Skip to content

Comments

Update composer and add psalm#2

Merged
b-hayes merged 4 commits intomasterfrom
SEC25-84-add-psalm-scanning
Feb 20, 2026
Merged

Update composer and add psalm#2
b-hayes merged 4 commits intomasterfrom
SEC25-84-add-psalm-scanning

Conversation

@anthonymenefee
Copy link
Contributor

@anthonymenefee anthonymenefee commented Jan 16, 2026

Updated composer to allow install of psalm. Added the necessary psalm files for github actions.

@anthonymenefee
Update composer and add psalm
e03d17d 
Updated composer to allow install of psalm. Added the necessary psalm files for github actions.
@github-advanced-security
Copy link

github-advanced-security bot commented Jan 16, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

joshmcrae
joshmcrae previously approved these changes Jan 18, 2026
View reviewed changes
@anthonymenefee
Copy link
Contributor Author

anthonymenefee commented Feb 6, 2026

@b-hayes Tagging you in this series of PRs for psalm. Sorry for the noise. Let us know if you think this is good to go as is or if the repo needs some special attention. Thanks!

b-hayes
b-hayes requested changes Feb 10, 2026
View reviewed changes
Copy link
Contributor

@b-hayes b-hayes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed there is no baseline file. Should be running vendor/bin/psalm --set-baseline for on these repos unless there was an executive decision not to do so.

@anthonymenefee
Add baseline
c60a5a8 
Add the baseline for this repo
@anthonymenefee
Copy link
Contributor Author

anthonymenefee commented Feb 12, 2026

@b-hayes Added the baseline file. Let me know if we need anything else, thanks!

b-hayes
b-hayes requested changes Feb 13, 2026
View reviewed changes
Copy link
Contributor

@b-hayes b-hayes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

psalm workflow is failing.

@anthonymenefee
Update psalm-security-scan.yaml
8f37d1f 
Add jq fix for the baseline file
@anthonymenefee
Copy link
Contributor Author

anthonymenefee commented Feb 18, 2026

@b-hayes I have corrected the issue with the workflow run for this repo as well. Let me know if there is anything else to address!

b-hayes
b-hayes previously approved these changes Feb 19, 2026
View reviewed changes
@b-hayes
Copy link
Contributor

b-hayes commented Feb 19, 2026

The compose.json has new requirements that are not dev.
Im not a fan of changing project requirements for a dev tool only used in GitHub Actions; however, the new requirements should be compatible with the webapp repo that depends on it should a new version be released, etc.
Risk is very low.

@joshmcrae care to comment on this?

@joshmcrae
Copy link
Member

joshmcrae commented Feb 19, 2026

@b-hayes It depends why that dependency was added. If it can be moved into require-dev then we should do that, otherwise as you say it should be compatible anywhere it's likely to be used.

@anthonymenefee
Remove guzzle
3888d67 
Remove the guzzle install as this was in an effort to resolve a rabbit hole issue on the below when just running a base composer install without tithely pay

MacBook-Pro-4:omnipay-tithely anthonymenefee$ composer install
php-http/discovery contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "php-http/discovery" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?]
@anthonymenefee
Copy link
Contributor Author

anthonymenefee commented Feb 19, 2026

@b-hayes and @joshmcrae you guys were right. I dug back through my history and it looks like I was down the rabbit hole on a composer issue from my side. I have removed those so we should be back to a clean composer. Let me know if anything is amiss.

b-hayes
b-hayes approved these changes Feb 20, 2026
View reviewed changes
Copy link
Contributor

@b-hayes b-hayes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we are good now.

@b-hayes b-hayes merged commit b966185 into master Feb 20, 2026
3 checks passed
@b-hayes b-hayes deleted the SEC25-84-add-psalm-scanning branch February 20, 2026 02:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@b-hayes b-hayes b-hayes approved these changes

@joshmcrae joshmcrae joshmcrae left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anthonymenefee @b-hayes @joshmcrae