rm -rf vendor/", + "composer install", + "patch vendor/simplesamlphp/simplesamlphp/www/errorreport.php < open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5225.patch", + "patch vendor/simplesamlphp/simplesamlphp/www/module.php < open_xdmod/modules/xdmod/assets/simplesamlphp-CVE-2020-5301.patch", + "patch vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Utils/HTTP.php < open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_HTTP.patch", + "patch vendor/simplesamlphp/simplesamlphp/modules/core/www/postredirect.php < open_xdmod/modules/xdmod/assets/simplesamlphp-SSPSA_201907-01_postredirect.patch", "user_manual_builder/setup.sh", "user_manual_builder/build_user_manual.sh --builddir user_manual_builder/ --destdir html/user_manual/" ] diff --git a/tests/ci/scripts/qa-test-setup.sh b/tests/ci/scripts/qa-test-setup.sh index c9538ea86f..12d2953f0f 100755 --- a/tests/ci/scripts/qa-test-setup.sh +++ b/tests/ci/scripts/qa-test-setup.sh @@ -18,12 +18,15 @@ if [[ "$XDMOD_TEST_MODE" == "upgrade" ]]; then # Switch to the repo root pushd $XDMOD_SOURCE_DIR >/dev/null || exit 1 + OLD_COMPOSER="$COMPOSER" # Specify composer.json for xdmod-qa so xdmod dev-dependencies aren't removed. export COMPOSER="$HOME/.qa/composer.json" # Setup the xdmod-qa environment / requirements. $HOME/.qa/scripts/install.sh + export COMPOSER="$OLD_COMPOSER" + # Run the xdmod-qa tests. $HOME/.qa/scripts/build.sh