View Issue Details

Related ChangesetsJump to NotesJump to History
This issue affects 1 person(s).
 256
IDProjectCategoryView StatusDate SubmittedLast Update
20426Bug reportsSecuritypublic2026-02-16 09:542026-02-27 10:15
Reporterroelvm Assigned Toc_schmitz  
PrioritynoneSeverityminor 
Status resolvedResolutionfixed 
Summary20426: Include composer.lock and package-lock.json in releases
Description

The official releases do not include composer.lock or package-lock.json. It would be very beneficial if those files were included in the official release builds. This helps us keep our systems safe, as we can use them to create Software Bill Of Material (SBOM) files and use those to track vulnerabilities in the software installed on our systems.

I can create a MR for this if someone points me to the tooling that is used to create releases.

Steps To Reproduce

Steps to reproduce

(Replace this text with detailed step-by-step instructions on how to reproduce the issue)

Expected result

(Write here what you expected to happen)

Actual result

(Write here what happened instead)

TagsNo tags attached.
Bug heat256
Complete LimeSurvey version number (& build)7.0.0-beta1+260121
I will donate to the project if issue is resolvedNo
Browser
Database type & versionany
Server OS (if known)
Webserver software & version (if known)
PHP Versionany

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2026-02-16 10:05

developer   ~84219

I think the best is to use the Git version for this ?
roelvm

roelvm

2026-02-16 10:39

reporter   ~84220

The Git version does not have those files either. It does have package.json and composer.json, but not package-lock.json or composer.lock.
roelvm

roelvm

2026-02-17 11:01

reporter   ~84238

Is there tooling to create Limesurvey releases? If so, could you point me to it please?
c_schmitz

c_schmitz

2026-02-26 16:11

administrator   ~84331

Best way would be to add the lock files to the git repo, then.
The should not be in the release package.
c_schmitz

c_schmitz

2026-02-26 18:45

administrator   ~84337

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=39358
DenisChenu

DenisChenu

2026-02-27 08:06

developer   ~84338

Last edited: 2026-02-27 08:06

@c_schmitz : composer.lock and <s>yarn.lock</s> must be added to export-ignore on .gitattributes , OK ?
https://github.com/LimeSurvey/LimeSurvey/blob/master/.gitattributes

(edit : <s>yarn.lock</s> already here)
c_schmitz

c_schmitz

2026-02-27 09:47

administrator   ~84339

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=39359
c_schmitz

c_schmitz

2026-02-27 10:15

administrator   ~84340

ok, added composer.lock

Related Changesets

LimeSurvey: master 5704fe79

2026-02-26 18:09

c_schmitz


Details Diff		 Fixed issue 20426: Missing composer.lock file which is needed for SBOM
Dev Updated Yii to version 1.1.32		 Affected Issues
20426
mod - .gitignore Diff File
add - composer.lock Diff File
mod - vendor/autoload.php Diff File
mod - vendor/composer/ClassLoader.php Diff File
mod - vendor/composer/InstalledVersions.php Diff File
mod - vendor/composer/autoload_classmap.php Diff File
mod - vendor/composer/autoload_psr4.php Diff File
mod - vendor/composer/autoload_static.php Diff File
mod - vendor/composer/installed.php Diff File
mod - vendor/doctrine/deprecations/composer.json Diff File
mod - vendor/doctrine/deprecations/src/PHPUnit/VerifyDeprecations.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Base32.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Base32Hex.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Base64.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Base64DotSlash.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Base64DotSlashOrdered.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Base64UrlSafe.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Binary.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Encoding.php Diff File
mod - vendor/paragonie/constant_time_encoding/src/Hex.php Diff File
mod - vendor/paragonie/sodium_compat/src/Compat.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Base64/Original.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Base64/UrlSafe.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/ChaCha20.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/ChaCha20/Ctx.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/ChaCha20/IetfCtx.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Curve25519.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Curve25519/Fe.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Ed25519.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/HChaCha20.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Poly1305.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/Util.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/X25519.php Diff File
mod - vendor/paragonie/sodium_compat/src/Core/XChaCha20.php Diff File
mod - vendor/paragonie/sodium_compat/src/Crypto.php Diff File
mod - vendor/paragonie/sodium_compat/src/File.php Diff File
mod - vendor/paragonie/sodium_compat/src/PHP52/SplFixedArray.php Diff File
rm - vendor/pear/ole/.travis.yml Diff
mod - vendor/pear/ole/composer.json Diff File
mod - vendor/pear/ole/package.xml Diff File
mod - vendor/pear/pear-core-minimal/src/PEAR.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Common/Functions/Strings.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/JWK.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/Formats/Keys/PuTTY.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/StreamCipher.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/DES.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PKCS1.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/Formats/Keys/PuTTY.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PrivateKey.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/DSA/PublicKey.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Montgomery.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/Prime.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/BaseCurves/TwistedEdwards.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/Formats/Keys/XML.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PrivateKey.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PublicKey.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Hash.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/PublicKeyLoader.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RC2.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RC4.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PKCS1.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PSS.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/Formats/Keys/PuTTY.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PrivateKey.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA/PublicKey.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Rijndael.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/TripleDES.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Crypt/Twofish.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/File/X509.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Base.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/BuiltIn.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/Barrett.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/BCMath/Reductions/EvalBarrett.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/Engine.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/GMP.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/BigInteger/Engines/PHP/Reductions/Barrett.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Math/PrimeField/Integer.php Diff File
add - vendor/phpseclib/phpseclib/phpseclib/Net/SCP.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Net/SFTP.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Net/SFTP/Stream.php Diff File
mod - vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php Diff File
mod - vendor/shardj/zf1-future/.gitignore Diff File
mod - vendor/shardj/zf1-future/.travis.yml Diff File
mod - vendor/shardj/zf1-future/composer.json Diff File
mod - vendor/shardj/zf1-future/library/Zend/Amf/Parse/Amf0/Deserializer.php Diff File
rm - vendor/shardj/zf1-future/library/Zend/Amf/Parse/Resource/MysqlResult.php Diff
mod - vendor/shardj/zf1-future/library/Zend/Amf/Parse/Resource/MysqliResult.php Diff File
mod - vendor/shardj/zf1-future/library/Zend/Amf/Parse/TypeLoader.php Diff File
mod - vendor/shardj/zf1-future/library/Zend/Amf/Server.php Diff File
mod - vendor/shardj/zf1-future/library/Zend/Auth/Adapter/Digest.php Diff File
mod - vendor/shardj/zf1-future/library/Zend/Auth/Adapter/Http/Resolver/File.php Diff File

LimeSurvey: master f18efed9

2026-02-27 09:47

c_schmitz


Details Diff		 Fixed issue 20426: Missing composer.lock file which is needed for SBOM Affected Issues
20426
mod - .gitattributes Diff File

Issue History

Date Modified Username Field Change
2026-02-16 09:54 roelvm New Issue
2026-02-16 10:05 DenisChenu Note Added: 84219
2026-02-16 10:05 DenisChenu Bug heat 250 => 252
2026-02-16 10:39 roelvm Note Added: 84220
2026-02-16 10:39 roelvm Bug heat 252 => 254
2026-02-17 11:01 roelvm Note Added: 84238
2026-02-26 16:11 c_schmitz Note Added: 84331
2026-02-26 16:11 c_schmitz Bug heat 254 => 256
2026-02-26 18:45 c_schmitz Changeset attached => LimeSurvey master 5704fe79
2026-02-26 18:45 c_schmitz Note Added: 84337
2026-02-26 18:45 c_schmitz Assigned To => c_schmitz
2026-02-26 18:45 c_schmitz Status new => resolved
2026-02-26 18:45 c_schmitz Resolution open => fixed
2026-02-27 08:06 DenisChenu Note Added: 84338
2026-02-27 08:06 DenisChenu Note Edited: 84338
2026-02-27 09:47 c_schmitz Changeset attached => LimeSurvey master f18efed9
2026-02-27 09:47 c_schmitz Note Added: 84339
2026-02-27 10:15 c_schmitz Note Added: 84340