Laravel 9 support (#42)

* first draft to support laravel 9

* exclude unsupported versions from test matrix

* prepare changelog for release of v2.3.0

Author: jorijn

.github/workflows/tests.yaml

@@ -10,8 +10,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        php: [7.3, 7.4, 8.0]
-        laravel: [6.*, 7.*, 8.*]
+        php: [7.4, 8.0, 8.1]
+        laravel: [6.*, 7.*, 8.*, 9.*]
+        exclude:
+          # excludes unsupported combinations
+          - php: 7.4
+            laravel: 9.*
+          - php: 8.1
+            laravel: 6.*
+          - php: 8.1
+            laravel: 7.*
 
     name: PHP ${{ matrix.php }} - Laravel ${{ matrix.laravel }}
 

.gitignore

@@ -2,3 +2,4 @@
 composer.lock
 .idea
 build
+.phpunit.result.cache

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog for Laravel Security Checker
 
+## v2.3.0 (2022-03-02)
+* add support for Laravel 9, PHP 8.1
+* dropped support for PHP 7.3, minimum version is now 7.4
+
 ## v2.2.1 (2021-03-10)
 FIXED
 * a permission failure when using this package with multiple users on the same server by adding `temp-dir` to available config options (thanks @thomasderoo4!)

composer.json

@@ -17,15 +17,20 @@
   "require": {
     "php": ">=7.2|^8.0",
     "guzzlehttp/guzzle": "^7.0",
-    "laravel/framework": "^6.0|^7.0|^8.0",
+    "illuminate/support": "^6.0|^7.0|^8.0|^9.0",
+    "illuminate/console": "^6.0|^7.0|^8.0|^9.0",
+    "illuminate/bus": "^6.0|^7.0|^8.0|^9.0",
+    "illuminate/mail": "^6.0|^7.0|^8.0|^9.0",
+    "illuminate/queue": "^6.0|^7.0|^8.0|^9.0",
+    "illuminate/notifications": "^6.0|^7.0|^8.0|^9.0",
     "ext-json": "*",
     "enlightn/security-checker": "^1.3"
   },
   "require-dev": {
     "laravel/slack-notification-channel": "^1.0|^2.0",
     "phpunit/phpunit": "^6.0|^7.0|^8.0|^9.0",
-    "squizlabs/php_codesniffer": "~2.3",
-    "orchestra/testbench": "^4.0|^5.0|^6.0",
+    "squizlabs/php_codesniffer": "~2.3|^3.6",
+    "orchestra/testbench": "^4.0|^5.0|^6.0|^7.0",
     "mockery/mockery": "^1.2"
   },
   "suggest": {

tests/SecurityMailCommandTest.php

@@ -11,7 +11,7 @@ class SecurityMailCommandTest extends TestCase
     /**
      * Tests if the email will be sent
      */
-    public function testFireMethod()
+    public function testFireMethod(): void
     {
         Mail::fake();
 
@@ -31,7 +31,7 @@ public function testFireMethod()
     /**
      * Tests if the email will cancel if there are no recipients
      */
-    public function testFireMethodWithoutRecipients()
+    public function testFireMethodWithoutRecipients(): void
     {
         Mail::fake();
 
@@ -49,7 +49,7 @@ public function testFireMethodWithoutRecipients()
     /**
      * Tests if the email will cancel if there are no vulnerabilities
      */
-    public function testFireMethodWithoutVulnerabilities()
+    public function testFireMethodWithoutVulnerabilities(): void
     {
         Mail::fake();
 
@@ -68,7 +68,7 @@ public function testFireMethodWithoutVulnerabilities()
     /**
      * Tests if the email will cancel if there are no vulnerabilities
      */
-    public function testFireMethodWithoutVulnerabilitiesWithSending()
+    public function testFireMethodWithoutVulnerabilitiesWithSending(): void
     {
         Mail::fake();
 

tests/SecurityMailTest.php

@@ -10,7 +10,7 @@ class SecurityMailTest extends TestCase
     /**
      * This method tests if the Mailable class gets rendered correctly.
      */
-    public function testLaravelMailable()
+    public function testLaravelMailable(): void
     {
         // create the mailable
         $vulnerabilities = $this->getFakeVulnerabilityReport();

tests/SecuritySlackCommandTest.php

@@ -17,7 +17,7 @@ class SecuritySlackCommandTest extends TestCase
     /**
      * Tests if the notification get's sent
      */
-    public function testHandleMethod()
+    public function testHandleMethod(): void
     {
         Notification::fake();
 
@@ -44,7 +44,7 @@ function ($notification, $channels, $notifiable) {
     /**
      * Tests that no notification is sent if a Slack Webhook has not been configured.
      */
-    public function testHandleMethodWithoutSlackWebHook()
+    public function testHandleMethodWithoutSlackWebHook(): void
     {
         Notification::fake();
 
@@ -67,7 +67,7 @@ public function testHandleMethodWithoutSlackWebHook()
     /**
      * Test that no notification get's sent if there are no vulnerabilities
      */
-    public function testHandleMethodWithoutVulnerabilities()
+    public function testHandleMethodWithoutVulnerabilities(): void
     {
         Notification::fake();
 

tests/SecuritySlackTest.php

@@ -9,7 +9,7 @@ class SecuritySlackTest extends TestCase
     /**
      * This method tests if the SecuritySlackNotification class gets rendered correctly.
      */
-    public function testSlackNotification()
+    public function testSlackNotification(): void
     {
         $vulnerabilities = $this->getFakeVulnerabilityReport();
         $composerLockPath = '/path/to/composer.lock';
@@ -19,10 +19,10 @@ public function testSlackNotification()
 
         $generatedNotification = $notification->toSlack();
 
-        $this->assertEquals($notification->via()[0], 'slack');
+        $this->assertEquals('slack', $notification->via()[0]);
         $this->assertEquals($notification->toArray(), $vulnerabilities);
         $this->assertEquals($generatedNotification->username, config('app.url'));
-        $this->assertEquals($generatedNotification->content, "*Security Check Report:* `{$composerLockPath}`");
-        $this->assertEquals(count($generatedNotification->attachments), count($vulnerabilities));
+        $this->assertEquals("*Security Check Report:* `{$composerLockPath}`", $generatedNotification->content);
+        $this->assertCount(count($generatedNotification->attachments), $vulnerabilities);
     }
 }

tests/TestCase.php

@@ -11,24 +11,24 @@ class TestCase extends \Orchestra\Testbench\TestCase
      * @param \Illuminate\Foundation\Application $app
      * @return array
      */
-    protected function getPackageProviders($app)
+    protected function getPackageProviders($app): array
     {
         return [ServiceProvider::class];
     }
 
-    protected function bindPassingSecurityChecker()
+    protected function bindPassingSecurityChecker(): void
     {
         $securityCheckerMock = \Mockery::mock(SecurityChecker::class);
-        $securityCheckerMock->shouldReceive('check')->andReturn([]);
+        $securityCheckerMock->allows('check')->andReturns([]);
 
         // bind Mockery instance to the app container
         $this->app->instance(SecurityChecker::class, $securityCheckerMock);
     }
 
-    protected function bindFailingSecurityChecker()
+    protected function bindFailingSecurityChecker(): void
     {
         $securityCheckerMock = \Mockery::mock(SecurityChecker::class);
-        $securityCheckerMock->shouldReceive('check')->andReturn($this->getFakeVulnerabilityReport());
+        $securityCheckerMock->allows('check')->andReturns($this->getFakeVulnerabilityReport());
 
         // bind Mockery instance to the app container
         $this->app->instance(SecurityChecker::class, $securityCheckerMock);
@@ -39,7 +39,7 @@ protected function bindFailingSecurityChecker()
      *
      * @return array
      */
-    public function getFakeVulnerabilityReport()
+    public function getFakeVulnerabilityReport(): array
     {
         return [
             'bugsnag/bugsnag-laravel' => [