Update dependency composer/composer to v2 #268

Closed

renovate-bot wants to merge 1 commits from renovate/composer-composer-2.x into master

pull from: renovate/composer-composer-2.x

merge into: mwalbeck:master

mwalbeck:master

mwalbeck:renovate/php-8.x

Conversation 1 Commits 1 Files Changed 2 +2 -2

renovate-bot commented 2022-08-16 15:03:35 +00:00

Collaborator

Copy Link

This PR contains the following updates:

Package	Update	Change
composer/composer	major	1.10.26 -> 2.4.2

---

Release Notes

composer/composer

v2.4.2

Compare Source

• Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#​11024)
  • Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
  • Fixed package filter on bump command (#​11053)
  • Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#​11037)
  • Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
  • Fixed handling of zero-major versions in outdated command with --major-only (#​11032)
  • Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#​11046)
  • Fixed a few strict type errors

v2.4.1

Compare Source

• Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#​10998)
  • Fixed show command showing packages in two sections, this was only meant for the outdated command (#​11000)
  • Fixed local git repos being copied to cache unnecessarily (#​11001)
  • Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#​11004)

v2.4.0

Compare Source

• Added json format output to the new audit command (#​10965)
  • Added json format output to the check-platform-reqs command (#​10979)
  • Added GitLab 15+ token refresh support (#​10988)
  • Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#​10995)
  • Fixed various bash completion issues

v2.3.10

Compare Source

• Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#​10935)
  • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#​10928)
  • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#​10925)
  • Fixed support for disable_functions containing disk_free_space (#​10936)
  • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#​10940)

v2.3.9

Compare Source

• Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#​10920)
  • Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#​10920)
  • Fixed deprecation notice (#​10921)
  • Fixed type errors (#​10924)

v2.3.8

Compare Source

• Fixed support for cache-read-only where the filesystem is not writable (#​10906)
  • Fixed type error when using allow-plugins: true (#​10909)
  • Fixed @​putenv scripts receiving arguments passed to the command (#​10846)
  • Fixed support for spaces in paths with binary proxies on Windows (#​10836)
  • Fixed type error in GitDownloader if branches cannot be listed (#​10888)
  • Fixed RootPackageInterface issue on PHP 5.3.3 (#​10895)
  • Fixed type errors (#​10904, #​10897)

v2.3.7

Compare Source

• Fixed a few PHPStan ConfigReturnTypeExtension bugs
  • Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#​10814)
  • Fixed handling of broken symlinks when checking whether a package is still installed (#​6708)
  • Fixed bin proxies to allow a proxy to include another one safely (#​10823)
  • Fixed openssl 3.x version parsing as it is now semver compliant
  • Fixed type error when a json file cannot be read (#​10818)
  • Fixed parsing of multi-line arrays in funding.yml (#​10784)

v2.3.6

Compare Source

• Added Composer\PHPStan\ConfigReturnTypeExtension to improve return types of Config::get() which you can also use in plugins CI (#​10635)
  • Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#​10811)
  • Fixed unnecessary HTTP request in BitbucketDriver (#​10729)
  • Fixed invalid credentials loop when setting up GitLab token (#​10748)
  • Fixed PHP 8.2 deprecations (#​10766)
  • Fixed lock file changes being output even when the lock file creation is disabled
  • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#​10763)
  • Fixed quoting of commas on Windows (#​10775)
  • Fixed issue installing path repos with a disabled symlink function (#​10786)
  • Fixed various type errors (#​10753, #​10739, #​10751)

v2.3.5

Compare Source

• Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
  • Added warning when downloading a file with verify_peer[_name] disabled (#​10722)
  • Fixed curl downloader not retrying when a DNS resolution failure occurs (#​10716)
  • Fixed composer.lock file still being used/read when the lock config option is disabled (#​10726)
  • Fixed validate command checking the lock file even if the lock option is disabled (#​10723)
  • Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#​10701)

v2.3.4

Compare Source

• Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions (#​10714)
  • Fixed run-script --list flag regression (#​10710)
  • Fixed curl downloader handling of DNS resolution failures to do an automatic retry (#​10716)
  • Fixed script handling of external commands not setting the Path env correctly on windows (#​10700)
  • Fixed various type errors (#​10694, #​10696, #​10702, #​10712, #​10703)

v2.3.3

Compare Source

• Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#​10682)
  • Added missing config.bitbucket-oauth in composer-schema.json
  • Fixed type errors in SvnDriver (#​10681)
  • Fixed --version output to match the pre-2.3 one (#​10684)
  • Fixed config/auth.json files not being validated against the composer-schema.json (#​10685)
  • Fixed generation of autoload crashing if a package has a broken path (#​10688)
  • Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#​10687)
  • Updated semver, jsonlint deps for minor fixes
  • Removed dev-master=>dev-main alias from #​10372 as it does not work when reloading from lock file and extracting dev deps (#​10651)

v2.3.2

Compare Source

• Fixed type error when running exec command (#​10672)
  • Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#​10648)
  • Fixed type error in ComposerRepository (#​10675)
  • Fixed issues loading platform packages where the version of a library cannot be established (#​10631)

v2.3.1

Compare Source

• Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#​10935)
  • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#​10928)
  • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#​10925)
  • Fixed support for disable_functions containing disk_free_space (#​10936)
  • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#​10940)

v2.3.0

Compare Source

• Fixed many strict types errors (#​10646, #​10642, #​10647, #​10658, #​10656, #​10665, #​10660, #​10663, #​10662)

v2.2.18

Compare Source

• Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#​10995)
  • Fixed duplicate missing extension warnings being displayed (#​10938)
  • Fixed hg version detection (#​10955)
  • Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#​11004)

v2.2.17

Compare Source

• Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#​10935)
  • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#​10928)
  • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#​10925)
  • Fixed support for disable_functions containing disk_free_space (#​10936)
  • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#​10940)

v2.2.16

Compare Source

• Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#​10920)
  • Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#​10920)
  • Fixed deprecation notice (#​10921)

v2.2.15

Compare Source

• Fixed support for cache-read-only where the filesystem is not writable (#​10906)
  • Fixed type error when using allow-plugins: true (#​10909)
  • Fixed @​putenv scripts receiving arguments passed to the command (#​10846)
  • Fixed support for spaces in paths with binary proxies on Windows (#​10836)
  • Fixed type error in GitDownloader if branches cannot be listed (#​10888)
  • Fixed RootPackageInterface issue on PHP 5.3.3 (#​10895)

v2.2.14

Compare Source

• Fixed handling of broken symlinks when checking whether a package is still installed (#​6708)
  • Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#​10811)
  • Fixed bin proxies to allow a proxy to include another one safely (#​10823)
  • Fixed gitlab-token JSON schema definition (#​10800)
  • Fixed openssl 3.x version parsing as it is now semver compliant
  • Fixed type error when a json file cannot be read (#​10818)
  • Fixed parsing of multi-line arrays in funding.yml (#​10784)

v2.2.13

Compare Source

• Fixed invalid credentials loop when setting up GitLab token (#​10748)
  • Fixed PHP 8.2 deprecations (#​10766)
  • Fixed lock file changes being output even when the lock file creation is disabled
  • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#​10763)
  • Fixed quoting of commas on Windows (#​10775)
  • Fixed issue installing path repos with a disabled symlink function (#​10786)

v2.2.12

Compare Source

• Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
  • Fixed curl downloader not retrying when a DNS resolution failure occurs (#​10716)
  • Fixed composer.lock file still being used/read when the lock config option is disabled (#​10726)
  • Fixed validate command checking the lock file even if the lock option is disabled (#​10723)

v2.2.11

Compare Source

• Added missing config.bitbucket-oauth in composer-schema.json
  • Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#​10682)
  • Updated semver, jsonlint deps for minor fixes
  • Fixed generation of autoload crashing if a package has a broken path (#​10688)
  • Removed dev-master=>dev-main alias from #​10372 as it does not work when reloading from lock file and extracting dev deps (#​10651)

v2.2.10

Compare Source

• Fixed Bitbucket authorization detection due to API changes (#​10657)
  • Fixed validate command warning about dist/source keys if defined (#​10655)
  • Fixed deletion/handling of corrupted 0-bytes zip archives (#​10666)

v2.2.9

Compare Source

• Fixed regression with plugins that modify install path of packages, see docs if you are authoring such a plugin (#​10621)

v2.2.8

Compare Source

• Fixed files autoloading sort order to be fully deterministic (#​10617)
  • Fixed pool optimization pass edge cases (#​10579)
  • Fixed require command failing when self.version is used as constraint (#​10593)
  • Fixed --no-ansi / undecorated output still showing color in repo warnings (#​10601)
  • Performance improvement in pool optimization step (composer/semver#​131)

v2.2.7

Compare Source

• Allow installation together with composer/xdebug-handler ^3 (#​10528)
  • Fixed support for packages with no licenses in licenses command output (#​10537)
  • Fixed handling of allow-plugins: false which kept warning (#​10530)
  • Fixed enum parsing in classmap generation when the enum keyword is not lowercased (#​10521)
  • Fixed author parsing in init command requiring an email whereas the schema allows a name only (#​10538)
  • Fixed issues in require command when requiring packages which do not exist (but are provided by something else you require) (#​10541)
  • Performance improvement in pool optimization step (#​10546)

v2.2.6

Compare Source

• BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for binaries added in Composer 2.2.2 had to be renamed to COMPOSER_RUNTIME_BIN_DIR (#​10512)
  • Fixed enum parsing in classmap generation with syntax like enum foo:string without space after : (#​10498)
  • Fixed package search not urlencoding the input (#​10500)
  • Fixed reinstall command not firing pre-install-cmd/post-install-cmd events (#​10514)
  • Fixed edge case in path repositories where a symlink: true option would be ignored on old Windows and old PHP combos (#​10482)
  • Fixed test suite compatibility with latest symfony/console releases (#​10499)
  • Fixed some error reporting edge cases (#​10484, #​10451, #​10493)

v2.2.5

Compare Source

• Disabled composer/package-versions-deprecated by default as it can function using Composer\InstalledVersions at runtime (#​10458)
  • Fixed artifact repositories crashing if a phar file was present in the directory (#​10406)
  • Fixed binary proxy issue on PHP <8 when fseek is used on the proxied binary path (#​10468)
  • Fixed handling of non-string versions in package repositories metadata (#​10470)

v2.2.4

Compare Source

• Fixed handling of process timeout when running async processes during installation
  • Fixed GitLab API handling when projects have a repository disabled (#​10440)
  • Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#​10434)
  • Fixed partial update issues with path repos missing if a path repo is required by a path repo (#​10431)
  • Fixed support for sourcing binaries via the new bin proxies (#​10389)
  • Fixed messaging when GitHub tokens need SSO authorization (#​10432)

v2.2.3

Compare Source

• Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#​10387)
  • Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#​10401)
  • Fixed binary proxies for shell scripts to work correctly when they are symlinked (jakzal/phpqa#​336)
  • Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#​10405)

v2.2.2

Compare Source

• Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#​10402)
  • Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#​10387)
  • Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#​10404)
  • Fixed UX of plugin warnings (#​10381)

v2.2.1

Compare Source

• Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#​10935)
  • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#​10928)
  • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#​10925)
  • Fixed support for disable_functions containing disk_free_space (#​10936)
  • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#​10940)

v2.2.0

Compare Source

• Added support for using dev-main as the default path repo package version if no VCS info is available (#​10372)
  • Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#​10371)
  • Fixed self-update failing in some edge cases due to loading plugins (#​10371)
  • Fixed display of conflicts showing the wrong package name in some conditions (#​10355)

v2.1.14

Compare Source

• Fixed invalid release build

v2.1.12

Compare Source

• Fixed issues in proxied binary files relying on FILE / DIR on php <8 (#​10261)
  • Fixed 9999999-dev being shown in some cases by the show command (#​10260)
  • Fixed GitHub Actions output escaping regression on PHP 8.1 (#​10250)

v2.1.11

Compare Source

• Fixed issues in proxied binary files when using declare() on php <8 (#​10249)
  • Fixed GitHub Actions output escaping issues (#​10243)

v2.1.10

Compare Source

• Added type annotations to all classes, which may have an effect on CI/static analysis for people using Composer as a dependency (#​10159)
  • Fixed CurlDownloader requesting gzip encoding even when no gzip support is present (#​10153)
  • Fixed regression in 2.1.6 where the help command was not working for plugin commands (#​10147)
  • Fixed warning showing when an invalid cache dir is configured but unused (#​10125)
  • Fixed require command reverting changes even though dependency resolution succeeded when something fails in scripts for example (#​10118)
  • Fixed require not finding the right package version when some newly required extension is missing from the system (#​10167)
  • Fixed proxied binary file issues, now using output buffering (e1dbd65)
  • Fixed and improved error reporting in several edge cases (#​9804, #​10136, #​10163, #​10224, #​10209)
  • Fixed some more Windows CLI parameter escaping edge cases

v2.1.9

Compare Source

• Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
  • Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#​10107)
  • Fixed inline git credentials showing up in output in some conditions (#​10115)
  • Fixed support for running updates while offline as long as the cache contains enough information (#​10116)
  • Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#​10095)
  • Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#​10132)
  • Fixed CA bundle to remove the expired Let's Encrypt root CA

v2.1.8

Compare Source

• Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode (#​10102)

v2.1.7

Compare Source

• Added many type annotations internally, which may have an effect on CI/static analysis for people using Composer as a dependency. This work will continue in following releases
  • Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#​10067)
  • Fixed regression in 2.1.6 where list command was not showing plugin commands (#​10075)
  • Fixed issue handling package updates where the package type changed (#​10076)
  • Fixed docker being detected as WSL when run inside WSL (#​10094)

v2.1.6

Compare Source

• Updated internal PHAR signatures to be SHA512 instead of SHA1
  • Fixed uncaught exception handler regression (#​10022)
  • Fixed more PHP 8.1 deprecation warnings (#​10036, #​10038, #​10061)
  • Fixed corrupted zips in the cache from blocking installs until a cache clear, the bad archives are now deleted automatically on first failure (#​10028)
  • Fixed URL sanitizer handling of new github tokens (#​10048)
  • Fixed issue finding classes with very long heredocs in classmap autoload (#​10050)
  • Fixed proc_open being required for simple installs from zip, as well as diagnose (#​9253)
  • Fixed path repository bug causing symlinks to be left behind after a package is uninstalled (#​10023)
  • Fixed issue in 7-zip support on windows with certain archives (#​10058)
  • Fixed bootstrapping process to avoid loading the composer.json and plugins until necessary, speeding things up slightly (#​10064)
  • Fixed lib-openssl detection on FreeBSD (#​10046)
  • Fixed support for ircs:// protocol for support.irc composer.json entries

v2.1.5

Compare Source

• Fixed create-project creating a php: directory in the directory it was executed in (#​10020, #​10021)
  • Fixed curl downloader to respect default_socket_timeout if it is bigger than our default 300s (#​10018)

v2.1.4

Compare Source

• Fixed PHP 8.1 deprecation warnings (#​10008)
  • Fixed support for working within UNC/WSL paths on Windows (#​9993)
  • Fixed 7-zip support to also be looked up on Linux/macOS as 7z or 7zz (#​9951)
  • Fixed repositories' only/exclude properties to avoid matching names as sub-strings of full package names (#​10001)
  • Fixed open_basedir regression from #​9855
  • Fixed schema errors being reported incorrectly in some conditions (#​9986)
  • Fixed archive command not working with async archive extraction
  • Fixed init command being able to generate an invalid composer.json (#​9986)

v2.1.3

Compare Source

• Add "symlink" option for "bin-compat" config to force symlinking even on WSL/Windows (#​9959)
  • Fixed source binaries not being made executable when symlinks cannot be used (#​9961)
  • Fixed more deletion edge cases (#​9955, #​9956)
  • Fixed dump-autoload command not dispatching scripts anymore, regressed in 2.1.2 (#​9954)

v2.1.2

Compare Source

• Added --dev to dump-autoload command to allow force-dumping dev autoload rules even if dev requirements are not present (#​9946)
  • Fixed --no-scripts disabling events for plugins too instead of only disabling script handlers, using --no-plugins is the way to disable plugins (#​9942)
  • Fixed handling of deletions during package installs on some filesystems (#​9945, #​9947)
  • Fixed undefined array access when using "@​php " in a script handler (#​9943)
  • Fixed usage of InstalledVersions when loaded from composer/composer installed as a dependency and runtime Composer is v1 (#​9937)

v2.1.1

Compare Source

• Fixed invalid release build

v2.1.0

Compare Source

• Fixed PHP 8.1 deprecation warning (#​9932)
  • Fixed env var handling when variables_order includes E and symfony/console 3.3.15+ is in use (#​9930)

v2.0.14

Compare Source

• Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3
  • Fixed handling of inline-update-constraints with references or stability flags (#​9847)
  • Fixed async processes erroring in an unclear way when they failed to start (#​9808)
  • Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library (#​9896)
  • Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present (#​9621)
  • Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages (#​9627)
  • Fixed type annotations for the InstalledVersions class
  • Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData (#​9816)

v2.0.13

Compare Source

• Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)
  • Fixed install step at the end of the init command to take new dependencies into account correctly
  • Fixed update --lock listing updates which were not really happening (#​9812)
  • Fixed support for --no-dev combined with --locked in outdated and show commands (#​9788)

v2.0.12

Compare Source

• Fixed support for new GitHub OAuth token format (#​9757)
  • Fixed support for Vagrant/VirtualBox filesystem slowness by adding short sleeps in some places (#​9627)
  • Fixed unclear error reporting when a package is in the lock file but not in the remote repositories (#​9750)
  • Fixed processes silently ignoring the CWD when it does not exist
  • Fixed new Windows bin handling to avoid proxying phar files (#​9742)
  • Fixed issue extracting archives into paths that already exist, fixing problems with some custom installers (composer/installers#​479)
  • Fixed support for branch names starting with master/trunk/default (#​9739)
  • Fixed self-update to preserve phar file permissions on Windows (#​9733)
  • Fixed detection of hg version when localized (#​9753)
  • Fixed git execution failures to also include the stdout output (#​9720)

v2.0.11

Compare Source

• Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected

v2.0.10

Compare Source

• Added COMPOSER_MAX_PARALLEL_HTTP to let people set a lower amount of parallel requests if needed
  • Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
  • Fixed exec command suppressing output in some circumstances
  • Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
  • Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
  • Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
  • Fixed regression handling some private Bitbucket repository clones
  • Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
  • Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
  • Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
  • Fixed support for older lib-sodium versions
  • Fixed various minor issues

v2.0.9

Compare Source

• Added warning if the curl extension is not enabled as it significantly degrades performance
  • Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
  • Fixed download speed when downloading large files
  • Fixed archive and path repo copies mishandling some .gitignore paths
  • Fixed root package classes not being available to the plugins/scripts during the initial install
  • Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
  • Fixed preg jit issues when config or require modifies large composer.json files
  • Fixed compatibility with envs having open_basedir restrictions
  • Fixed exclude-from-classmap causing regex issues when having too many paths
  • Fixed compatibility issue with Symfony 4/5
  • Several small performance and debug output improvements

v2.0.8

Compare Source

• Fixed packages with aliases not matching conflicts which match the alias
  • Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
  • Fixed curl error handling edge cases
  • Fixed cached git repositories becoming stale by having a git gc applied to them periodically
  • Fixed issue initializing plugins when using dev packages
  • Fixed update --lock / mirrors failing to update in some edge cases
  • Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

v2.0.7

Compare Source

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
  • Fixed root aliases not being present in lock file if not required by anything else
  • Fixed remove command requiring a lock file to be present
  • Fixed Composer\InstalledVersions to always contain up to date data during installation
  • Fixed status command breaking on slow networks
  • Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

v2.0.6

Compare Source

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

v2.0.5

Compare Source

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
  • Improved platform-check handling of issue reporting
  • Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed
  • Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left)
  • Fixed issues when curl functions are disabled
  • Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present
  • Fixed issues removing/upgrading packages from path repositories on Windows
  • Fixed regression in 2.0.4 when handling of git@bitbucket.org URLs in vcs repositories
  • Fixed issue running create-project in current directory on Windows

v2.0.4

Compare Source

• Fixed check-platform-req command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages
  • Fixed config & create-project adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to config to restore the old behavior in the unlikely case this is needed
  • Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates
  • Fixed Bitbucket API authentication issue

v2.0.3

Compare Source

• Fixed bug in outdated command where dev packages with branch-aliases where always shown as being outdated
  • Fixed issue in lock file interoperability with composer 1.x when using dev-master as xxx aliases
  • Fixed new --locked option being missing from outdated command, for checking outdated packages directly from the lock file
  • Fixed a few debug/error reporting strings

v2.0.2

Compare Source

• Fixed regression handling composer show -s in projects where no version can be guessed from VCS
  • Fixed regression handling partial updates/require when a lock file was missing
  • Fixed interop issue with plugins that need to update dist URLs of packages, see docs if you need this

v2.0.1

Compare Source

• Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3
  • Fixed handling of inline-update-constraints with references or stability flags (#​9847)
  • Fixed async processes erroring in an unclear way when they failed to start (#​9808)
  • Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library (#​9896)
  • Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present (#​9621)
  • Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages (#​9627)
  • Fixed type annotations for the InstalledVersions class
  • Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData (#​9816)

v2.0.0

Compare Source

• Fixed proxy handling issues when combined with our new curl-based downloader
  • Fixed solver bug resulting in endless loops in some cases
  • Fixed solver output being extremely long due to learnt rules
  • Fixed solver bug with multi literals
  • Fixed a couple minor regressions

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [composer/composer](https://github.com/composer/composer) | major | `1.10.26` -> `2.4.2` | --- ### Release Notes <details> <summary>composer/composer</summary> ### [`v2.4.2`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;242-2022-09-14) [Compare Source](https://github.com/composer/composer/compare/2.4.1...2.4.2) - Fixed bash completion hanging when running as root without `COMPOSER_ALLOW_SUPERUSER` set ([#&#8203;11024](https://github.com/composer/composer/issues/11024)) - Fixed handling of plugin activation when running as root without `COMPOSER_ALLOW_SUPERUSER` set so it always happens after prompting, or does not happen if input is non-interactive - Fixed package filter on `bump` command ([#&#8203;11053](https://github.com/composer/composer/issues/11053)) - Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules ([#&#8203;11037](https://github.com/composer/composer/issues/11037)) - Fixed handling of `COMPOSER_DISCARD_CHANGES` when set to `0` - Fixed handling of zero-major versions in `outdated` command with `--major-only` ([#&#8203;11032](https://github.com/composer/composer/issues/11032)) - Fixed `show --platform` regression since 2.4.0 when running in a directory without composer.json ([#&#8203;11046](https://github.com/composer/composer/issues/11046)) - Fixed a few strict type errors ### [`v2.4.1`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;241-2022-08-20) [Compare Source](https://github.com/composer/composer/compare/2.4.0...2.4.1) - Added a `COMPOSER_NO_AUDIT` env var to easily apply the new --no-audit flag in CI ([#&#8203;10998](https://github.com/composer/composer/issues/10998)) - Fixed `show` command showing packages in two sections, this was only meant for the `outdated` command ([#&#8203;11000](https://github.com/composer/composer/issues/11000)) - Fixed local git repos being copied to cache unnecessarily ([#&#8203;11001](https://github.com/composer/composer/issues/11001)) - Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference ([#&#8203;11004](https://github.com/composer/composer/issues/11004)) ### [`v2.4.0`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;240-2022-08-16) [Compare Source](https://github.com/composer/composer/compare/2.3.10...2.4.0) - Added `json` format output to the new `audit` command ([#&#8203;10965](https://github.com/composer/composer/issues/10965)) - Added `json` format output to the `check-platform-reqs` command ([#&#8203;10979](https://github.com/composer/composer/issues/10979)) - Added GitLab 15+ token refresh support ([#&#8203;10988](https://github.com/composer/composer/issues/10988)) - Fixed `COMPOSER_NO_DEV` so it also works with `require` and `remove`'s `--update-no-dev` ([#&#8203;10995](https://github.com/composer/composer/issues/10995)) - Fixed various bash completion issues ### [`v2.3.10`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2310-2022-07-13) [Compare Source](https://github.com/composer/composer/compare/2.3.9...2.3.10) - Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD ([#&#8203;10935](https://github.com/composer/composer/issues/10935)) - Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded ([#&#8203;10928](https://github.com/composer/composer/issues/10928)) - Fixed pre-install check for allowed plugins not taking --no-plugins into account ([#&#8203;10925](https://github.com/composer/composer/issues/10925)) - Fixed support for disable_functions containing disk_free_space ([#&#8203;10936](https://github.com/composer/composer/issues/10936)) - Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins ([#&#8203;10940](https://github.com/composer/composer/issues/10940)) ### [`v2.3.9`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;239-2022-07-05) [Compare Source](https://github.com/composer/composer/compare/2.3.8...2.3.9) - Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs ([#&#8203;10920](https://github.com/composer/composer/issues/10920)) - Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded ([#&#8203;10920](https://github.com/composer/composer/issues/10920)) - Fixed deprecation notice ([#&#8203;10921](https://github.com/composer/composer/issues/10921)) - Fixed type errors ([#&#8203;10924](https://github.com/composer/composer/issues/10924)) ### [`v2.3.8`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;238-2022-07-01) [Compare Source](https://github.com/composer/composer/compare/2.3.7...2.3.8) - Fixed support for `cache-read-only` where the filesystem is not writable ([#&#8203;10906](https://github.com/composer/composer/issues/10906)) - Fixed type error when using `allow-plugins: true` ([#&#8203;10909](https://github.com/composer/composer/issues/10909)) - Fixed [@&#8203;putenv](https://github.com/putenv) scripts receiving arguments passed to the command ([#&#8203;10846](https://github.com/composer/composer/issues/10846)) - Fixed support for spaces in paths with binary proxies on Windows ([#&#8203;10836](https://github.com/composer/composer/issues/10836)) - Fixed type error in GitDownloader if branches cannot be listed ([#&#8203;10888](https://github.com/composer/composer/issues/10888)) - Fixed RootPackageInterface issue on PHP 5.3.3 ([#&#8203;10895](https://github.com/composer/composer/issues/10895)) - Fixed type errors ([#&#8203;10904](https://github.com/composer/composer/issues/10904), [#&#8203;10897](https://github.com/composer/composer/issues/10897)) ### [`v2.3.7`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;237-2022-06-06) [Compare Source](https://github.com/composer/composer/compare/2.3.6...2.3.7) - Fixed a few PHPStan ConfigReturnTypeExtension bugs - Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command ([#&#8203;10814](https://github.com/composer/composer/issues/10814)) - Fixed handling of broken symlinks when checking whether a package is still installed ([#&#8203;6708](https://github.com/composer/composer/issues/6708)) - Fixed bin proxies to allow a proxy to include another one safely ([#&#8203;10823](https://github.com/composer/composer/issues/10823)) - Fixed openssl 3.x version parsing as it is now semver compliant - Fixed type error when a json file cannot be read ([#&#8203;10818](https://github.com/composer/composer/issues/10818)) - Fixed parsing of multi-line arrays in funding.yml ([#&#8203;10784](https://github.com/composer/composer/issues/10784)) ### [`v2.3.6`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;236-2022-06-01) [Compare Source](https://github.com/composer/composer/compare/2.3.5...2.3.6) - Added `Composer\PHPStan\ConfigReturnTypeExtension` to improve return types of `Config::get()` which you can also use in plugins CI ([#&#8203;10635](https://github.com/composer/composer/issues/10635)) - Fixed name validation regex in schema causing issues with JS IDEs like VS Code ([#&#8203;10811](https://github.com/composer/composer/issues/10811)) - Fixed unnecessary HTTP request in BitbucketDriver ([#&#8203;10729](https://github.com/composer/composer/issues/10729)) - Fixed invalid credentials loop when setting up GitLab token ([#&#8203;10748](https://github.com/composer/composer/issues/10748)) - Fixed PHP 8.2 deprecations ([#&#8203;10766](https://github.com/composer/composer/issues/10766)) - Fixed lock file changes being output even when the lock file creation is disabled - Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently ([#&#8203;10763](https://github.com/composer/composer/issues/10763)) - Fixed quoting of commas on Windows ([#&#8203;10775](https://github.com/composer/composer/issues/10775)) - Fixed issue installing path repos with a disabled symlink function ([#&#8203;10786](https://github.com/composer/composer/issues/10786)) - Fixed various type errors ([#&#8203;10753](https://github.com/composer/composer/issues/10753), [#&#8203;10739](https://github.com/composer/composer/issues/10739), [#&#8203;10751](https://github.com/composer/composer/issues/10751)) ### [`v2.3.5`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;235-2022-04-13) [Compare Source](https://github.com/composer/composer/compare/2.3.4...2.3.5) - Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) - Added warning when downloading a file with `verify_peer[_name]` disabled ([#&#8203;10722](https://github.com/composer/composer/issues/10722)) - Fixed curl downloader not retrying when a DNS resolution failure occurs ([#&#8203;10716](https://github.com/composer/composer/issues/10716)) - Fixed composer.lock file still being used/read when the `lock` config option is disabled ([#&#8203;10726](https://github.com/composer/composer/issues/10726)) - Fixed `validate` command checking the lock file even if the `lock` option is disabled ([#&#8203;10723](https://github.com/composer/composer/issues/10723)) - Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir ([#&#8203;10701](https://github.com/composer/composer/issues/10701)) ### [`v2.3.4`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;234-2022-04-07) [Compare Source](https://github.com/composer/composer/compare/2.3.3...2.3.4) - Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions ([#&#8203;10714](https://github.com/composer/composer/issues/10714)) - Fixed run-script --list flag regression ([#&#8203;10710](https://github.com/composer/composer/issues/10710)) - Fixed curl downloader handling of DNS resolution failures to do an automatic retry ([#&#8203;10716](https://github.com/composer/composer/issues/10716)) - Fixed script handling of external commands not setting the Path env correctly on windows ([#&#8203;10700](https://github.com/composer/composer/issues/10700)) - Fixed various type errors ([#&#8203;10694](https://github.com/composer/composer/issues/10694), [#&#8203;10696](https://github.com/composer/composer/issues/10696), [#&#8203;10702](https://github.com/composer/composer/issues/10702), [#&#8203;10712](https://github.com/composer/composer/issues/10712), [#&#8203;10703](https://github.com/composer/composer/issues/10703)) ### [`v2.3.3`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;233-2022-04-01) [Compare Source](https://github.com/composer/composer/compare/2.3.2...2.3.3) - Added --2.2 flag to `self-update` to pin the Composer version to the 2.2 LTS range ([#&#8203;10682](https://github.com/composer/composer/issues/10682)) - Added missing config.bitbucket-oauth in composer-schema.json - Fixed type errors in SvnDriver ([#&#8203;10681](https://github.com/composer/composer/issues/10681)) - Fixed --version output to match the pre-2.3 one ([#&#8203;10684](https://github.com/composer/composer/issues/10684)) - Fixed config/auth.json files not being validated against the composer-schema.json ([#&#8203;10685](https://github.com/composer/composer/issues/10685)) - Fixed generation of autoload crashing if a package has a broken path ([#&#8203;10688](https://github.com/composer/composer/issues/10688)) - Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed ([#&#8203;10687](https://github.com/composer/composer/issues/10687)) - Updated semver, jsonlint deps for minor fixes - Removed dev-master=>dev-main alias from [#&#8203;10372](https://github.com/composer/composer/issues/10372) as it does not work when reloading from lock file and extracting dev deps ([#&#8203;10651](https://github.com/composer/composer/issues/10651)) ### [`v2.3.2`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;232-2022-03-30) [Compare Source](https://github.com/composer/composer/compare/2.3.1...2.3.2) - Fixed type error when running `exec` command ([#&#8203;10672](https://github.com/composer/composer/issues/10672)) - Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be ([#&#8203;10648](https://github.com/composer/composer/issues/10648)) - Fixed type error in ComposerRepository ([#&#8203;10675](https://github.com/composer/composer/issues/10675)) - Fixed issues loading platform packages where the version of a library cannot be established ([#&#8203;10631](https://github.com/composer/composer/issues/10631)) ### [`v2.3.1`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2310-2022-07-13) [Compare Source](https://github.com/composer/composer/compare/2.3.0...2.3.1) - Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD ([#&#8203;10935](https://github.com/composer/composer/issues/10935)) - Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded ([#&#8203;10928](https://github.com/composer/composer/issues/10928)) - Fixed pre-install check for allowed plugins not taking --no-plugins into account ([#&#8203;10925](https://github.com/composer/composer/issues/10925)) - Fixed support for disable_functions containing disk_free_space ([#&#8203;10936](https://github.com/composer/composer/issues/10936)) - Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins ([#&#8203;10940](https://github.com/composer/composer/issues/10940)) ### [`v2.3.0`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;230-2022-03-30) [Compare Source](https://github.com/composer/composer/compare/2.2.18...2.3.0) - Fixed many strict types errors ([#&#8203;10646](https://github.com/composer/composer/issues/10646), [#&#8203;10642](https://github.com/composer/composer/issues/10642), [#&#8203;10647](https://github.com/composer/composer/issues/10647), [#&#8203;10658](https://github.com/composer/composer/issues/10658), [#&#8203;10656](https://github.com/composer/composer/issues/10656), [#&#8203;10665](https://github.com/composer/composer/issues/10665), [#&#8203;10660](https://github.com/composer/composer/issues/10660), [#&#8203;10663](https://github.com/composer/composer/issues/10663), [#&#8203;10662](https://github.com/composer/composer/issues/10662)) ### [`v2.2.18`](https://github.com/composer/composer/releases/tag/2.2.18) [Compare Source](https://github.com/composer/composer/compare/2.2.17...2.2.18) - Fixed `COMPOSER_NO_DEV` so it also works with `require` and `remove`'s `--update-no-dev` ([#&#8203;10995](https://github.com/composer/composer/issues/10995)) - Fixed duplicate missing extension warnings being displayed ([#&#8203;10938](https://github.com/composer/composer/issues/10938)) - Fixed hg version detection ([#&#8203;10955](https://github.com/composer/composer/issues/10955)) - Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference ([#&#8203;11004](https://github.com/composer/composer/issues/11004)) ### [`v2.2.17`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2217-2022-07-13) [Compare Source](https://github.com/composer/composer/compare/2.2.16...2.2.17) - Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD ([#&#8203;10935](https://github.com/composer/composer/issues/10935)) - Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded ([#&#8203;10928](https://github.com/composer/composer/issues/10928)) - Fixed pre-install check for allowed plugins not taking --no-plugins into account ([#&#8203;10925](https://github.com/composer/composer/issues/10925)) - Fixed support for disable_functions containing disk_free_space ([#&#8203;10936](https://github.com/composer/composer/issues/10936)) - Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins ([#&#8203;10940](https://github.com/composer/composer/issues/10940)) ### [`v2.2.16`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2216-2022-07-05) [Compare Source](https://github.com/composer/composer/compare/2.2.15...2.2.16) - Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs ([#&#8203;10920](https://github.com/composer/composer/issues/10920)) - Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded ([#&#8203;10920](https://github.com/composer/composer/issues/10920)) - Fixed deprecation notice ([#&#8203;10921](https://github.com/composer/composer/issues/10921)) ### [`v2.2.15`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2215-2022-07-01) [Compare Source](https://github.com/composer/composer/compare/2.2.14...2.2.15) - Fixed support for `cache-read-only` where the filesystem is not writable ([#&#8203;10906](https://github.com/composer/composer/issues/10906)) - Fixed type error when using `allow-plugins: true` ([#&#8203;10909](https://github.com/composer/composer/issues/10909)) - Fixed [@&#8203;putenv](https://github.com/putenv) scripts receiving arguments passed to the command ([#&#8203;10846](https://github.com/composer/composer/issues/10846)) - Fixed support for spaces in paths with binary proxies on Windows ([#&#8203;10836](https://github.com/composer/composer/issues/10836)) - Fixed type error in GitDownloader if branches cannot be listed ([#&#8203;10888](https://github.com/composer/composer/issues/10888)) - Fixed RootPackageInterface issue on PHP 5.3.3 ([#&#8203;10895](https://github.com/composer/composer/issues/10895)) ### [`v2.2.14`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2214-2022-06-06) [Compare Source](https://github.com/composer/composer/compare/2.2.13...2.2.14) - Fixed handling of broken symlinks when checking whether a package is still installed ([#&#8203;6708](https://github.com/composer/composer/issues/6708)) - Fixed name validation regex in schema causing issues with JS IDEs like VS Code ([#&#8203;10811](https://github.com/composer/composer/issues/10811)) - Fixed bin proxies to allow a proxy to include another one safely ([#&#8203;10823](https://github.com/composer/composer/issues/10823)) - Fixed gitlab-token JSON schema definition ([#&#8203;10800](https://github.com/composer/composer/issues/10800)) - Fixed openssl 3.x version parsing as it is now semver compliant - Fixed type error when a json file cannot be read ([#&#8203;10818](https://github.com/composer/composer/issues/10818)) - Fixed parsing of multi-line arrays in funding.yml ([#&#8203;10784](https://github.com/composer/composer/issues/10784)) ### [`v2.2.13`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2213-2022-05-25) [Compare Source](https://github.com/composer/composer/compare/2.2.12...2.2.13) - Fixed invalid credentials loop when setting up GitLab token ([#&#8203;10748](https://github.com/composer/composer/issues/10748)) - Fixed PHP 8.2 deprecations ([#&#8203;10766](https://github.com/composer/composer/issues/10766)) - Fixed lock file changes being output even when the lock file creation is disabled - Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently ([#&#8203;10763](https://github.com/composer/composer/issues/10763)) - Fixed quoting of commas on Windows ([#&#8203;10775](https://github.com/composer/composer/issues/10775)) - Fixed issue installing path repos with a disabled symlink function ([#&#8203;10786](https://github.com/composer/composer/issues/10786)) ### [`v2.2.12`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2212-2022-04-13) [Compare Source](https://github.com/composer/composer/compare/2.2.11...2.2.12) - Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) - Fixed curl downloader not retrying when a DNS resolution failure occurs ([#&#8203;10716](https://github.com/composer/composer/issues/10716)) - Fixed composer.lock file still being used/read when the `lock` config option is disabled ([#&#8203;10726](https://github.com/composer/composer/issues/10726)) - Fixed `validate` command checking the lock file even if the `lock` option is disabled ([#&#8203;10723](https://github.com/composer/composer/issues/10723)) ### [`v2.2.11`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2211-2022-04-01) [Compare Source](https://github.com/composer/composer/compare/2.2.10...2.2.11) - Added missing config.bitbucket-oauth in composer-schema.json - Added --2.2 flag to `self-update` to pin the Composer version to the 2.2 LTS range ([#&#8203;10682](https://github.com/composer/composer/issues/10682)) - Updated semver, jsonlint deps for minor fixes - Fixed generation of autoload crashing if a package has a broken path ([#&#8203;10688](https://github.com/composer/composer/issues/10688)) - Removed dev-master=>dev-main alias from [#&#8203;10372](https://github.com/composer/composer/issues/10372) as it does not work when reloading from lock file and extracting dev deps ([#&#8203;10651](https://github.com/composer/composer/issues/10651)) ### [`v2.2.10`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2210-2022-03-29) [Compare Source](https://github.com/composer/composer/compare/2.2.9...2.2.10) - Fixed Bitbucket authorization detection due to API changes ([#&#8203;10657](https://github.com/composer/composer/issues/10657)) - Fixed validate command warning about dist/source keys if defined ([#&#8203;10655](https://github.com/composer/composer/issues/10655)) - Fixed deletion/handling of corrupted 0-bytes zip archives ([#&#8203;10666](https://github.com/composer/composer/issues/10666)) ### [`v2.2.9`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;229-2022-03-15) [Compare Source](https://github.com/composer/composer/compare/2.2.8...2.2.9) - Fixed regression with plugins that modify install path of packages, [see docs](https://getcomposer.org/doc/articles/plugins.md#plugin-modifies-install-path) if you are authoring such a plugin ([#&#8203;10621](https://github.com/composer/composer/issues/10621)) ### [`v2.2.8`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;228-2022-03-15) [Compare Source](https://github.com/composer/composer/compare/2.2.7...2.2.8) - Fixed `files` autoloading sort order to be fully deterministic ([#&#8203;10617](https://github.com/composer/composer/issues/10617)) - Fixed pool optimization pass edge cases ([#&#8203;10579](https://github.com/composer/composer/issues/10579)) - Fixed `require` command failing when `self.version` is used as constraint ([#&#8203;10593](https://github.com/composer/composer/issues/10593)) - Fixed --no-ansi / undecorated output still showing color in repo warnings ([#&#8203;10601](https://github.com/composer/composer/issues/10601)) - Performance improvement in pool optimization step ([composer/semver#&#8203;131](https://github.com/composer/semver/issues/131)) ### [`v2.2.7`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;227-2022-02-25) [Compare Source](https://github.com/composer/composer/compare/2.2.6...2.2.7) - Allow installation together with composer/xdebug-handler ^3 ([#&#8203;10528](https://github.com/composer/composer/issues/10528)) - Fixed support for packages with no licenses in `licenses` command output ([#&#8203;10537](https://github.com/composer/composer/issues/10537)) - Fixed handling of `allow-plugins: false` which kept warning ([#&#8203;10530](https://github.com/composer/composer/issues/10530)) - Fixed enum parsing in classmap generation when the enum keyword is not lowercased ([#&#8203;10521](https://github.com/composer/composer/issues/10521)) - Fixed author parsing in `init` command requiring an email whereas the schema allows a name only ([#&#8203;10538](https://github.com/composer/composer/issues/10538)) - Fixed issues in `require` command when requiring packages which do not exist (but are provided by something else you require) ([#&#8203;10541](https://github.com/composer/composer/issues/10541)) - Performance improvement in pool optimization step ([#&#8203;10546](https://github.com/composer/composer/issues/10546)) ### [`v2.2.6`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;226-2022-02-04) [Compare Source](https://github.com/composer/composer/compare/2.2.5...2.2.6) - BC Break: due to an oversight, the `COMPOSER_BIN_DIR` env var for binaries added in Composer 2.2.2 had to be renamed to `COMPOSER_RUNTIME_BIN_DIR` ([#&#8203;10512](https://github.com/composer/composer/issues/10512)) - Fixed enum parsing in classmap generation with syntax like `enum foo:string` without space after `:` ([#&#8203;10498](https://github.com/composer/composer/issues/10498)) - Fixed package search not urlencoding the input ([#&#8203;10500](https://github.com/composer/composer/issues/10500)) - Fixed `reinstall` command not firing `pre-install-cmd`/`post-install-cmd` events ([#&#8203;10514](https://github.com/composer/composer/issues/10514)) - Fixed edge case in path repositories where a symlink: true option would be ignored on old Windows and old PHP combos ([#&#8203;10482](https://github.com/composer/composer/issues/10482)) - Fixed test suite compatibility with latest symfony/console releases ([#&#8203;10499](https://github.com/composer/composer/issues/10499)) - Fixed some error reporting edge cases ([#&#8203;10484](https://github.com/composer/composer/issues/10484), [#&#8203;10451](https://github.com/composer/composer/issues/10451), [#&#8203;10493](https://github.com/composer/composer/issues/10493)) ### [`v2.2.5`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;225-2022-01-21) [Compare Source](https://github.com/composer/composer/compare/2.2.4...2.2.5) - Disabled `composer/package-versions-deprecated` by default as it can function using `Composer\InstalledVersions` at runtime ([#&#8203;10458](https://github.com/composer/composer/issues/10458)) - Fixed artifact repositories crashing if a phar file was present in the directory ([#&#8203;10406](https://github.com/composer/composer/issues/10406)) - Fixed binary proxy issue on PHP <8 when fseek is used on the proxied binary path ([#&#8203;10468](https://github.com/composer/composer/issues/10468)) - Fixed handling of non-string versions in package repositories metadata ([#&#8203;10470](https://github.com/composer/composer/issues/10470)) ### [`v2.2.4`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;224-2022-01-08) [Compare Source](https://github.com/composer/composer/compare/2.2.3...2.2.4) - Fixed handling of process timeout when running async processes during installation - Fixed GitLab API handling when projects have a repository disabled ([#&#8203;10440](https://github.com/composer/composer/issues/10440)) - Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows ([#&#8203;10434](https://github.com/composer/composer/issues/10434)) - Fixed partial update issues with path repos missing if a path repo is required by a path repo ([#&#8203;10431](https://github.com/composer/composer/issues/10431)) - Fixed support for sourcing binaries via the new bin proxies ([#&#8203;10389](https://github.com/composer/composer/issues/10389#issuecomment-1007372740)) - Fixed messaging when GitHub tokens need SSO authorization ([#&#8203;10432](https://github.com/composer/composer/issues/10432)) ### [`v2.2.3`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;223-2021-12-31) [Compare Source](https://github.com/composer/composer/compare/2.2.2...2.2.3) - Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 ([#&#8203;10387](https://github.com/composer/composer/issues/10387)) - Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 ([#&#8203;10401](https://github.com/composer/composer/issues/10401)) - Fixed binary proxies for shell scripts to work correctly when they are symlinked ([jakzal/phpqa#&#8203;336](https://github.com/jakzal/phpqa/issues/336)) - Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update ([#&#8203;10405](https://github.com/composer/composer/issues/10405)) ### [`v2.2.2`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;222-2021-12-29) [Compare Source](https://github.com/composer/composer/compare/2.2.1...2.2.2) - Added [`COMPOSER_BIN_DIR` env var and `_composer_bin_dir` global](https://getcomposer.org/doc/articles/vendor-binaries.md#finding-the-composer-bin-dir-from-a-binary) containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with `$BASH_SOURCES[0]` will need to update their binaries ([#&#8203;10402](https://github.com/composer/composer/issues/10402)) - Fixed issue when new binary proxies are combined with PHPUnit and process isolation ([#&#8203;10387](https://github.com/composer/composer/issues/10387)) - Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself ([#&#8203;10404](https://github.com/composer/composer/issues/10404)) - Fixed UX of plugin warnings ([#&#8203;10381](https://github.com/composer/composer/issues/10381)) ### [`v2.2.1`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2217-2022-07-13) [Compare Source](https://github.com/composer/composer/compare/2.2.0...2.2.1) - Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD ([#&#8203;10935](https://github.com/composer/composer/issues/10935)) - Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded ([#&#8203;10928](https://github.com/composer/composer/issues/10928)) - Fixed pre-install check for allowed plugins not taking --no-plugins into account ([#&#8203;10925](https://github.com/composer/composer/issues/10925)) - Fixed support for disable_functions containing disk_free_space ([#&#8203;10936](https://github.com/composer/composer/issues/10936)) - Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins ([#&#8203;10940](https://github.com/composer/composer/issues/10940)) ### [`v2.2.0`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;220-2021-12-22) [Compare Source](https://github.com/composer/composer/compare/2.1.14...2.2.0) - Added support for using `dev-main` as the default path repo package version if no VCS info is available ([#&#8203;10372](https://github.com/composer/composer/issues/10372)) - Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution ([#&#8203;10371](https://github.com/composer/composer/issues/10371)) - Fixed self-update failing in some edge cases due to loading plugins ([#&#8203;10371](https://github.com/composer/composer/issues/10371)) - Fixed display of conflicts showing the wrong package name in some conditions ([#&#8203;10355](https://github.com/composer/composer/issues/10355)) ### [`v2.1.14`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2114-2021-11-30) [Compare Source](https://github.com/composer/composer/compare/2.1.12...2.1.14) - Fixed invalid release build ### [`v2.1.12`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2112-2021-11-09) [Compare Source](https://github.com/composer/composer/compare/2.1.11...2.1.12) - Fixed issues in proxied binary files relying on **FILE** / **DIR** on php <8 ([#&#8203;10261](https://github.com/composer/composer/issues/10261)) - Fixed [`9999999`](https://github.com/composer/composer/commit/9999999)-dev being shown in some cases by the `show` command ([#&#8203;10260](https://github.com/composer/composer/issues/10260)) - Fixed GitHub Actions output escaping regression on PHP 8.1 ([#&#8203;10250](https://github.com/composer/composer/issues/10250)) ### [`v2.1.11`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2111-2021-11-02) [Compare Source](https://github.com/composer/composer/compare/2.1.10...2.1.11) - Fixed issues in proxied binary files when using declare() on php <8 ([#&#8203;10249](https://github.com/composer/composer/issues/10249)) - Fixed GitHub Actions output escaping issues ([#&#8203;10243](https://github.com/composer/composer/issues/10243)) ### [`v2.1.10`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2110-2021-10-29) [Compare Source](https://github.com/composer/composer/compare/2.1.9...2.1.10) - Added type annotations to all classes, which may have an effect on CI/static analysis for people using Composer as a dependency ([#&#8203;10159](https://github.com/composer/composer/issues/10159)) - Fixed CurlDownloader requesting gzip encoding even when no gzip support is present ([#&#8203;10153](https://github.com/composer/composer/issues/10153)) - Fixed regression in 2.1.6 where the help command was not working for plugin commands ([#&#8203;10147](https://github.com/composer/composer/issues/10147)) - Fixed warning showing when an invalid cache dir is configured but unused ([#&#8203;10125](https://github.com/composer/composer/issues/10125)) - Fixed `require` command reverting changes even though dependency resolution succeeded when something fails in scripts for example ([#&#8203;10118](https://github.com/composer/composer/issues/10118)) - Fixed `require` not finding the right package version when some newly required extension is missing from the system ([#&#8203;10167](https://github.com/composer/composer/issues/10167)) - Fixed proxied binary file issues, now using output buffering ([`e1dbd65`](https://github.com/composer/composer/commit/e1dbd65aff)) - Fixed and improved error reporting in several edge cases ([#&#8203;9804](https://github.com/composer/composer/issues/9804), [#&#8203;10136](https://github.com/composer/composer/issues/10136), [#&#8203;10163](https://github.com/composer/composer/issues/10163), [#&#8203;10224](https://github.com/composer/composer/issues/10224), [#&#8203;10209](https://github.com/composer/composer/issues/10209)) - Fixed some more Windows CLI parameter escaping edge cases ### [`v2.1.9`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;219-2021-10-05) [Compare Source](https://github.com/composer/composer/compare/2.1.8...2.1.9) - Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116) - Fixed classmap parsing with a new class parser which does not rely on regexes anymore ([#&#8203;10107](https://github.com/composer/composer/issues/10107)) - Fixed inline git credentials showing up in output in some conditions ([#&#8203;10115](https://github.com/composer/composer/issues/10115)) - Fixed support for running updates while offline as long as the cache contains enough information ([#&#8203;10116](https://github.com/composer/composer/issues/10116)) - Fixed `show --all foo/bar` which as of 2.0.0 was not showing all versions anymore but only the installed one ([#&#8203;10095](https://github.com/composer/composer/issues/10095)) - Fixed VCS repos ignoring some versions silently when the API rate limit is reached ([#&#8203;10132](https://github.com/composer/composer/issues/10132)) - Fixed CA bundle to remove the expired Let's Encrypt root CA ### [`v2.1.8`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;218-2021-09-15) [Compare Source](https://github.com/composer/composer/compare/2.1.7...2.1.8) - Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode ([#&#8203;10102](https://github.com/composer/composer/issues/10102)) ### [`v2.1.7`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;217-2021-09-14) [Compare Source](https://github.com/composer/composer/compare/2.1.6...2.1.7) - Added many type annotations internally, which may have an effect on CI/static analysis for people using Composer as a dependency. This work will continue in following releases - Fixed regression in 2.1.6 when parsing classmaps with empty heredocs ([#&#8203;10067](https://github.com/composer/composer/issues/10067)) - Fixed regression in 2.1.6 where list command was not showing plugin commands ([#&#8203;10075](https://github.com/composer/composer/issues/10075)) - Fixed issue handling package updates where the package type changed ([#&#8203;10076](https://github.com/composer/composer/issues/10076)) - Fixed docker being detected as WSL when run inside WSL ([#&#8203;10094](https://github.com/composer/composer/issues/10094)) ### [`v2.1.6`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;216-2021-08-19) [Compare Source](https://github.com/composer/composer/compare/2.1.5...2.1.6) - Updated internal PHAR signatures to be SHA512 instead of SHA1 - Fixed uncaught exception handler regression ([#&#8203;10022](https://github.com/composer/composer/issues/10022)) - Fixed more PHP 8.1 deprecation warnings ([#&#8203;10036](https://github.com/composer/composer/issues/10036), [#&#8203;10038](https://github.com/composer/composer/issues/10038), [#&#8203;10061](https://github.com/composer/composer/issues/10061)) - Fixed corrupted zips in the cache from blocking installs until a cache clear, the bad archives are now deleted automatically on first failure ([#&#8203;10028](https://github.com/composer/composer/issues/10028)) - Fixed URL sanitizer handling of new github tokens ([#&#8203;10048](https://github.com/composer/composer/issues/10048)) - Fixed issue finding classes with very long heredocs in classmap autoload ([#&#8203;10050](https://github.com/composer/composer/issues/10050)) - Fixed proc_open being required for simple installs from zip, as well as diagnose ([#&#8203;9253](https://github.com/composer/composer/issues/9253)) - Fixed path repository bug causing symlinks to be left behind after a package is uninstalled ([#&#8203;10023](https://github.com/composer/composer/issues/10023)) - Fixed issue in 7-zip support on windows with certain archives ([#&#8203;10058](https://github.com/composer/composer/issues/10058)) - Fixed bootstrapping process to avoid loading the composer.json and plugins until necessary, speeding things up slightly ([#&#8203;10064](https://github.com/composer/composer/issues/10064)) - Fixed lib-openssl detection on FreeBSD ([#&#8203;10046](https://github.com/composer/composer/issues/10046)) - Fixed support for `ircs://` protocol for support.irc composer.json entries ### [`v2.1.5`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;215-2021-07-23) [Compare Source](https://github.com/composer/composer/compare/2.1.4...2.1.5) - Fixed `create-project` creating a `php:` directory in the directory it was executed in ([#&#8203;10020](https://github.com/composer/composer/issues/10020), [#&#8203;10021](https://github.com/composer/composer/issues/10021)) - Fixed curl downloader to respect default_socket_timeout if it is bigger than our default 300s ([#&#8203;10018](https://github.com/composer/composer/issues/10018)) ### [`v2.1.4`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;214-2021-07-22) [Compare Source](https://github.com/composer/composer/compare/2.1.3...2.1.4) - Fixed PHP 8.1 deprecation warnings ([#&#8203;10008](https://github.com/composer/composer/issues/10008)) - Fixed support for working within UNC/WSL paths on Windows ([#&#8203;9993](https://github.com/composer/composer/issues/9993)) - Fixed 7-zip support to also be looked up on Linux/macOS as 7z or 7zz ([#&#8203;9951](https://github.com/composer/composer/issues/9951)) - Fixed repositories' `only`/`exclude` properties to avoid matching names as sub-strings of full package names ([#&#8203;10001](https://github.com/composer/composer/issues/10001)) - Fixed open_basedir regression from [#&#8203;9855](https://github.com/composer/composer/issues/9855) - Fixed schema errors being reported incorrectly in some conditions ([#&#8203;9986](https://github.com/composer/composer/issues/9986)) - Fixed `archive` command not working with async archive extraction - Fixed `init` command being able to generate an invalid composer.json ([#&#8203;9986](https://github.com/composer/composer/issues/9986)) ### [`v2.1.3`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;213-2021-06-09) [Compare Source](https://github.com/composer/composer/compare/2.1.2...2.1.3) - Add "symlink" option for "bin-compat" config to force symlinking even on WSL/Windows ([#&#8203;9959](https://github.com/composer/composer/issues/9959)) - Fixed source binaries not being made executable when symlinks cannot be used ([#&#8203;9961](https://github.com/composer/composer/issues/9961)) - Fixed more deletion edge cases ([#&#8203;9955](https://github.com/composer/composer/issues/9955), [#&#8203;9956](https://github.com/composer/composer/issues/9956)) - Fixed `dump-autoload` command not dispatching scripts anymore, regressed in 2.1.2 ([#&#8203;9954](https://github.com/composer/composer/issues/9954)) ### [`v2.1.2`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;212-2021-06-07) [Compare Source](https://github.com/composer/composer/compare/2.1.1...2.1.2) - Added `--dev` to `dump-autoload` command to allow force-dumping dev autoload rules even if dev requirements are not present ([#&#8203;9946](https://github.com/composer/composer/issues/9946)) - Fixed `--no-scripts` disabling events for plugins too instead of only disabling script handlers, using `--no-plugins` is the way to disable plugins ([#&#8203;9942](https://github.com/composer/composer/issues/9942)) - Fixed handling of deletions during package installs on some filesystems ([#&#8203;9945](https://github.com/composer/composer/issues/9945), [#&#8203;9947](https://github.com/composer/composer/issues/9947)) - Fixed undefined array access when using "[@&#8203;php](https://github.com/php) <absolute path>" in a script handler ([#&#8203;9943](https://github.com/composer/composer/issues/9943)) - Fixed usage of InstalledVersions when loaded from composer/composer installed as a dependency and runtime Composer is v1 ([#&#8203;9937](https://github.com/composer/composer/issues/9937)) ### [`v2.1.1`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2114-2021-11-30) [Compare Source](https://github.com/composer/composer/compare/2.1.0...2.1.1) - Fixed invalid release build ### [`v2.1.0`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;210-2021-06-03) [Compare Source](https://github.com/composer/composer/compare/2.0.14...2.1.0) - Fixed PHP 8.1 deprecation warning ([#&#8203;9932](https://github.com/composer/composer/issues/9932)) - Fixed env var handling when variables_order includes E and symfony/console 3.3.15+ is in use ([#&#8203;9930](https://github.com/composer/composer/issues/9930)) ### [`v2.0.14`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2014-2021-05-21) [Compare Source](https://github.com/composer/composer/compare/2.0.13...2.0.14) - Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3 - Fixed handling of inline-update-constraints with references or stability flags ([#&#8203;9847](https://github.com/composer/composer/issues/9847)) - Fixed async processes erroring in an unclear way when they failed to start ([#&#8203;9808](https://github.com/composer/composer/issues/9808)) - Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library ([#&#8203;9896](https://github.com/composer/composer/issues/9896)) - Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present ([#&#8203;9621](https://github.com/composer/composer/issues/9621)) - Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages ([#&#8203;9627](https://github.com/composer/composer/issues/9627)) - Fixed type annotations for the InstalledVersions class - Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData ([#&#8203;9816](https://github.com/composer/composer/issues/9816)) ### [`v2.0.13`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2013-2021-04-27) [Compare Source](https://github.com/composer/composer/compare/2.0.12...2.0.13) - Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472) - Fixed install step at the end of the init command to take new dependencies into account correctly - Fixed `update --lock` listing updates which were not really happening ([#&#8203;9812](https://github.com/composer/composer/issues/9812)) - Fixed support for --no-dev combined with --locked in outdated and show commands ([#&#8203;9788](https://github.com/composer/composer/issues/9788)) ### [`v2.0.12`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2012-2021-04-01) [Compare Source](https://github.com/composer/composer/compare/2.0.11...2.0.12) - Fixed support for new GitHub OAuth token format ([#&#8203;9757](https://github.com/composer/composer/issues/9757)) - Fixed support for Vagrant/VirtualBox filesystem slowness by adding short sleeps in some places ([#&#8203;9627](https://github.com/composer/composer/issues/9627)) - Fixed unclear error reporting when a package is in the lock file but not in the remote repositories ([#&#8203;9750](https://github.com/composer/composer/issues/9750)) - Fixed processes silently ignoring the CWD when it does not exist - Fixed new Windows bin handling to avoid proxying phar files ([#&#8203;9742](https://github.com/composer/composer/issues/9742)) - Fixed issue extracting archives into paths that already exist, fixing problems with some custom installers ([composer/installers#&#8203;479](https://github.com/composer/installers/issues/479)) - Fixed support for branch names starting with master/trunk/default ([#&#8203;9739](https://github.com/composer/composer/issues/9739)) - Fixed self-update to preserve phar file permissions on Windows ([#&#8203;9733](https://github.com/composer/composer/issues/9733)) - Fixed detection of hg version when localized ([#&#8203;9753](https://github.com/composer/composer/issues/9753)) - Fixed git execution failures to also include the stdout output ([#&#8203;9720](https://github.com/composer/composer/issues/9720)) ### [`v2.0.11`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2011-2021-02-24) [Compare Source](https://github.com/composer/composer/compare/2.0.10...2.0.11) - Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected ### [`v2.0.10`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2010-2021-02-23) [Compare Source](https://github.com/composer/composer/compare/2.0.9...2.0.10) - Added COMPOSER_MAX_PARALLEL_HTTP to let people set a lower amount of parallel requests if needed - Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use `symfony/flex` make sure you upgrade it to 1.12.2+ to fix `dump-env` issues) - Fixed `exec` command suppressing output in some circumstances - Fixed Windows/cmd.exe support for script handlers defined as `path/to/foo`, which are now rewritten internally to `path\to\foo` when needed - Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow `@php vendor/bin/foo` to work cross-platform - Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7) - Fixed regression handling some private Bitbucket repository clones - Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible - Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones - Fixed numeric default branches being aliased as [`9999999`](https://github.com/composer/composer/commit/9999999)-dev internally. This alias now only applies to default branches being non-numeric (e.g. `dev-main`) - Fixed support for older lib-sodium versions - Fixed various minor issues ### [`v2.0.9`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;209-2021-01-27) [Compare Source](https://github.com/composer/composer/compare/2.0.8...2.0.9) - Added warning if the curl extension is not enabled as it significantly degrades performance - Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime - Fixed download speed when downloading large files - Fixed `archive` and path repo copies mishandling some .gitignore paths - Fixed root package classes not being available to the plugins/scripts during the initial install - Fixed cache writes to be atomic and better support multiple Composer processes running in parallel - Fixed preg jit issues when `config` or `require` modifies large composer.json files - Fixed compatibility with envs having open_basedir restrictions - Fixed exclude-from-classmap causing regex issues when having too many paths - Fixed compatibility issue with Symfony 4/5 - Several small performance and debug output improvements ### [`v2.0.8`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;208-2020-12-03) [Compare Source](https://github.com/composer/composer/compare/2.0.7...2.0.8) - Fixed packages with aliases not matching conflicts which match the alias - Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir - Fixed curl error handling edge cases - Fixed cached git repositories becoming stale by having a `git gc` applied to them periodically - Fixed issue initializing plugins when using dev packages - Fixed update --lock / mirrors failing to update in some edge cases - Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error ### [`v2.0.7`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;207-2020-11-13) [Compare Source](https://github.com/composer/composer/compare/2.0.6...2.0.7) - Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY - Fixed root aliases not being present in lock file if not required by anything else - Fixed `remove` command requiring a lock file to be present - Fixed `Composer\InstalledVersions` to always contain up to date data during installation - Fixed `status` command breaking on slow networks - Fixed order of POST_PACKAGE_\* events to occur together once all installations of a package batch are done ### [`v2.0.6`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;206-2020-11-07) [Compare Source](https://github.com/composer/composer/compare/2.0.5...2.0.6) - Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths ### [`v2.0.5`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;205-2020-11-06) [Compare Source](https://github.com/composer/composer/compare/2.0.4...2.0.5) - Disabled platform-check verification of extensions by default (now defaulting `php-only`), set platform-check to `true` if you want a complete check - Improved platform-check handling of issue reporting - Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed - Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left) - Fixed issues when curl functions are disabled - Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present - Fixed issues removing/upgrading packages from path repositories on Windows - Fixed regression in 2.0.4 when handling of git@bitbucket.org URLs in vcs repositories - Fixed issue running create-project in current directory on Windows ### [`v2.0.4`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;204-2020-10-30) [Compare Source](https://github.com/composer/composer/compare/2.0.3...2.0.4) - Fixed `check-platform-req` command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages - Fixed `config` & `create-project` adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to `config` to restore the old behavior in the unlikely case this is needed - Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates - Fixed Bitbucket API authentication issue ### [`v2.0.3`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;203-2020-10-28) [Compare Source](https://github.com/composer/composer/compare/2.0.2...2.0.3) - Fixed bug in `outdated` command where dev packages with branch-aliases where always shown as being outdated - Fixed issue in lock file interoperability with composer 1.x when using `dev-master as xxx` aliases - Fixed new `--locked` option being missing from `outdated` command, for checking outdated packages directly from the lock file - Fixed a few debug/error reporting strings ### [`v2.0.2`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;202-2020-10-25) [Compare Source](https://github.com/composer/composer/compare/2.0.1...2.0.2) - Fixed regression handling `composer show -s` in projects where no version can be guessed from VCS - Fixed regression handling partial updates/`require` when a lock file was missing - Fixed interop issue with plugins that need to update dist URLs of packages, [see docs](https://getcomposer.org/doc/articles/plugins.md#plugin-modifies-downloads) if you need this ### [`v2.0.1`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;2014-2021-05-21) [Compare Source](https://github.com/composer/composer/compare/2.0.0...2.0.1) - Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3 - Fixed handling of inline-update-constraints with references or stability flags ([#&#8203;9847](https://github.com/composer/composer/issues/9847)) - Fixed async processes erroring in an unclear way when they failed to start ([#&#8203;9808](https://github.com/composer/composer/issues/9808)) - Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library ([#&#8203;9896](https://github.com/composer/composer/issues/9896)) - Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present ([#&#8203;9621](https://github.com/composer/composer/issues/9621)) - Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages ([#&#8203;9627](https://github.com/composer/composer/issues/9627)) - Fixed type annotations for the InstalledVersions class - Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData ([#&#8203;9816](https://github.com/composer/composer/issues/9816)) ### [`v2.0.0`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#&#8203;200-2020-10-24) [Compare Source](https://github.com/composer/composer/compare/1.10.26...2.0.0) - Fixed proxy handling issues when combined with our new curl-based downloader - Fixed solver bug resulting in endless loops in some cases - Fixed solver output being extremely long due to learnt rules - Fixed solver bug with multi literals - Fixed a couple minor regressions </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4xNTkuMSIsInVwZGF0ZWRJblZlciI6IjMyLjE5NC41In0=-->

renovate-bot force-pushed renovate/composer-composer-2.x from 9fa1a4a727 to 461c6188b5 2022-08-20 10:03:35 +00:00 Compare

renovate-bot changed title from Update dependency composer/composer to v2.4.0 to Update dependency composer/composer to v2.4.1 2022-08-20 10:03:38 +00:00

renovate-bot changed title from Update dependency composer/composer to v2.4.1 to Update dependency composer/composer to v2 2022-08-23 21:03:40 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from 461c6188b5 to 633d656b93 2022-09-14 15:03:39 +00:00 Compare

mwalbeck closed this pull request 2022-09-14 19:43:42 +00:00

renovate-bot commented 2022-09-14 20:05:22 +00:00

Author

Collaborator

Copy Link

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 2.x releases. However, if you upgrade to 2.x manually then Renovate will reenable minor and patch updates automatically.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.

### Renovate Ignore Notification As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for *any* future 2.x releases. However, if you upgrade to 2.x manually then Renovate will reenable minor and patch updates automatically. If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.

All checks were successful

continuous-integration/drone/pr Build is passing

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: mwalbeck/docker-composer#268

No description provided.