Commit graph

247 commits

Author SHA1 Message Date
Pierre Rudloff
7f28275fb0 Merge tag '3.0.2' into develop
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
2022-02-27 12:34:23 +01:00
Pierre Rudloff
1b099bb983 Patch youtube-dl to disable redirects
In order to prevent SSRF attacks using redirects
2022-02-27 12:30:15 +01:00
Pierre Rudloff
3a4f09dda0 Prevent SSRF requests
By validating the provided URL before passing it to youtube-dl
2022-02-27 11:00:33 +01:00
Pierre Rudloff
e246ab03e9 Partial PHP 8 compatibility
But we still need to update rinvex/countries
2022-02-22 22:58:57 +01:00
Pierre Rudloff
5677ce719a Update youtube-dl to 2021.12.17 (#395) 2022-02-17 22:13:56 +01:00
Pierre Rudloff
655490eeb3 Use HTTPS URLs in composer.json 2022-02-17 22:00:08 +01:00
Pierre Rudloff
ce9b4d9a48 Update Smarty to 4.0 2022-02-06 18:43:08 +01:00
Pierre Rudloff
835170f4b5 Use phpmnd to detect magic numbers 2022-01-27 00:03:37 +01:00
Pierre Rudloff
359c358df1 Symfony 5.0 is not maintained anymore 2022-01-26 23:53:14 +01:00
Pierre Rudloff
55db198d39 Upgrade phpunit to 9.5
So we stop depending on the unmaintained php-token-stream
2021-10-17 21:14:39 +02:00
Pierre Rudloff
f3ffa90a2e Update alltube-library to 0.1.3 2021-05-13 13:03:10 +02:00
Pierre Rudloff
a95d1de67e Update alltube-library to 0.1.2 2021-05-05 21:48:10 +02:00
Pierre Rudloff
b902c9027b Upgrade youtube-dl to 2021.04.01 (fixes #349) 2021-04-02 21:05:50 +02:00
Pierre Rudloff
3cfd450258 Use a stable release of debugbar-smarty 2021-02-11 19:36:11 +01:00
Pierre Rudloff
9a27e7764a Upgrade grumphp to 1.3
In order to use the new securitychecker_enlightn task
2021-02-07 13:40:02 +01:00
Pierre Rudloff
36ba147430 phpstan update 2021-02-07 12:42:03 +01:00
Pierre Rudloff
50fe879f16 Add route info to debug bar 2021-02-07 12:24:16 +01:00
Pierre Rudloff
9af922f3f1 Add Smarty collector to debug bar 2021-02-07 00:03:37 +01:00
Pierre Rudloff
5c0ed594f3 Debug bar 2021-02-06 15:35:09 +01:00
Pierre Rudloff
58f79c5012 Use enlightn/security-checker instead of sensiolabs/security-checker (fixes #342) 2021-02-02 21:26:26 +01:00
Pierre Rudloff
05959b17f0 Upgrade grumphp to 1.1
In order to improve output in CI
2020-11-16 23:31:18 +01:00
Pierre Rudloff
b5a585443a fixup! The youtube-dl repository is back 2020-11-16 23:28:36 +01:00
Pierre Rudloff
81e42057f9 Upgrade composer-dangling-locked-deps to 0.2.1
To fix Composer 2 compatibility
2020-11-16 23:21:32 +01:00
Pierre Rudloff
a800a058fa The youtube-dl repository is back 2020-11-16 20:48:03 +01:00
Pierre Rudloff
17422d8485 Upgrade youtube-dl to 2020.11.01.1 (fixes #326) 2020-11-02 21:09:27 +01:00
Pierre Rudloff
f4a9528b56 Explicitely require PHP >= 7.3 2020-10-28 22:17:27 +01:00
Pierre Rudloff
c15f1e6bba Use a stable release of alltube-library 2020-10-27 23:33:00 +01:00
Pierre Rudloff
e330adec76 Get youtube-dl from PyPI (fixes #323) 2020-10-27 23:18:59 +01:00
Pierre Rudloff
9a12a2d13b Don't install open-sans in vendor 2020-10-20 01:24:36 +02:00
Pierre Rudloff
22bcbbb9ae Upgrade grumphp to 1.0
So tests can be run in parallel
2020-10-20 00:16:56 +02:00
Pierre Rudloff
561b6c8370 Make the CSP compatible with debug tools 2020-10-19 23:59:23 +02:00
Pierre Rudloff
5ee9d457b2 Upgrade youtube-dl to 2020.09 (fixes #300) 2020-10-10 23:05:08 +02:00
Pierre Rudloff
8ab2ed838b Upgrade composer-dangling-locked-deps to 0.2 2020-10-09 23:38:23 +02:00
Pierre Rudloff
4bd121cda2 Disable timeout for "composer test" 2020-09-27 19:50:12 +02:00
Pierre Rudloff
d38b1cd9aa composer-dangling-locked-deps 2020-09-01 12:47:06 +02:00
Pierre Rudloff
3ba720dce0 Get open-sans from Packagist
So we can stop requiring Asset Packagist
2020-07-20 23:04:03 +02:00
Pierre Rudloff
96a75cbf14 Log youtube-dl and ffmpeg commands (fixes #297) 2020-07-15 22:52:38 +02:00
Pierre Rudloff
7e575e1bb2 composer-normalize 2020-07-05 11:58:50 +02:00
Pierre Rudloff
32f0a5012c Use security-checker instead of security-advisories
So it can be checked with grumphp
2020-07-05 03:23:14 +02:00
Pierre Rudloff
7ecfe8cb87 Use autoload-dev for test classes (fixes #293) 2020-07-01 22:58:26 +02:00
Pierre Rudloff
d127964eff Simplify PSR-4 autoload 2020-07-01 22:52:22 +02:00
Pierre Rudloff
f90a08e89c Stop installing ffmpeg and phantomjs with Composer
It is convenient but this a the job of the OS package manager
2020-06-22 23:21:22 +02:00
Pierre Rudloff
a518e3b7b3 Create release package cleanly from a temporary folder (#279) 2020-06-22 23:15:31 +02:00
Pierre Rudloff
251fbe48ca Add generator meta with the current version 2020-06-21 15:51:28 +02:00
Pierre Rudloff
d4b3a82ebb Remove obsolete Composer config 2020-06-21 15:12:28 +02:00
Pierre Rudloff
5c2823e3f1 Move Video class to a separate library
+ improve error handling
+ youtube-dl update
2020-06-21 15:12:03 +02:00
Pierre Rudloff
7d94271a49 Remove support for launching Heroku locally
This is untested and probably broken
2020-06-20 14:25:27 +02:00
Pierre Rudloff
62dac1e5bb Move youtube-dl, ffmpeg and phantomsjs to dev dependencies (fixes #280) 2020-06-20 14:20:31 +02:00
Pierre Rudloff
e777f51490 Dependencies update
symfony/finder should be a production dependency
2020-05-28 00:57:02 +02:00
Pierre Rudloff
5051602174 grumphp should be a dev dependency 2020-05-14 12:38:58 +02:00