Commit graph

331 commits

Author SHA1 Message Date
Pierre Rudloff
b52a582539
Stop supporting PHP 7.3 (#430)
It is unmaintained
2023-03-21 20:07:08 +01:00
Pierre Rudloff
8e6e88a2b2
Dependencies update 2023-03-03 00:14:36 +01:00
Pierre Rudloff
4e09393fd9 Update robo to 3.0
To fix a PHP 8 compatibility notice
2022-10-16 15:42:19 +02:00
Pierre Rudloff
87e30f2e87 Merge branch 'master' into develop 2022-10-16 15:16:38 +02:00
dependabot[bot]
3b6b1f0387
Bump smarty/smarty from 3.1.45 to 3.1.47 (#425)
Bumps smarty/smarty from 3.1.45 to 3.1.47.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-25 15:09:49 +02:00
Pierre Rudloff
b95fed4935 Update phpstan
To fix compatibility with PHP 8.1
2022-06-28 23:08:03 +02:00
Pierre Rudloff
b5f757b562 Merge branch 'master' into develop 2022-06-28 23:07:07 +02:00
Pierre Rudloff
ffeda5ea90 Declare allowed composer plugins 2022-06-28 23:05:34 +02:00
Pierre Rudloff
e9efc6ef71 Update symfony/string
To avoid redeclaring functions that already exist: af4b27f47b
2022-06-28 23:04:03 +02:00
dependabot[bot]
550371db7c
Bump guzzlehttp/guzzle from 6.5.7 to 6.5.8 (#418)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.7 to 6.5.8.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.7...6.5.8)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-28 22:52:44 +02:00
dependabot[bot]
4e826e554d
Bump guzzlehttp/guzzle from 6.5.6 to 6.5.7 (#415)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.6 to 6.5.7.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.7/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.6...6.5.7)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-14 22:05:02 +02:00
Pierre Rudloff
f6ae6eded3 Merge branch 'master' into develop 2022-05-28 23:52:51 +02:00
dependabot[bot]
e7fd4c6bc4
Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6 (#412)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.6/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.5...6.5.6)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:56 +02:00
dependabot[bot]
b894cdd6ce
Bump smarty/smarty from 3.1.43 to 3.1.45 (#413)
Bumps smarty/smarty from 3.1.43 to 3.1.45.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:20 +02:00
Pierre Rudloff
e3187a7258 Merge branch 'master' into develop 2022-04-07 22:15:36 +02:00
dependabot[bot]
6731fcdf96
Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 (#406)
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.6.1 to 1.8.5.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.8.5/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/1.6.1...1.8.5)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 09:11:45 +02:00
Pierre Rudloff
10b7658240 Merge tag '3.0.3' into develop
Fixed a vulnerability that could be used to trigger either an open redirect or a SSRF attack
2022-03-08 09:36:00 +01:00
Pierre Rudloff
8913f27716 Disable the generic extractor entirely
It can be used for SSRF attacks even when redirects are disabled
2022-03-08 09:29:57 +01:00
Pierre Rudloff
7f28275fb0 Merge tag '3.0.2' into develop
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
2022-02-27 12:34:23 +01:00
Pierre Rudloff
1b099bb983 Patch youtube-dl to disable redirects
In order to prevent SSRF attacks using redirects
2022-02-27 12:30:15 +01:00
Pierre Rudloff
3a4f09dda0 Prevent SSRF requests
By validating the provided URL before passing it to youtube-dl
2022-02-27 11:00:33 +01:00
Pierre Rudloff
e246ab03e9 Partial PHP 8 compatibility
But we still need to update rinvex/countries
2022-02-22 22:58:57 +01:00
Pierre Rudloff
e567f9c9fa Update annotated-command
To fix PHP 8 compatibility issues: https://github.com/consolidation/annotated-command/pull/210
2022-02-20 14:19:41 +01:00
Pierre Rudloff
5677ce719a Update youtube-dl to 2021.12.17 (#395) 2022-02-17 22:13:56 +01:00
Pierre Rudloff
655490eeb3 Use HTTPS URLs in composer.json 2022-02-17 22:00:08 +01:00
Pierre Rudloff
ce9b4d9a48 Update Smarty to 4.0 2022-02-06 18:43:08 +01:00
Pierre Rudloff
835170f4b5 Use phpmnd to detect magic numbers 2022-01-27 00:03:37 +01:00
Pierre Rudloff
359c358df1 Symfony 5.0 is not maintained anymore 2022-01-26 23:53:14 +01:00
Pierre Rudloff
8f3f1cdaf8 Merge branch 'master' into develop 2022-01-17 20:14:06 +01:00
dependabot[bot]
fb78ecb410 Bump smarty/smarty from 3.1.39 to 3.1.43 (#383)
Bumps smarty/smarty from 3.1.39 to 3.1.43.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-01-13 00:05:49 +01:00
Pierre Rudloff
55db198d39 Upgrade phpunit to 9.5
So we stop depending on the unmaintained php-token-stream
2021-10-17 21:14:39 +02:00
Pierre Rudloff
f3ffa90a2e Update alltube-library to 0.1.3 2021-05-13 13:03:10 +02:00
Pierre Rudloff
a95d1de67e Update alltube-library to 0.1.2 2021-05-05 21:48:10 +02:00
Pierre Rudloff
b902c9027b Upgrade youtube-dl to 2021.04.01 (fixes #349) 2021-04-02 21:05:50 +02:00
Pierre Rudloff
97d6532388 Merge branch 'master' into develop 2021-02-26 22:53:09 +01:00
dependabot[bot]
6ab19b6d84
Bump smarty/smarty from 3.1.33 to 3.1.39 (#346)
Bumps smarty/smarty from 3.1.33 to 3.1.39.

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-26 22:48:17 +01:00
Pierre Rudloff
3cfd450258 Use a stable release of debugbar-smarty 2021-02-11 19:36:11 +01:00
Pierre Rudloff
9a27e7764a Upgrade grumphp to 1.3
In order to use the new securitychecker_enlightn task
2021-02-07 13:40:02 +01:00
Pierre Rudloff
36ba147430 phpstan update 2021-02-07 12:42:03 +01:00
Pierre Rudloff
50fe879f16 Add route info to debug bar 2021-02-07 12:24:16 +01:00
Pierre Rudloff
9af922f3f1 Add Smarty collector to debug bar 2021-02-07 00:03:37 +01:00
Pierre Rudloff
5c0ed594f3 Debug bar 2021-02-06 15:35:09 +01:00
Pierre Rudloff
58f79c5012 Use enlightn/security-checker instead of sensiolabs/security-checker (fixes #342) 2021-02-02 21:26:26 +01:00
Pierre Rudloff
05959b17f0 Upgrade grumphp to 1.1
In order to improve output in CI
2020-11-16 23:31:18 +01:00
Pierre Rudloff
b5a585443a fixup! The youtube-dl repository is back 2020-11-16 23:28:36 +01:00
Pierre Rudloff
81e42057f9 Upgrade composer-dangling-locked-deps to 0.2.1
To fix Composer 2 compatibility
2020-11-16 23:21:32 +01:00
Pierre Rudloff
a800a058fa The youtube-dl repository is back 2020-11-16 20:48:03 +01:00
Pierre Rudloff
17422d8485 Upgrade youtube-dl to 2020.11.01.1 (fixes #326) 2020-11-02 21:09:27 +01:00
Pierre Rudloff
f4a9528b56 Explicitely require PHP >= 7.3 2020-10-28 22:17:27 +01:00
Pierre Rudloff
c15f1e6bba Use a stable release of alltube-library 2020-10-27 23:33:00 +01:00