Skip to main content

Composer Security Update (CVE-2021-29472) for leravel #2021

Composer had a security vulnerability reported (CVE-2021-29472) and a new version has been released to address this. Everyone should run composer self-update to get v2.0.13 which includes the fix.

According to their announcment:

As a precaution after updating Composer we recommend you audit your composer.lock files to ensure they only contain URLs and none which start with -- , e.g. --config and could be considered command line options. Should you find any such URL values despite our belief that this vulnerability was not exploited in the wild, please contact us immediately by email to security@packagist.org.

In general we always recommend you review changes you make to your lock files to ensure no untrusted dependencies or external URLs are introduced to your application. Please note that Packagist.org is only a metadata server and package contents are downloaded from a location chosen by the package maintainers. Private Packagist will store copies of mirrored package contents, so Composer can download them from there, but the lock files will still contain the maintainers' original URLs for reference and as a fallback.

Read more about this in the Packagist official announcement 

Popular posts from this blog

Laravel8 in Serializes Models trait | laravelnote

This article was originally posted, with additional formatting, on my personal blog at laravel serializes model Background  When dispatching an object onto the queue, behind the scenes Laravel is recursively serializing the object and all of its properties into a string representation that is then written to the queue. There it awaits a queue worker to retrieve it from the queue and unserialize it back into a PHP object (Phew!). Problem When complicated objects are serialized, their string representations can be atrociously long, taking up unnecessary resources both on the queue and application servers. Solution Because of this, Laravel offers a trait called SerializesModels which, when added to an object, finds any properties of type Model or Eloquent\Collection during serialization and replaces them with a plain-old-PHP-object (POPO) known as a ModelIdentifier. These identifier objects represent the original properties Model type and ID, or IDs in the case of an Eloquent\Collection,

What is HTTP client in laravel8 by laravenote 2021 | Laravelnote

Laravel provides an expressive, minimal API around the Guzzle HTTP client, allowing you to quickly make outgoing HTTP requests to communicate with other web applications. Laravel's wrapper around Guzzle is focused on its most common use cases and a wonderful developer experience. Before getting started, you should ensure that you have installed the Guzzle package as a dependency of your application. By default, Laravel automatically includes this dependency. However, if you have previously removed the package, you may install it again via Composer: composer require guzzlehttp/guzzle Making Requests To make requests, you may use the get, post, put, patch, and delete methods provided by the Http facade. First, let's examine how to make a basic GET request to another URL: use Illuminate\Support\Facades\Http; $response = Http::get('http://example.com'); The get method returns an instance of Illuminate\Http\Client\Response, which provides a variety of methods that may be use

Laravel Parallel Testing Is Now Available in laravel8 | Laravelnote

 Parallel Testing | Laravelnote As such we know Laravel and PHP Unit execute your tests sequentially within a single process.  As such laravel check the single process doesn’t use multiple cores so that therefore, your test execution is seriously bottlenecked! we glad to say that Parallel Testing is now available in Laravel. You can use this Laravel version8.25 you may also use to laravel8 built-in test Artisan command to run your cmd to tests simultaneously across multiple processes to use significantly reduce the time required for to run the entire test suite. It is about sure that in laravel8 new on top of Paratest Laravel automatically use to handles creating and migrating a test for database for each parallel process. In The  Laravel8 for testing purpose goodies - such as Storage::fake - are ready for used in Parallel too. Laravel Provide Each all individual laravel8 version use test suite will receive a varying benefits from parallel testing. In The Laravel Tests are execution wa