[pkg-php-pear] Bug#1008873: composer: Composer cannot parse GitHub OAuth token after the recent format change

Daniel Fancsali fancsali at gmail.com
Sun Apr 3 11:24:07 BST 2022


Package: composer
Version: 2.0.9-2
Severity: important

Dear Maintainer,

Using composer with private repositiories means one needs to user OAuth
tokens; however the current version of Composer in debian is somewhat
older, and cannot parse the recently updated GitHub token format.

SO, if there are any tokens configured, every subcommand will fail with
below message:

> In BaseIO.php line 128:
>
>  Your github oauth token for github.com contains invalid characters:
>  "ghp_somehashthatiwontdisclose"

Most likely this will affect both stable and oldstable; for further info
see:
https://nono.ma/github-oauth-token-for-github-com-contains-invalid-characters-on-composer-install

-- System Information:
Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 11 (bullseye)
Release:	11
Codename:	bullseye
Architecture: armv7l

Kernel: Linux 5.10.92-v7+ (SMP w/3 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages composer depends on:
ii  jsonlint                     1.8.3-2
ii  php-cli                      2:7.4+76
ii  php-common                   2:76
ii  php-composer-ca-bundle       1.2.9-1
ii  php-composer-semver          3.2.4-2
ii  php-composer-spdx-licenses   1.5.5-2
ii  php-composer-xdebug-handler  1.4.5-1
ii  php-json-schema              5.2.10-2
ii  php-psr-log                  1.1.3-2
ii  php-react-promise            2.7.0-2
ii  php-symfony-console          4.4.19+dfsg-2+deb11u1
ii  php-symfony-filesystem       4.4.19+dfsg-2+deb11u1
ii  php-symfony-finder           4.4.19+dfsg-2+deb11u1
ii  php-symfony-process          4.4.19+dfsg-2+deb11u1
ii  php7.4-cli [php-cli]         7.4.28-1+deb11u1

Versions of packages composer recommends:
ii  git    1:2.30.2-1
ii  unzip  6.0-26

Versions of packages composer suggests:
pn  fossil      <none>
pn  mercurial   <none>
pn  php-zip     <none>
pn  subversion  <none>

-- no debconf information



More information about the pkg-php-pear mailing list