From e66ada55a4caf84276c64c8bcb7ed653c4482af8 Mon Sep 17 00:00:00 2001 From: Sebastian Fix Date: Fri, 20 Mar 2026 07:02:59 +0100 Subject: [PATCH 1/4] Security update --- .github/ISSUE_TEMPLATE/bug_report.yml | 17 +++++---- .github/dependabot.yml | 40 +++++++++++++++---- CONTRIBUTING.md | 55 +++++++++++++++++++++++++++ SECURITY.md | 3 ++ 4 files changed, 101 insertions(+), 14 deletions(-) create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 7546b77..bc5e177 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -1,18 +1,18 @@ name: Bug Report description: Report an Issue or Bug with the Package title: "[Bug]: " -labels: ["bug"] +labels: [ "bug" ] body: - type: markdown attributes: - value: | - We're sorry to hear you have a problem. Can you help us solve it by providing the following details. + value: "| +We're sorry to hear you have a problem. Can you help us solve it by providing the following details." - type: textarea id: what-happened attributes: label: What happened? description: What did you expect to happen? - placeholder: I cannot currently do X thing because when I do, it breaks X thing. + placeholder: "I cannot currently do X thing because when I do, it breaks X thing." validations: required: true - type: input @@ -20,7 +20,8 @@ body: attributes: label: Package Version description: What version of our Package are you running? Please be as specific as possible - placeholder: 1.0.0 + placeholder: "12.0" + value: "12.0" validations: required: true - type: input @@ -28,7 +29,8 @@ body: attributes: label: PHP Version description: What version of PHP are you running? Please be as specific as possible - placeholder: 8.3.0 + placeholder: "8.4.0" + value: "8.4.0" validations: required: true - type: input @@ -36,7 +38,8 @@ body: attributes: label: Laravel Version description: What version of Laravel are you running? Please be as specific as possible - placeholder: 11.0.0 + placeholder: "12.0.0" + value: "12.0.0" validations: required: true - type: dropdown diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 30c8a49..9ac6a65 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,38 @@ -# Please see the documentation for all configuration options: -# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - version: 2 updates: - - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" - labels: - - "dependencies" \ No newline at end of file + interval: "daily" + ignore: + - dependency-name: "*" + update-types: [ "version-update:semver-major" ] + groups: + minor-and-patch: + update-types: [ "minor", "patch" ] + + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "daily" + allow: + - dependency-type: "direct" + ignore: + - dependency-name: "*" + update-types: [ "version-update:semver-major" ] + groups: + minor-and-patch: + update-types: [ "minor", "patch" ] + + - package-ecosystem: "composer" + directory: "/" + schedule: + interval: "daily" + allow: + - dependency-type: "direct" + ignore: + - dependency-name: "*" + update-types: [ "version-update:semver-major" ] + groups: + minor-and-patch: + update-types: [ "minor", "patch" ] diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..b4ae1c4 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,55 @@ +# Contributing + +Contributions are **welcome** and will be fully **credited**. + +Please read and understand the contribution guide before creating an issue or pull request. + +## Etiquette + +This project is open source, and as such, the maintainers give their free time to build and maintain the source code +held within. They make the code freely available in the hope that it will be of use to other developers. It would be +extremely unfair for them to suffer abuse or anger for their hard work. + +Please be considerate towards maintainers when raising issues or presenting pull requests. Let's show the +world that developers are civilized and selfless people. + +It's the duty of the maintainer to ensure that all submissions to the project are of sufficient +quality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used. + +## Viability + +When requesting or submitting new features, first consider whether it might be useful to others. Open +source projects are used by many developers, who may have entirely different needs to your own. Think about +whether or not your feature is likely to be used by other users of the project. + +## Procedure + +Before filing an issue: + +- Attempt to replicate the problem, to ensure that it wasn't a coincidental incident. +- Check to make sure your feature suggestion isn't already present within the project. +- Check the pull requests tab to ensure that the bug doesn't have a fix in progress. +- Check the pull requests tab to ensure that the feature isn't already in progress. + +Before submitting a pull request: + +- Check the codebase to ensure that your feature doesn't already exist. +- Check the pull requests to ensure that another person hasn't already submitted the feature or fix. + +## Requirements + +If the project maintainer has any additional requirements, you will find them listed here. + +- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer). + +- **Add tests!** - Your patch won't be accepted if it doesn't have tests. + +- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date. + +- **Consider our release cycle** - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option. + +- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests. + +- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](https://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting. + +**Happy coding**! diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..dd923a2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,3 @@ +# Security Policy + +If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. From 2510467892a9ec8f9ec5cd718942800831085187 Mon Sep 17 00:00:00 2001 From: Sebastian Fix Date: Fri, 20 Mar 2026 07:15:47 +0100 Subject: [PATCH 2/4] chore: ignore composer auth.json Made-with: Cursor --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 91b23b2..996e884 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ vendor node_modules .phpactor.json build +auth.json From b6dd7088a5d97c9e434eeb29a19ec8abe5bd7d60 Mon Sep 17 00:00:00 2001 From: Sebastian Fix Date: Fri, 20 Mar 2026 07:39:22 +0100 Subject: [PATCH 3/4] Optimized Repository Skeleton --- .github/workflows/dependabot-auto-merge.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index a3368d2..5bfa1ad 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -13,7 +13,7 @@ jobs: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v2.4.0 + uses: dependabot/fetch-metadata@v2.5.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 0d4a013..3ea91b4 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,6 +15,6 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: 'Dependency Review' uses: actions/dependency-review-action@v4 From a16b9526ea65b9e3c4ca703b2f434deaf95009be Mon Sep 17 00:00:00 2001 From: Sebastian Fix Date: Fri, 20 Mar 2026 08:05:40 +0100 Subject: [PATCH 4/4] chore: fix code style with Laravel Pint --- tests/ImageFieldTest.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/ImageFieldTest.php b/tests/ImageFieldTest.php index 39ed812..5d72bf7 100644 --- a/tests/ImageFieldTest.php +++ b/tests/ImageFieldTest.php @@ -1,5 +1,8 @@ [ @@ -15,9 +18,9 @@ }); it('extends nova image', function () { - $field = CodebarAg\FlysystemCloudinaryNova\CloudinaryImage::make('Image'); + $field = CloudinaryImage::make('Image'); - expect($field)->toBeInstanceOf(Laravel\Nova\Fields\Image::class); + expect($field)->toBeInstanceOf(Image::class); }); it('throws an exception if cloudinary disk is not configured', function () { @@ -25,15 +28,15 @@ 'filesystems.disks.cloudinary' => [], ]); - CodebarAg\FlysystemCloudinaryNova\CloudinaryImage::make('Image'); + CloudinaryImage::make('Image'); })->throws(Exception::class, 'Cloudinary disk is not configured.'); it('does not throw an exception if cloudinary disk is configured', function () { - CodebarAg\FlysystemCloudinaryNova\CloudinaryImage::make('Image'); + CloudinaryImage::make('Image'); })->throwsNoExceptions(); it('has the disk configured to cloudinary', function () { - $field = CodebarAg\FlysystemCloudinaryNova\CloudinaryImage::make('Image'); + $field = CloudinaryImage::make('Image'); expect($field->disk)->toBe('cloudinary'); });