diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 1d765050..21dd5340 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,3 +1,3 @@ -# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#codeowners-file-size +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners * @ergebnis-bot @localheinz diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 2065203e..8a26f18a 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -127,7 +127,7 @@ Run make ``` -to enforce coding standards, run a static code analysis, and run tests! +to automatically refactor code, enforce coding standards, run a static code analysis, and run tests! ## Help diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..db7e9eb1 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,17 @@ +# Security Policy + +## Supported Versions + +The following versions of `ergebnis/composer-normalize` have active support: + +- `^2.30.2` + +## Unsupported Versions + +The following versions of `ergebnis/composer-normalize` have reached their end of life: + +- `<=2.30.2` + +## Reporting a Vulnerability + +If you believe that you have found a security vulnerability, please send an email to `am@localheinz.com`. Ensure to include all details required to understand the severity of the issue. diff --git a/.github/settings.yml b/.github/settings.yml index 08d06ec7..6c065d35 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -80,6 +80,7 @@ repository: description: ":musical_note: Provides a composer plugin for normalizing composer.json." enable_automated_security_fixes: true enable_vulnerability_alerts: true + has_discussions: false has_downloads: true has_issues: true has_pages: false diff --git a/Makefile b/Makefile index d2fea5c2..32162241 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ code-coverage: vendor ## Collects coverage from running unit and integration tes coding-standards: phive vendor ## Lints YAML files with yamllint, normalizes composer.json with ergebnis/composer-normalize, and fixes code style issues with friendsofphp/php-cs-fixer yamllint -c .yamllint.yaml --strict . .phive/composer-normalize - mkdir -p .build/php-cs-fixer + mkdir -p .build/php-cs-fixer/ vendor/bin/php-cs-fixer fix --config=.php-cs-fixer.php --diff --verbose .PHONY: dependency-analysis @@ -25,7 +25,7 @@ help: ## Displays this list of targets with descriptions .PHONY: mutation-tests mutation-tests: vendor ## Runs mutation tests with infection/infection - mkdir -p .build/infection + mkdir -p .build/infection/ vendor/bin/infection --configuration=infection.json .PHONY: phar @@ -40,11 +40,12 @@ phar: phive vendor ## Builds a phar with humbug/box .PHONY: phive phive: .phive ## Installs dependencies with phive - mkdir -p .build/phive + mkdir -p .build/phive/ PHIVE_HOME=.build/phive phive install --trust-gpg-keys 0xC00543248C87FB13,0x033E5F8D801A2F8D,0x2DF45277AEF09A2F .PHONY: refactoring refactoring: vendor ## Runs automated refactoring with rector/rector + mkdir -p .build/rector/ vendor/bin/rector process --config=rector.php .PHONY: schema @@ -58,19 +59,19 @@ security-analysis: vendor ## Runs a security analysis with composer .PHONY: static-code-analysis static-code-analysis: vendor ## Runs a static code analysis with vimeo/psalm - mkdir -p .build/psalm + mkdir -p .build/psalm/ vendor/bin/psalm --config=psalm.xml --clear-cache vendor/bin/psalm --config=psalm.xml --show-info=false --stats --threads=4 .PHONY: static-code-analysis-baseline static-code-analysis-baseline: vendor ## Generates a baseline for static code analysis with vimeo/psalm - mkdir -p .build/psalm + mkdir -p .build/psalm/ vendor/bin/psalm --config=psalm.xml --clear-cache vendor/bin/psalm --config=psalm.xml --set-baseline=psalm-baseline.xml .PHONY: tests tests: vendor ## Runs unit and integration tests with phpunit/phpunit - mkdir -p .build/phpunit + mkdir -p .build/phpunit/ vendor/bin/phpunit --configuration=test/phpunit.xml --testsuite=unit vendor/bin/phpunit --configuration=test/phpunit.xml --testsuite=integration diff --git a/README.md b/README.md index db88dfa9..9cdaad14 100644 --- a/README.md +++ b/README.md @@ -498,6 +498,10 @@ Please have a look at [`CONTRIBUTING.md`](.github/CONTRIBUTING.md). Please have a look at [`CODE_OF_CONDUCT.md`](https://github.com/ergebnis/.github/blob/main/CODE_OF_CONDUCT.md). +## Security Policy + +Please have a look at [`SECURITY.md`](.github/SECURITY.md). + ## License This package is licensed using the MIT License. diff --git a/composer-require-checker.json b/composer-require-checker.json index b1208fb7..60012af8 100644 --- a/composer-require-checker.json +++ b/composer-require-checker.json @@ -1,20 +1,5 @@ { "symbol-whitelist": [ - "array", - "bool", - "callable", - "false", - "float", - "int", - "iterable", - "null", - "object", - "parent", - "self", - "static", - "string", - "true", - "void", "Composer\\Command\\BaseCommand", "Composer\\Composer", "Composer\\Console\\Application", diff --git a/composer.json b/composer.json index 46f50d09..cd8ba157 100644 --- a/composer.json +++ b/composer.json @@ -18,7 +18,8 @@ "homepage": "https://github.com/ergebnis/composer-normalize", "support": { "issues": "https://github.com/ergebnis/composer-normalize/issues", - "source": "https://github.com/ergebnis/composer-normalize" + "source": "https://github.com/ergebnis/composer-normalize", + "security": "https://github.com/ergebnis/composer-normalize/blob/main/.github/SECURITY.md" }, "require": { "php": "~8.0.0 || ~8.1.0 || ~8.2.0",