feat: add php

[HugoCasa]

🚀 This description was created by Ellipsis for commit 85f0387

Summary:

This pull request integrates PHP support into the platform, enhancing its capabilities to support a wider range of programming languages.

Key points:

• Added PHP support across multiple components.
• Updated Docker configurations to include PHP and Composer.
• Modified backend SQL queries to recognize PHP.
• Enhanced frontend components for syntax highlighting and editor support for PHP.
• Integrated PHP in script execution workflows.

---

Generated with ❤️ by ellipsis.dev

[cloudflare-pages]

Deploying windmill with    Cloudflare Pages

Latest commit:	85f0387
Status:	✅  Deploy successful!
Preview URL:	https://20c1b53f.windmill.pages.dev
Branch Preview URL:	https://hugo-win-38-add-php.windmill.pages.dev

View logs

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to 85f0387 in 2 minutes and 8 seconds

More details

• Looked at 2000 lines of code in 48 files
• Skipped 1 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. frontend/src/lib/script_helpers.ts:193

• Draft comment:
  Consider providing more explicit instructions or an active example for the Composer package requirements in the PHP initialization code to enhance clarity for users.
• Reason this comment was not posted:
  Confidence of 0% on close inspection, compared to threshold of 50%.

Workflow ID: wflow_cNsopijauARORMUE

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

⌛ 2 days left in your free trial, upgrade for $20/seat/month or contact us.

[github-actions]

🔍 Vulnerabilities of ghcr.io/windmill-labs/windmill-ee:main

📦 Image Reference ghcr.io/windmill-labs/windmill-ee:main

digest	sha256:4f667fbf04150b6aa68fa98b683ad9c34ae3477d6315732402b294f2dae4f9ea
vulnerabilities
size	872 MB
packages	1377

📦 Base Image python:3.11-slim

also known as	3.11-slim-bookworm 3.11.8-slim 3.11.8-slim-bookworm
digest	sha256:4bcdb5d5bc81caf410bc880ca7d47d6ce3f05dc50f81166eb42827fcdc98cfca
vulnerabilities

pillow 9.4.0 (pypi) pkg:pypi/pillow@9.4.0 # Dockerfile (168:168) COPY --from=builder /frontend/build /static_frontend Out-of-bounds Write Affected range <10.0.1 Fixed version 10.0.1 CVSS Score 8.8 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 68.00% EPSS Percentile 98th percentile Description Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. Improper Control of Generation of Code ('Code Injection') Affected range <10.2.0 Fixed version 10.2.0 CVSS Score 8.1 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H EPSS Score 0.07% EPSS Percentile 31st percentile Description Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). Uncontrolled Resource Consumption Affected range <10.0.0 Fixed version 10.0.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.05% EPSS Percentile 22nd percentile Description An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Affected range <10.0.1 Fixed version 10.0.1 Description Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863). Pillow v10.0.1 upgrades the bundled libwebp binary to v1.3.2.

cryptography 38.0.4 (pypi) pkg:pypi/cryptography@38.0.4 # Dockerfile (106:108) RUN apt-get update \ && apt-get install -y ca-certificates wget curl git jq unzip build-essential unixodbc xmlsec1 software-properties-common \ && rm -rf /var/lib/apt/lists/* NULL Pointer Dereference Affected range >=38.0.0 <42.0.4 Fixed version 42.0.4 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.04% EPSS Percentile 15th percentile Description If pkcs12.serialize_key_and_certificates is called with both: A certificate whose public key did not match the provided private key An encryption_algorithm with hmac_hash set (via PrivateFormat.PKCS12.encryption_builder().hmac_hash(...) Then a NULL pointer dereference would occur, crashing the Python process. This has been resolved, and now a ValueError is properly raised. Patched in pyca/cryptography#10423 Observable Discrepancy Affected range <42.0.0 Fixed version 42.0.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N EPSS Score 0.10% EPSS Percentile 41st percentile Description A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Access of Resource Using Incompatible Type ('Type Confusion') Affected range >=0.8.1 <39.0.1 Fixed version 39.0.1 CVSS Score 7.4 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H EPSS Score 0.21% EPSS Percentile 59th percentile Description pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and https://www.openssl.org/news/secadv/20230207.txt. If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

glibc 2.36-9+deb12u4 (deb) pkg:deb/debian/glibc@2.36-9%2Bdeb12u4?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (93:93) FROM ${PYTHON_IMAGE} Affected range <2.36-9+deb12u7 Fixed version 2.36-9+deb12u7 EPSS Score 0.04% EPSS Percentile 8th percentile Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Affected range <2.36-9+deb12u6 Fixed version 2.36-9+deb12u6 EPSS Score 0.04% EPSS Percentile 12th percentile Description The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

pillow 9.4.0-1.1 (deb) pkg:deb/debian/pillow@9.4.0-1.1?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (168:168) COPY --from=builder /frontend/build /static_frontend Affected range >=9.4.0-1.1 Fixed version Not Fixed EPSS Score 0.07% EPSS Percentile 31st percentile Description Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

libyaml 0.2.5-1 (deb) pkg:deb/debian/libyaml@0.2.5-1?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (106:108) RUN apt-get update \ && apt-get install -y ca-certificates wget curl git jq unzip build-essential unixodbc xmlsec1 software-properties-common \ && rm -rf /var/lib/apt/lists/* Affected range >=0.2.5-1 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 15th percentile Description A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

System.Data.SqlClient 4.8.5 (nuget) pkg:nuget/System.Data.SqlClient@4.8.5 # Dockerfile (111:122) RUN if [ "$WITH_POWERSHELL" = "true" ]; then \ if [ "$TARGETPLATFORM" = "linux/amd64" ]; then apt-get update -y && apt install libicu-dev -y && wget -O 'pwsh.deb' "https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell_${POWERSHELL_DEB_VERSION}.deb_amd64.deb" && \ dpkg --install 'pwsh.deb' && \ rm 'pwsh.deb'; \ elif [ "$TARGETPLATFORM" = "linux/arm64" ]; then apt-get update -y && apt install libicu-dev -y && wget -O powershell.tar.gz "https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz" && \ mkdir -p /opt/microsoft/powershell/7 && \ tar zxf powershell.tar.gz -C /opt/microsoft/powershell/7 && \ chmod +x /opt/microsoft/powershell/7/pwsh && \ ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \ rm powershell.tar.gz; \ else echo 'Could not install pwshell, not on amd64 or arm64'; fi; \ else echo 'Building the image without powershell'; fi Cleartext Transmission of Sensitive Information Affected range <4.8.6 Fixed version 4.8.6 CVSS Score 8.7 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N EPSS Score 0.16% EPSS Percentile 52nd percentile Description Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability

pip 24.0 (pypi) pkg:pypi/pip@24.0 # Dockerfile (93:93) FROM ${PYTHON_IMAGE} OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range >=0 Fixed version Not Fixed CVSS Score 7.8 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.11% EPSS Percentile 44th percentile Description An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number).

nodejs 20.12.2-1nodesource1 (deb) pkg:deb/debian/nodejs@20.12.2-1nodesource1?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (168:168) COPY --from=builder /frontend/build /static_frontend Affected range >=18.13.0+dfsg1-1 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 15th percentile Description An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.