PrivateCoffee/alltube
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1544 commits 1 branch 0 tags 4.5 MiB
Commit graph

313 commits

Author SHA1 Message Date
Pierre Rudloff
7f28275fb0 Merge tag '3.0.2' into develop 
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
 2022-02-27 12:34:23 +01:00
Pierre Rudloff
1b099bb983 Patch youtube-dl to disable redirects 
In order to prevent SSRF attacks using redirects
 2022-02-27 12:30:15 +01:00
Pierre Rudloff
3a4f09dda0 Prevent SSRF requests 
By validating the provided URL before passing it to youtube-dl
 2022-02-27 11:00:33 +01:00
Pierre Rudloff
e246ab03e9 Partial PHP 8 compatibility 
But we still need to update rinvex/countries
 2022-02-22 22:58:57 +01:00
Pierre Rudloff
e567f9c9fa Update annotated-command 
To fix PHP 8 compatibility issues: https://github.com/consolidation/annotated-command/pull/210
 2022-02-20 14:19:41 +01:00
Pierre Rudloff
5677ce719a Update youtube-dl to 2021.12.17 (#395) 2022-02-17 22:13:56 +01:00
Pierre Rudloff
655490eeb3 Use HTTPS URLs in composer.json 2022-02-17 22:00:08 +01:00
Pierre Rudloff
ce9b4d9a48 Update Smarty to 4.0 2022-02-06 18:43:08 +01:00
Pierre Rudloff
835170f4b5 Use phpmnd to detect magic numbers 2022-01-27 00:03:37 +01:00
Pierre Rudloff
359c358df1 Symfony 5.0 is not maintained anymore 2022-01-26 23:53:14 +01:00
Pierre Rudloff
8f3f1cdaf8 Merge branch 'master' into develop 2022-01-17 20:14:06 +01:00
dependabot[bot]
fb78ecb410 Bump smarty/smarty from 3.1.39 to 3.1.43 (#383) 
Bumps smarty/smarty from 3.1.39 to 3.1.43.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-13 00:05:49 +01:00
Pierre Rudloff
55db198d39 Upgrade phpunit to 9.5 
So we stop depending on the unmaintained php-token-stream
 2021-10-17 21:14:39 +02:00
Pierre Rudloff
f3ffa90a2e Update alltube-library to 0.1.3 2021-05-13 13:03:10 +02:00
Pierre Rudloff
a95d1de67e Update alltube-library to 0.1.2 2021-05-05 21:48:10 +02:00
Pierre Rudloff
b902c9027b Upgrade youtube-dl to 2021.04.01 (fixes #349) 2021-04-02 21:05:50 +02:00
Pierre Rudloff
97d6532388 Merge branch 'master' into develop 2021-02-26 22:53:09 +01:00
dependabot[bot]
6ab19b6d84
Bump smarty/smarty from 3.1.33 to 3.1.39 (#346) 
Bumps smarty/smarty from 3.1.33 to 3.1.39.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-26 22:48:17 +01:00
Pierre Rudloff
3cfd450258 Use a stable release of debugbar-smarty 2021-02-11 19:36:11 +01:00
Pierre Rudloff
9a27e7764a Upgrade grumphp to 1.3 
In order to use the new securitychecker_enlightn task
 2021-02-07 13:40:02 +01:00
Pierre Rudloff
36ba147430 phpstan update 2021-02-07 12:42:03 +01:00
Pierre Rudloff
50fe879f16 Add route info to debug bar 2021-02-07 12:24:16 +01:00
Pierre Rudloff
9af922f3f1 Add Smarty collector to debug bar 2021-02-07 00:03:37 +01:00
Pierre Rudloff
5c0ed594f3 Debug bar 2021-02-06 15:35:09 +01:00
Pierre Rudloff
58f79c5012 Use enlightn/security-checker instead of sensiolabs/security-checker (fixes #342) 2021-02-02 21:26:26 +01:00
Pierre Rudloff
05959b17f0 Upgrade grumphp to 1.1 
In order to improve output in CI
 2020-11-16 23:31:18 +01:00
Pierre Rudloff
b5a585443a fixup! The youtube-dl repository is back 2020-11-16 23:28:36 +01:00
Pierre Rudloff
81e42057f9 Upgrade composer-dangling-locked-deps to 0.2.1 
To fix Composer 2 compatibility
 2020-11-16 23:21:32 +01:00
Pierre Rudloff
a800a058fa The youtube-dl repository is back 2020-11-16 20:48:03 +01:00
Pierre Rudloff
17422d8485 Upgrade youtube-dl to 2020.11.01.1 (fixes #326) 2020-11-02 21:09:27 +01:00
Pierre Rudloff
f4a9528b56 Explicitely require PHP >= 7.3 2020-10-28 22:17:27 +01:00
Pierre Rudloff
c15f1e6bba Use a stable release of alltube-library 2020-10-27 23:33:00 +01:00
Pierre Rudloff
e330adec76 Get youtube-dl from PyPI (fixes #323) 2020-10-27 23:18:59 +01:00
Pierre Rudloff
9a12a2d13b Don't install open-sans in vendor 2020-10-20 01:24:36 +02:00
Pierre Rudloff
f29a61f182 Upgrade pretty-package-versions to 1.5 
So we can have a cleaner way to get the root package version
 2020-10-20 00:22:34 +02:00
Pierre Rudloff
22bcbbb9ae Upgrade grumphp to 1.0 
So tests can be run in parallel
 2020-10-20 00:16:56 +02:00
Pierre Rudloff
561b6c8370 Make the CSP compatible with debug tools 2020-10-19 23:59:23 +02:00
Pierre Rudloff
fe80308610 Update alltube-library 2020-10-17 22:51:39 +02:00
Pierre Rudloff
5ee9d457b2 Upgrade youtube-dl to 2020.09 (fixes #300) 2020-10-10 23:05:08 +02:00
Pierre Rudloff
8ab2ed838b Upgrade composer-dangling-locked-deps to 0.2 2020-10-09 23:38:23 +02:00
Pierre Rudloff
d38b1cd9aa composer-dangling-locked-deps 2020-09-01 12:47:06 +02:00
Pierre Rudloff
3ba720dce0 Get open-sans from Packagist 
So we can stop requiring Asset Packagist
 2020-07-20 23:04:03 +02:00
Pierre Rudloff
2dcd1239a4 Remove dangling dependencies 2020-07-20 22:33:53 +02:00
Pierre Rudloff
96a75cbf14 Log youtube-dl and ffmpeg commands (fixes #297) 2020-07-15 22:52:38 +02:00
Pierre Rudloff
7e575e1bb2 composer-normalize 2020-07-05 11:58:50 +02:00
Pierre Rudloff
32f0a5012c Use security-checker instead of security-advisories 
So it can be checked with grumphp
 2020-07-05 03:23:14 +02:00
Pierre Rudloff
9d6389b1a7 Remove obsolete locked dependencies 2020-07-05 03:18:40 +02:00
Pierre Rudloff
39f66d4e7e security-advisories update 2020-07-05 02:19:09 +02:00
Pierre Rudloff
f90a08e89c Stop installing ffmpeg and phantomjs with Composer 
It is convenient but this a the job of the OS package manager
 2020-06-22 23:21:22 +02:00
Pierre Rudloff
251fbe48ca Add generator meta with the current version 2020-06-21 15:51:28 +02:00