Commit graph

150 commits

Author SHA1 Message Date
snipe
aca51d992b
Merge pull request #14038 from ubc-cpsc/bugfix/CVE-2023-50251
Fixes CVE-2023-50251 and CVE-2023-50262 DoS on parsing SVG
2023-12-19 14:00:13 +00:00
Joël Pittet
32aedabfe5 Force update with PHP 7.4.3 platform requirement and update lock 2023-12-14 09:59:11 -08:00
Joël Pittet
b746c7d371 Fixes CVE-2023-43655 Composer Remote Code Execution vulnerability via web-accessible composer.phar 2023-12-14 09:34:25 -08:00
Joël Pittet
0a5eca53db Fixes CVE-2023-50251 and CVE-2023-50262 DoS on parsing SVG 2023-12-14 09:28:21 -08:00
snipe
5730518fc6
Merge pull request #13978 from uberbrady/test_ldap
Test ldap
2023-11-30 19:23:29 +00:00
Joël Pittet
5b4d6b346b Update for CVE-2023-49316 by upgrading phpseclib/phpseclib (3.0.14 => 3.0.34) 2023-11-29 11:03:12 -08:00
Brady Wetherington
8e8b1068ff Beginnings of LDAP test suite 2023-11-27 14:50:43 +00:00
Brady Wetherington
3184f795c2 Upgrade to new branch for our fork of laravel-scim-server 2023-09-07 18:29:23 +01:00
Marcus Moore
5828d29952 Remove Dusk 2023-08-30 16:43:18 -07:00
Marcus Moore
191c4f959f Bump guzzlehttp/psr7 to 2.4.5 2023-08-21 14:46:08 -07:00
Marcus Moore
1e10a7ee23 Bump nyholm/psr7 to 1.6.1 2023-08-21 14:45:21 -07:00
snipe
96b616be89 Downgraded TCPDF
Signed-off-by: snipe <snipe@snipe.net>
2023-08-15 20:11:56 +01:00
snipe
697dc10d76 More label tweaks
Signed-off-by: snipe <snipe@snipe.net>
2023-08-15 20:03:32 +01:00
Marcus Moore
d8f22880d6
Allow installing on PHP 7.4 2023-07-10 17:35:21 -07:00
Marcus Moore
3f09e6017b
Install paratest to allow for parallel test running 2023-06-26 16:22:28 -07:00
snipe
c52b48c383 Google oauth login
Signed-off-by: snipe <snipe@snipe.net>
2023-05-10 00:14:28 -07:00
Marcus Moore
48ef8443f5
Restrict PHP to >=7.4.3 <8.2 2023-05-02 12:01:09 -07:00
snipe
0b408218b0 Update dompdf
Signed-off-by: snipe <snipe@snipe.net>
2023-02-23 12:59:04 -08:00
Brady Wetherington
3a2b54fd47 Add libsodium shim, and mark the sodium extension as 'optional'
Trying to handle some composer.lock conflicts, as savely as possible.
2023-02-15 18:16:39 -08:00
snipe
f4617d8d5b Added larastan and psalm to composer dev
Signed-off-by: snipe <snipe@snipe.net>
2023-02-07 11:01:21 -08:00
snipe
aeb8dfb07d Added phpinsights
Signed-off-by: snipe <snipe@snipe.net>
2023-02-06 12:39:55 -08:00
snipe
2a8851bbd7
Merge pull request #12342 from marcusmoore/fix/dusk-test-suite
Fixed Dusk Test Suite
2023-02-02 09:50:34 -08:00
Brady Wetherington
c5d3b3ab81 Change out the SCIM config for a fixed one; update our fork of the SCIM-server 2023-01-25 15:59:46 -08:00
Marcus Moore
2aa50859b3
Bump Dusk version to fix broken macOS chrome driver link 2023-01-10 17:01:03 -08:00
Brady Wetherington
06a1fe5b38 Pulled in latest upstream changes for improved standards-compliance 2022-11-22 12:52:11 -08:00
Brady Wetherington
383bd6bb45 Add new SCIM env vars; upgrade SCIM library 2022-11-09 19:08:15 +00:00
Brady Wetherington
9605dec22a Use the new scim-trace feature from our fork of laravel-scim-server lib 2022-10-05 17:43:59 -07:00
snipe
9dbc5070f8 Remove phplint (for now)
Signed-off-by: snipe <snipe@snipe.net>
2022-09-27 16:47:09 -07:00
snipe
443b1df5e1 Bumped packages
Signed-off-by: snipe <snipe@snipe.net>
2022-07-22 17:55:19 -07:00
Brady Wetherington
b2112e6792 Whoops, bump version to have the right syntax! 2022-07-18 15:16:45 -07:00
Brady Wetherington
250db10249 Upgrade our fork of laravel-scim-server to better support scim creates 2022-07-18 15:05:42 -07:00
snipe
7e7ae3bb95 Really reverting this time
Signed-off-by: snipe <snipe@snipe.net>
2022-06-24 17:55:34 -07:00
snipe
838579e9a8 Reverting :(
Signed-off-by: snipe <snipe@snipe.net>
2022-06-24 17:30:56 -07:00
snipe
c0b6d5aa2c Upgraded guzzle to 7.4.5
Signed-off-by: snipe <snipe@snipe.net>
2022-06-24 17:01:24 -07:00
snipe
3dc4f56fb4 Update constraints to allow up to 8.2
Signed-off-by: snipe <snipe@snipe.net>
2022-05-16 17:23:41 -07:00
snipe
4c06a451b8 Upgraded dompdf
Signed-off-by: snipe <snipe@snipe.net>
2022-05-16 10:17:46 -07:00
Brady Wetherington
599d725d55 Just needed to adjust the hash so that the composer.lock is correct 2022-04-05 20:31:34 +01:00
Brady Wetherington
9bd04eb8c9 Use our forked version of the Laravel-SCIM-Server package (hopefully temporary) 2022-04-05 20:26:40 +01:00
Brady Wetherington
6756dd193e SCIM integration using the 're-do-the routes' approach, which seems like a dead-end
Cleaning up routes to match laravel-scim-server's recommended implementation

Some actually *working* changes for SCIM support?!

Whoops, forgot my route file

Fix public SCIM routes

Removed Ziggy, removed old generated file, yanked Ziggy references

Resolves the first set of comments for SCIM

Ensure all /api routes have baseUrl prepended

Fix the parent:: call to be, uh, actually correct :P

Clarify the route-ordering, as it is quite tricky

This gets it so that users can actually be saved..

Work around the lack of callbacks with some inheritance

Mapped a bunch more fields from SCIM into Snipe-IT's user table

More baseUrl shenanigans since we yanked Ziggy :/

Properly map job title and work with some other necessary attributes

Map more fields...

Finalized basic mapping for core and enterprise namespaces

Latest tuned settings for SCIM config to work with Azure (and others)
2022-04-05 20:26:37 +01:00
Joël Pittet
472c94ef89 Security updates to enshrined/svg-sanitize and guzzlehttp/psr7 2022-04-04 12:31:27 -07:00
Godfrey Martinez
fe6a6740db
Merge branch 'develop' into feature/sc-15014/asset-acceptance-and-signed-eula-as-pdf 2022-03-22 10:10:56 -07:00
snipe
d06ef4bdef Bumped lockfile
Signed-off-by: snipe <snipe@snipe.net>
2022-03-08 22:17:46 -08:00
snipe
b876d0abb0 Merge remote-tracking branch 'origin/master' into develop
Signed-off-by: snipe <snipe@snipe.net>

# Conflicts:
#	.env.example
#	app/Http/Controllers/Auth/LoginController.php
#	app/Http/Kernel.php
#	app/Http/Transformers/ActionlogsTransformer.php
#	app/Importer/AssetImporter.php
#	app/Models/Accessory.php
#	app/Models/Consumable.php
#	app/Presenters/AccessoryPresenter.php
#	app/Presenters/ComponentPresenter.php
#	app/Presenters/ConsumablePresenter.php
#	app/Providers/AuthServiceProvider.php
#	composer.json
#	composer.lock
#	config/app.php
#	config/cors.php
#	config/version.php
#	package-lock.json
#	public/js/build/app.js
#	public/js/build/app.js.LICENSE.txt
#	public/js/dist/all.js
#	public/mix-manifest.json
#	resources/views/accessories/view.blade.php
#	resources/views/consumables/view.blade.php
#	resources/views/settings/saml.blade.php
#	routes/api.php
2022-03-03 21:59:38 -08:00
Godfrey M
533670f3f1 faulty method for converting asset acceptance to pdf 2022-02-24 14:50:16 -08:00
Brady Wetherington
15abc84ab0 Migrate to Fruitcake/laravel-cors which has path-exclusion built-in 2022-02-23 11:06:19 -08:00
Brady Wetherington
3c7f2e89ec Merge branch 'develop' into remove_old_ldap
Had to re-do the composer install because the conflicts were too complicated.
2022-01-03 12:56:58 -08:00
snipe
406211d2fe Move mockery to require-dev
Signed-off-by: snipe <snipe@snipe.net>
2021-12-02 11:22:46 -08:00
snipe
fb06c136b9 Added mockery (because reasons?)
Signed-off-by: snipe <snipe@snipe.net>
2021-12-02 11:11:14 -08:00
snipe
957d092844 Upgraded phpunit to v9
Signed-off-by: snipe <snipe@snipe.net>
2021-12-02 11:04:04 -08:00
snipe
d96e95abd6 Small mods to configs, removed old faker, added new
Signed-off-by: snipe <snipe@snipe.net>
2021-12-01 13:46:21 -08:00