Commit graph

1596 commits

Author SHA1 Message Date
c9fadaae20
chore(deps): update PHPStan to v1.8
Upgraded PHPStan from v0.12.72 to v1.8 to leverage improvements and new features. This change includes adjustments to support requirements and package metadata. Ensures compatibility with newer PHP versions and provides enhanced static analysis capabilities.
2024-07-21 11:18:10 +02:00
ac44c0e6cc
feat: embed base64 thumbnails in video objects
Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images.

Addresses issues with missing thumbnails and enhances security settings.
2024-07-21 09:47:21 +02:00
d1896f49d4
chore(deps): update multiple dependencies for compatibility
Upgraded various dependencies to their latest versions. Key updates include:

- `clue/stream-filter`: v1.6.0 to v1.7.0
- `composer/installers`: v2.2.0 to v2.3.0
- `guzzlehttp/promises`: 1.5.2 to 1.5.3
- `jawira/case-converter`: v3.4.6 to v3.5.1
- `paragonie/constant_time_encoding`: v2.6.3 to v2.7.0
- `paragonie/csp-builder`: v2.8.0 to v2.9.0
- `php-http/client-common`: 2.6.0 to 2.7.1
- `php-http/discovery`: 1.15.2 to 1.19.4
- `php-http/httplug`: 2.3.0 to 2.4.0
- `php-http/message`: 1.13.0 to 1.16.1
- `php-http/message-factory`: v1.0.2 to 1.1.0
- `php-http/promise`: 1.1.0 to 1.3.1
- `psr/container`: 1.1.1 to 1.1.2
- `psr/http-client`: 1.0.1 to 1.0.3
- `psr/http-factory`: 1.0.1 to 1.1.0
- `slim/slim`: 3.12.4 to 3.12.5
- `smarty/smarty`: v4.3.1 to v4.5.3
- `symfony/console`: v5.4.21 to v5.4.41
- `symfony/deprecation-contracts`: v2.5.2 to v2.5.3
- `symfony/finder`: v5.4.21 to v5.4.40
- `symfony/options-resolver`: v5.4.21 to v5.4.40
- `symfony/polyfill-*`: various to 1.30.0
- `symfony/process`: v5.4.21 to v5.4.40
- `symfony/service-contracts`: v2.5.2 to v2.5.3
- `symfony/string`: v5.4.21 to v5.4.41
- `symfony/translation-contracts`: v2.5.2 to v2.5.3
- `amphp/amp`: v2.6.2 to v2.6.4
- `amphp/byte-stream`: v1.8.1 to v1.8.2
- `amphp/parallel`: v1.4.2 to v1.4.3
- `amphp/parser`: v1.0.0 to v1.1.1
- `amphp/process`: v1.1.4 to v1.1.7
- `composer/semver`: 3.3.2 to 3.4.2
- `consolidation/annotated-command`: 4.8.1 to 4.10.0
- `consolidation/output-formatters`: 4.2.4 to 4.5.0
- `consolidation/robo`: 3.0.11 to 3.0.12
- `consolidation/self-update`: 2.1.0 to 2.2.0
- `dflydev/dot-access-data`: v3.0.2 to v3.0.3
- `doctrine/deprecations`: v1.0.0 to 1.1.3
- `enlightn/security-checker`: v1.10.0 to v1.11.0
- `ergebnis/composer-normalize`: 2.20.0 to 2.43.0
- `guzzlehttp/promises`: 1.5.2 to 1.5.3
- `justinrainbow/json-schema`: 5.2.12 to 5.3.0
- `league/container`: 4.2.0 to 4.2.2
- `mockery/mockery`: 1.5.1 to 1.6.12
- `monolog/monolog`: 2.9.1 to 2.9.3
- `myclabs/deep-copy`: 1.11.0 to 1.12.0
- `nikic/php-parser`: v4.15.3 to v4.19.1
- `ondram/ci-detector`: 4.1.0 to 4.2.0
- `phar-io/manifest`: 2.0.3 to 2.0.4
- `php-mock/php-mock`: 2.4.0 to 2.5.0
- `phpunit/php-code-coverage`: 9.2.25 to 9.2.31
- `phpunit/phpunit`: 9.6.4 to 9.6.20
- `sebastian/cli-parser`: 1.0.1 to 1.0.2
- `sebastian/diff`: 4.0.4 to 4.0.6
- `sebastian/ lines-of-code`: 1.0.3 to 1.0.4
and many more.

This ensures compatibility with newer versions, security improvements, and overall system stability.
2024-07-21 08:51:05 +02:00
a8fbb72163
chore: update .gitignore to exclude composer.phar
Adding composer.phar to .gitignore to prevent the inclusion of the Composer binary in the repository. This ensures local dependencies are not accidentally committed, promoting a cleaner codebase.
2024-07-21 08:47:29 +02:00
Pierre Rudloff
ec95a8f1b7
Merge branch 'release/3.2.0-alpha' 2023-04-22 23:21:32 +02:00
Pierre Rudloff
a9da2314af
Merge branch 'master' into develop 2023-04-22 23:16:52 +02:00
dependabot[bot]
fcb3d2e84c
Bump guzzlehttp/psr7 from 1.9.0 to 1.9.1 (#436)
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.9.0 to 1.9.1.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.9.1/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/1.9.0...1.9.1)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-04-19 23:47:18 +02:00
Pierre Rudloff
f09b7b43d7
Merge branch 'master' into develop 2023-03-30 21:46:49 +02:00
dependabot[bot]
a4146a63c8
Bump smarty/smarty from 4.3.0 to 4.3.1 (#431)
Bumps [smarty/smarty](https://github.com/smarty-php/smarty) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/smarty-php/smarty/releases)
- [Changelog](https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md)
- [Commits](https://github.com/smarty-php/smarty/compare/v4.3.0...v4.3.1)

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-30 21:46:39 +02:00
Pierre Rudloff
3e45f19682
Switch to yt-dlp (fixes #432)
youtube-dl has no new release since 2021
2023-03-30 21:41:08 +02:00
Pierre Rudloff
9564764633
ucfirst Smarty modifier is deprecated
See https://github.com/smarty-php/smarty/issues/813
2023-03-21 20:25:47 +01:00
Pierre Rudloff
71647158d3
Stronger typying now that we target PHP 7.4 2023-03-21 20:20:14 +01:00
Pierre Rudloff
b23ce88be8
fixup! fix dockerfile permission issue (#426) 2023-03-21 20:07:31 +01:00
Pierre Rudloff
b52a582539
Stop supporting PHP 7.3 (#430)
It is unmaintained
2023-03-21 20:07:08 +01:00
Pierre Rudloff
7bfe55fff6
"git describe" needs to be non-interactive so we can get its output 2023-03-11 14:37:28 +01:00
Pierre Rudloff
9d8bff3c42 Updated robo to 3.0
Various dependencies update
 -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAJ1cjUGHGZz2Xlnuxq9dZ2
 wA/r2ineVomdWGZBiq9GYcfUirCaArD49YsXbdQKkcHhrQ+gMUNQP4iOWjuPBG5WAPrORz
 LXUXwmk0UHdEPdJ2LymHXQsyYyHaldikt3gfsiD0ny/Uf3V9lL3vnrEUhQAxIYN87RaQun
 OL0S5y5wOp3vr8DwMlvAUDfZbzZgJ56nzVWRElVLNuQCQSZta9imqnJpzHQf4KTMut191S
 hgQjBA0TWeOAqGVeIMOctLqNY1gL5QUSyg5RYmBHjResH8tnOkfPElE1Ih19MCCQ9Eaubw
 g1cS6Ls6LgbTIdvyMud6ep+0iF3ifj0g7w1X6NvQfQp0JcWkU3eXyQfOGjdePZG9Kn+27Q
 EeMv47cyCGuMdGbpbFoD/yR82T2n78rPmxbYEnPnJSmuy30Wi8reYeaQUP2z+Krexk5tGQ
 a/thYIk1yhN+Ui3nSr78sATwgqateS6VvNw8nY315PUzmf4Bk0kDCnj7Q7z4wenHAhkayU
 FwAAAANnaXQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAAABgG9ULjUS0q
 UP06d9PYGfxYL3aADqwS5eczhU4B3QsUD5aab3q1qbqUfkRZ7Gvhy3lK4UXJvyy5kGC5Ba
 1u+WBlCuX4ki6Vgum0skw612V5cKOdcr5eDDc5jYRPwNd3P/Aa/YoBc1Ev4a1Ozlj9g2MR
 2XmDHxaoW6tzjsGYgPhihr1eIDAQm+BxeccDdjs9lsSiHfpcW6Vg7MdBzxZFPBEbpeEp6I
 WsvWVntjwBKFXG+cx/nBq+HNwdBHOq5ncE3eLHG7loNb5O3cof9t8Y91z+P6Cnw8r6lulu
 RIOgBfv/fIgZTIXq/UZ/bjUmbDrpCfDm2mtSi57X4Iaj5ZBXAu0tGwl46ZhGjDnwxBcBGn
 DcaLWUhVL19JEhKwq3APdV++ZEpeU4+G4VbuYvjbLe3kT/S/AMaw/5H1D7CFPQB30AeLbl
 l+1QWoc3bW8rY0FqBHpaFl5mgvu3VL23H8O+VhrzueM/CK22aaBt86bvUVHQnqLnQQ82xo
 oARjISpOfp0xjw==
 -----END SSH SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
 U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAJ1cjUGHGZz2Xlnuxq9dZ2
 wA/r2ineVomdWGZBiq9GYcfUirCaArD49YsXbdQKkcHhrQ+gMUNQP4iOWjuPBG5WAPrORz
 LXUXwmk0UHdEPdJ2LymHXQsyYyHaldikt3gfsiD0ny/Uf3V9lL3vnrEUhQAxIYN87RaQun
 OL0S5y5wOp3vr8DwMlvAUDfZbzZgJ56nzVWRElVLNuQCQSZta9imqnJpzHQf4KTMut191S
 hgQjBA0TWeOAqGVeIMOctLqNY1gL5QUSyg5RYmBHjResH8tnOkfPElE1Ih19MCCQ9Eaubw
 g1cS6Ls6LgbTIdvyMud6ep+0iF3ifj0g7w1X6NvQfQp0JcWkU3eXyQfOGjdePZG9Kn+27Q
 EeMv47cyCGuMdGbpbFoD/yR82T2n78rPmxbYEnPnJSmuy30Wi8reYeaQUP2z+Krexk5tGQ
 a/thYIk1yhN+Ui3nSr78sATwgqateS6VvNw8nY315PUzmf4Bk0kDCnj7Q7z4wenHAhkayU
 FwAAAANnaXQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJrUC15ar9
 VQj/LfmlMNN7+ec1D17Bk4q7/XH27FgUyRCHXLFS4hm0GhtjIZAaA9jErCt23NcAFan7cI
 WQyL6AAqqq/DOshmaYXY7Zj+5vQXbiJjDcGu1IsdGEFAA/DIAr721vxfKrri3aArucWK3T
 ymPliFOqhL1qyxKqFxrADJmcqZeL9XzoQ0RHxayyN8XRYf5Px8vrmxkgvcI7wiy2W554qk
 3DR7UlcHX/rg1H8B6W+PO7WK0JWdFoRRR/EErmo2VzCfEo/3USxJPPNUrhEv6K02WUVzib
 1ac6cjuIsb0xHE2zVQO6hgpIH9L73Ef6pOUcEnlu2zqE1FPgJc5u0q5MDXQyNMGTtcKk8U
 /UfNJw55umSMneOTHnhZ3AfmNYAmxWGGfwpbc2Y/rrOdBXWVhJzoPZWRKuOANk65+9NIjC
 20KLEeZSvodADv+f+WGrsVDHB2NUKLG5YuuWANH/s07a9Mm7I/XedWgRE7wh/WzfT93XKn
 BwDuEKTCMHOZwQ==
 -----END SSH SIGNATURE-----

Merge tag '3.1.1' into develop

Updated robo to 3.0
Various dependencies update
2023-03-11 14:32:35 +01:00
Pierre Rudloff
2bef4d551d
Merge branch 'release/3.1.1' 2023-03-11 14:30:30 +01:00
Pierre Rudloff
f475fa2a47
Lint 2023-03-03 00:18:00 +01:00
Pierre Rudloff
8e6e88a2b2
Dependencies update 2023-03-03 00:14:36 +01:00
Pierre Rudloff
2d60fd32ef Merge branch 'master' into develop 2022-11-07 21:20:44 +01:00
Pierre Rudloff
f32412e861 fixup! fix dockerfile permission issue (#426) 2022-11-07 21:19:52 +01:00
Samuel Tan
d060650833
fix dockerfile permission issue (#426) 2022-10-25 22:43:26 +02:00
Pierre Rudloff
4e09393fd9 Update robo to 3.0
To fix a PHP 8 compatibility notice
2022-10-16 15:42:19 +02:00
Pierre Rudloff
5d5a6624b8 Merge tag '3.1.0' into develop
Removed every reference to alltubedownload.net (#422)
Updated youtube-dl to 2021.12.17
Updated alltube-library to 0.1.3
Updated Smarty to 4.0
PHP 8 compatibility
Various refactoring and typying improvement
2022-10-16 15:36:55 +02:00
Pierre Rudloff
36a91c8d4d Merge branch 'release/3.1.0' 2022-10-16 15:36:37 +02:00
Pierre Rudloff
1031ad152d Remove every reference to alltubedownload.net (#422) 2022-10-16 15:22:47 +02:00
Pierre Rudloff
87e30f2e87 Merge branch 'master' into develop 2022-10-16 15:16:38 +02:00
dependabot[bot]
3b6b1f0387
Bump smarty/smarty from 3.1.45 to 3.1.47 (#425)
Bumps smarty/smarty from 3.1.45 to 3.1.47.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-25 15:09:49 +02:00
Pierre Rudloff
b95fed4935 Update phpstan
To fix compatibility with PHP 8.1
2022-06-28 23:08:03 +02:00
Pierre Rudloff
b5f757b562 Merge branch 'master' into develop 2022-06-28 23:07:07 +02:00
Pierre Rudloff
ffeda5ea90 Declare allowed composer plugins 2022-06-28 23:05:34 +02:00
Pierre Rudloff
e9efc6ef71 Update symfony/string
To avoid redeclaring functions that already exist: af4b27f47b
2022-06-28 23:04:03 +02:00
dependabot[bot]
550371db7c
Bump guzzlehttp/guzzle from 6.5.7 to 6.5.8 (#418)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.7 to 6.5.8.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.7...6.5.8)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-28 22:52:44 +02:00
dependabot[bot]
4e826e554d
Bump guzzlehttp/guzzle from 6.5.6 to 6.5.7 (#415)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.6 to 6.5.7.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.7/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.6...6.5.7)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-14 22:05:02 +02:00
Pierre Rudloff
1055ce0c4b Merge branch 'master' into develop 2022-06-08 00:10:34 +02:00
Pierre Rudloff
57dd9a7dd3 Convert issue template to form 2022-06-08 00:08:01 +02:00
Pierre Rudloff
e53393d670 Force port for canonical URL (#410) 2022-06-01 21:57:46 +02:00
Pierre Rudloff
f6ae6eded3 Merge branch 'master' into develop 2022-05-28 23:52:51 +02:00
dependabot[bot]
e7fd4c6bc4
Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6 (#412)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.6/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.5...6.5.6)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:56 +02:00
dependabot[bot]
b894cdd6ce
Bump smarty/smarty from 3.1.43 to 3.1.45 (#413)
Bumps smarty/smarty from 3.1.43 to 3.1.45.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:20 +02:00
Pierre Rudloff
e81b8c75a8 Add void return types 2022-05-28 23:44:34 +02:00
Pierre Rudloff
e3187a7258 Merge branch 'master' into develop 2022-04-07 22:15:36 +02:00
Liu Wenyuan
1d1e804b71
Update (redo) zh_CN translation (#369) 2022-04-07 22:14:08 +02:00
dependabot[bot]
6731fcdf96
Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 (#406)
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.6.1 to 1.8.5.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.8.5/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/1.6.1...1.8.5)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 09:11:45 +02:00
Pierre Rudloff
10b7658240 Merge tag '3.0.3' into develop
Fixed a vulnerability that could be used to trigger either an open redirect or a SSRF attack
2022-03-08 09:36:00 +01:00
Pierre Rudloff
3d09289104 Merge branch 'hotfix/3.0.3' 2022-03-08 09:33:44 +01:00
Pierre Rudloff
8913f27716 Disable the generic extractor entirely
It can be used for SSRF attacks even when redirects are disabled
2022-03-08 09:29:57 +01:00
Pierre Rudloff
113b3d5e50 Some videos have no format 2022-03-06 22:55:33 +01:00
Pierre Rudloff
edaf6f82c0 fixup! LinkHeaderMiddleware should use the same URL as ViewFactory This way the X-Forwarded-Path header is used to generate the Link header 2022-02-27 23:47:19 +01:00
Pierre Rudloff
f814ebc492 Missing exception in @throws tag 2022-02-27 23:45:59 +01:00