@lando/php - npm Package Compare versions

Comparing version 1.11.2 to 1.12.0

builders/php.js

@@ -173,3 +173,3 @@ 'use strict';
     confSrc: path.resolve(__dirname, '..', 'config'),
-    command: ['sh -c \'a2enmod rewrite && apache2-foreground\''],
+    command: ['sh -c \'a2enmod rewrite headers expires && apache2-foreground\''],
     composer_version: true,
@@ -252,2 +252,6 @@ phpServer: 'apache',
 
+      // Pre-create xdebug log with world-writable permissions so root-owned builds
+      // don't block www-data from writing to it later
+      addBuildStep(['touch /tmp/xdebug.log && chmod 666 /tmp/xdebug.log'], options._app, options.name, 'build_as_root_internal');
+
       // Add build step to enable xdebug
@@ -254,0 +258,0 @@ if (options.xdebug) {

CHANGELOG.md

 ## {{ UNRELEASED_VERSION }} - [{{ UNRELEASED_DATE }}]({{ UNRELEASED_LINK }})
 
+## v1.12.0 - [March 8, 2026](https://github.com/lando/php/releases/tag/v1.12.0)
+
+* Enabled `mod_headers` and `mod_expires` Apache modules by default [#243](https://github.com/lando/php/issues/243)
+* Fixed xdebug log file ownership issue when `build_as_root` or `run_as_root` creates `/tmp/xdebug.log` as root [#242](https://github.com/lando/php/pull/242)
+
 ## v1.11.2 - [February 25, 2026](https://github.com/lando/php/releases/tag/v1.11.2)
@@ -4,0 +9,0 @@

package.json

 {
   "name": "@lando/php",
   "description": "A Lando plugin that provides a tight integration with PHP.",
-  "version": "1.11.2",
+  "version": "1.12.0",
   "author": "Mike Pirog @pirog",
@@ -53,3 +53,3 @@ "license": "MIT",
     "@lando/leia": "0.6.7",
-    "@lando/vitepress-theme-default-plus": "^1.1.1",
+    "@lando/vitepress-theme-default-plus": "^1.1.5",
     "chai": "^4.3.4",
@@ -70,7 +70,7 @@ "command-line-test": "^1.0.10",
   "dist": {
-    "integrity": "sha512-Jn6jP037tdYErBJBdIectKZxAen896JEtQD7sM0/OIztjpogAS94m6AGLfGqlj9g13nPyg2X9m8jR8V7gyIzkw==",
-    "shasum": "3abc7d8bccedcaeb8edb0557dc920475dea2273c",
-    "filename": "lando-php-1.11.2.tgz",
-    "unpackedSize": 3060141
+    "integrity": "sha512-nsB/0TpunQiov9qAnACEcJi3vlduFJjxTkQtkci0jHjG1clPKFUCDPPzwGTfnJl4J0TxJ48dZDMAMcAHRkTttA==",
+    "shasum": "92efcddcc2f1b59017a440b2a4d545353496f847",
+    "filename": "lando-php-1.12.0.tgz",
+    "unpackedSize": 3060783
   }
 }

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

3061043

0.02%

Lines of code

84363

0

No dependency changes