Update dependency composer/composer to v2.7.6 #551

renovate-bot · 2023-09-01T09:03:53Z

renovate-bot commented

2023-09-01 09:03:53 +00:00

This PR contains the following updates:

Package	Update	Change
composer/composer	minor	`2.6.6` -> `2.7.6`
composer/composer	major	`1.10.27` -> `2.7.6`

Release Notes

composer/composer (composer/composer)

`v2.7.6`

Compare Source

Fixed regression when script handlers add an autoloader which uses a private callback (#11960)

`v2.7.5`

Compare Source

Added uninstall alias to remove command (#11951)
- Added workaround for broken curl versions 8.7.0/8.7.1 causing transport exceptions (#11913)
- Fixed root usage warnings showing up within Podman containers (#11946)
- Fixed config command not handling objects correctly in some conditions (#11945)
- Fixed binary proxies not containing the correct path if the project dir is a symlink (#11947)
- Fixed Composer autoloader being overruled by project autoloaders when they are loaded by event handlers (scripts/plugins) (#11955)
- Fixed TransportException (http failures) not having a distinct exit code, should now exit with 100 as code (#11954)

`v2.7.4`

Compare Source

Fixed regression (Call to undefined method ProxyManager::needsTransitionWarning()) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940)

`v2.7.3`

Compare Source

BC Warning: Fixed https_proxy env var falling back to http_proxy's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915)
- Fixed show and outdated commands to remove leading v in e.g. v1.2.3 when showing lists of packages (#11925)
- Fixed audit command not showing any id when no CVE is present, the advisory ID is now shown (#11892)
- Fixed the warning about a missing default version showing for packages with project type as those are typically not versioned and do not have cyclic dependencies (#11885)
- Fixed PHP 8.4 deprecation warnings
- Fixed clear-cache command to respect the config.cache-dir setting from the local composer.json (#11921)
- Fixed status command not handling failed download/install promises correctly (#11889)
- Added support for buy_me_a_coffee in GitHub funding files (#11902)
- Added hg support for SSH urls (#11878)
- Fixed some env vars with an integer value causing a crash (#11908)
- Fixed context data not being output when using IOInterface as a PSR-3 logger (#11882)

`v2.7.2`

Compare Source

Added info about the PHP version when running composer --version (#11866)
- Added warning when the root version cannot be detected (#11858)
- Fixed plugins still being enabled in a few contexts when running as root (c3efff9)
- Fixed outdated --ignore ... still attempting to load the latest version of the ignored packages (#11863)
- Fixed handling of broken symlinks in the middle of an install path (#11864)
- Fixed update --lock still incorrectly updating some metadata (#11850, #11787)

`v2.7.1`

Compare Source

Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 (#11842)
- Fixed diagnose auditing of Composer dependencies failing when running from the phar

`v2.7.0`

Compare Source

Security: Fixed code execution and possible privilege escalation via compromised vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821)
- Changed the default of the audit.abandoned config setting to fail, set it to report or ignore if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED env var (#11643)
- Added --minimal-changes (-m) flag to update/require/remove commands to perform partial update with --with-dependencies while changing only what is absolutely necessary in transitive dependencies (#11665)
- Added --sort-by-age (-A) flag to outdated/show commands to allow sorting by and displaying the release date (most outdated first) (#11762)
- Added support for --self combined with --installed or --locked in show command, to add the root package to the package list being output (#11785)
- Added severity information to audit command output (#11702)
- Added scripts-aliases top level key in composer.json to define aliases for custom scripts you defined (#11666)
- Added IPv4 fallback on connection timeout, as well as a COMPOSER_IPRESOLVE env var to force IPv4 or IPv6, set it to 4 or 6 (#11791)
- Added support for wildcards in outdated's --ignore arg (#11831)
- Added support for bump command bumping * to >=current version (#11694)
- Added detection of constraints that cannot possibly match anything to validate command (#11829)
- Added package source information to the output of install when running in very verbose (-vv) mode (#11763)
- Added audit of Composer's own bundled dependencies in diagnose command (#11761)
- Added GitHub token expiration date to diagnose command output (#11688)
- Added non-zero status code to why/why-not commands (#11796)
- Added error when calling show --direct <package> with an indirect/transitive dependency (#11728)
- Added COMPOSER_FUND=0 env var to hide calls for funding (#11779)
- Fixed bump command not bumping packages required with a v prefix (#11764)
- Fixed automatic disabling of plugins when running non-interactive as root
- Fixed update --lock not keeping the dist reference/url/checksum pinned (#11787)
- Fixed require command crashing at the end if no lock file is present (#11814)
- Fixed root aliases causing problems when auditing locked dependencies (#11771)
- Fixed handling of versions with 4 components in require command (#11716)
- Fixed compatibility issues with Symfony 7
- Fixed composer.json remaining behind after a --dry-run of the require command (#11747)
- Fixed warnings being shown incorrectly under some circumstances (#11786, #11760, #11803)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [composer/composer](https://github.com/composer/composer) | minor | `2.6.6` -> `2.7.6` | | [composer/composer](https://github.com/composer/composer) | major | `1.10.27` -> `2.7.6` | --- ### Release Notes <details> <summary>composer/composer (composer/composer)</summary> ### [`v2.7.6`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#276-2024-05-04) [Compare Source](https://github.com/composer/composer/compare/2.7.5...2.7.6) - Fixed regression when script handlers add an autoloader which uses a private callback ([#11960](https://github.com/composer/composer/issues/11960)) ### [`v2.7.5`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#275-2024-05-03) [Compare Source](https://github.com/composer/composer/compare/2.7.4...2.7.5) - Added `uninstall` alias to `remove` command ([#11951](https://github.com/composer/composer/issues/11951)) - Added workaround for broken curl versions 8.7.0/8.7.1 causing transport exceptions ([#11913](https://github.com/composer/composer/issues/11913)) - Fixed root usage warnings showing up within Podman containers ([#11946](https://github.com/composer/composer/issues/11946)) - Fixed config command not handling objects correctly in some conditions ([#11945](https://github.com/composer/composer/issues/11945)) - Fixed binary proxies not containing the correct path if the project dir is a symlink ([#11947](https://github.com/composer/composer/issues/11947)) - Fixed Composer autoloader being overruled by project autoloaders when they are loaded by event handlers (scripts/plugins) ([#11955](https://github.com/composer/composer/issues/11955)) - Fixed TransportException (http failures) not having a distinct exit code, should now exit with `100` as code ([#11954](https://github.com/composer/composer/issues/11954)) ### [`v2.7.4`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#274-2024-04-22) [Compare Source](https://github.com/composer/composer/compare/2.7.3...2.7.4) - Fixed regression (`Call to undefined method ProxyManager::needsTransitionWarning()`) with projects requiring composer/composer in an pre-2.7.3 version ([#11943](https://github.com/composer/composer/issues/11943), [#11940](https://github.com/composer/composer/issues/11940)) ### [`v2.7.3`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#273-2024-04-19) [Compare Source](https://github.com/composer/composer/compare/2.7.2...2.7.3) - BC Warning: Fixed `https_proxy` env var falling back to `http_proxy`'s value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings ([#11915](https://github.com/composer/composer/issues/11915)) - Fixed `show` and `outdated` commands to remove leading `v` in e.g. `v1.2.3` when showing lists of packages ([#11925](https://github.com/composer/composer/issues/11925)) - Fixed `audit` command not showing any id when no CVE is present, the advisory ID is now shown ([#11892](https://github.com/composer/composer/issues/11892)) - Fixed the warning about a missing default version showing for packages with `project` type as those are typically not versioned and do not have cyclic dependencies ([#11885](https://github.com/composer/composer/issues/11885)) - Fixed PHP 8.4 deprecation warnings - Fixed `clear-cache` command to respect the config.cache-dir setting from the local composer.json ([#11921](https://github.com/composer/composer/issues/11921)) - Fixed `status` command not handling failed download/install promises correctly ([#11889](https://github.com/composer/composer/issues/11889)) - Added support for `buy_me_a_coffee` in GitHub funding files ([#11902](https://github.com/composer/composer/issues/11902)) - Added `hg` support for SSH urls ([#11878](https://github.com/composer/composer/issues/11878)) - Fixed some env vars with an integer value causing a crash ([#11908](https://github.com/composer/composer/issues/11908)) - Fixed context data not being output when using IOInterface as a PSR-3 logger ([#11882](https://github.com/composer/composer/issues/11882)) ### [`v2.7.2`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#272-2024-03-11) [Compare Source](https://github.com/composer/composer/compare/2.7.1...2.7.2) - Added info about the PHP version when running `composer --version` ([#11866](https://github.com/composer/composer/issues/11866)) - Added warning when the root version cannot be detected ([#11858](https://github.com/composer/composer/issues/11858)) - Fixed plugins still being enabled in a few contexts when running as root ([`c3efff9`](https://github.com/composer/composer/commit/c3efff91f)) - Fixed `outdated --ignore ...` still attempting to load the latest version of the ignored packages ([#11863](https://github.com/composer/composer/issues/11863)) - Fixed handling of broken symlinks in the middle of an install path ([#11864](https://github.com/composer/composer/issues/11864)) - Fixed `update --lock` still incorrectly updating some metadata ([#11850](https://github.com/composer/composer/issues/11850), [#11787](https://github.com/composer/composer/issues/11787)) ### [`v2.7.1`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#271-2024-02-09) [Compare Source](https://github.com/composer/composer/compare/2.7.0...2.7.1) - Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 ([#11842](https://github.com/composer/composer/issues/11842)) - Fixed `diagnose` auditing of Composer dependencies failing when running from the phar ### [`v2.7.0`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#270-2024-02-08) [Compare Source](https://github.com/composer/composer/compare/2.6.6...2.7.0) - Security: Fixed code execution and possible privilege escalation via compromised vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821) - Changed the default of the `audit.abandoned` config setting to `fail`, set it to `report` or `ignore` if you do not want this, or set it via `COMPOSER_AUDIT_ABANDONED` env var ([#11643](https://github.com/composer/composer/issues/11643)) - Added --minimal-changes (-m) flag to `update`/`require`/`remove` commands to perform partial update with --with-dependencies while changing only what is absolutely necessary in transitive dependencies ([#11665](https://github.com/composer/composer/issues/11665)) - Added --sort-by-age (-A) flag to `outdated`/`show` commands to allow sorting by and displaying the release date (most outdated first) ([#11762](https://github.com/composer/composer/issues/11762)) - Added support for `--self` combined with `--installed` or `--locked` in `show` command, to add the root package to the package list being output ([#11785](https://github.com/composer/composer/issues/11785)) - Added severity information to `audit` command output ([#11702](https://github.com/composer/composer/issues/11702)) - Added `scripts-aliases` top level key in composer.json to define aliases for custom scripts you defined ([#11666](https://github.com/composer/composer/issues/11666)) - Added IPv4 fallback on connection timeout, as well as a `COMPOSER_IPRESOLVE` env var to force IPv4 or IPv6, set it to `4` or `6` ([#11791](https://github.com/composer/composer/issues/11791)) - Added support for wildcards in `outdated`'s --ignore arg ([#11831](https://github.com/composer/composer/issues/11831)) - Added support for `bump` command bumping `*` to `>=current version` ([#11694](https://github.com/composer/composer/issues/11694)) - Added detection of constraints that cannot possibly match anything to `validate` command ([#11829](https://github.com/composer/composer/issues/11829)) - Added package source information to the output of `install` when running in very verbose (-vv) mode ([#11763](https://github.com/composer/composer/issues/11763)) - Added audit of Composer's own bundled dependencies in `diagnose` command ([#11761](https://github.com/composer/composer/issues/11761)) - Added GitHub token expiration date to `diagnose` command output ([#11688](https://github.com/composer/composer/issues/11688)) - Added non-zero status code to why/why-not commands ([#11796](https://github.com/composer/composer/issues/11796)) - Added error when calling `show --direct <package>` with an indirect/transitive dependency ([#11728](https://github.com/composer/composer/issues/11728)) - Added `COMPOSER_FUND=0` env var to hide calls for funding ([#11779](https://github.com/composer/composer/issues/11779)) - Fixed `bump` command not bumping packages required with a `v` prefix ([#11764](https://github.com/composer/composer/issues/11764)) - Fixed automatic disabling of plugins when running non-interactive as root - Fixed `update --lock` not keeping the dist reference/url/checksum pinned ([#11787](https://github.com/composer/composer/issues/11787)) - Fixed `require` command crashing at the end if no lock file is present ([#11814](https://github.com/composer/composer/issues/11814)) - Fixed root aliases causing problems when auditing locked dependencies ([#11771](https://github.com/composer/composer/issues/11771)) - Fixed handling of versions with 4 components in `require` command ([#11716](https://github.com/composer/composer/issues/11716)) - Fixed compatibility issues with Symfony 7 - Fixed composer.json remaining behind after a --dry-run of the `require` command ([#11747](https://github.com/composer/composer/issues/11747)) - Fixed warnings being shown incorrectly under some circumstances ([#11786](https://github.com/composer/composer/issues/11786), [#11760](https://github.com/composer/composer/issues/11760), [#11803](https://github.com/composer/composer/issues/11803)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot force-pushed renovate/composer-composer-2.x from 22c6f6cca9 to d6a4a64efd

2023-09-01 12:03:53 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.6.0~~ to Update dependency composer/composer to v2.6.1

2023-09-01 12:03:59 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from d6a4a64efd to 4bd67a3e54

2023-09-03 13:03:53 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.6.1~~ to Update dependency composer/composer to v2.6.2

2023-09-03 13:03:59 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from 4bd67a3e54 to 679d69f008

2023-09-15 08:03:47 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.6.2~~ to Update dependency composer/composer to v2.6.3

2023-09-15 08:03:54 +00:00

renovate-bot changed title from ~~Update dependency composer/composer to v2.6.3~~ to Update dependency composer/composer to v2

2023-09-17 10:03:53 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from 679d69f008 to 0f5d9b61a9

2023-09-29 09:03:57 +00:00

Compare

renovate-bot force-pushed renovate/composer-composer-2.x from 0f5d9b61a9 to 6b67cfe7ae

2023-09-29 10:03:57 +00:00

Compare

renovate-bot force-pushed renovate/composer-composer-2.x from 6b67cfe7ae to 46d346c754

2023-10-06 09:03:51 +00:00

Compare

renovate-bot force-pushed renovate/composer-composer-2.x from 46d346c754 to be187d9b79

2023-12-08 18:04:04 +00:00

Compare

renovate-bot force-pushed renovate/composer-composer-2.x from be187d9b79 to 9e3121fa9a

2024-02-08 15:03:36 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2~~ to Update dependency composer/composer to v2.7.0

2024-02-08 15:03:39 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from 9e3121fa9a to cfafc85192

2024-02-09 15:03:36 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.7.0~~ to Update dependency composer/composer to v2.7.1

2024-02-09 15:03:39 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from cfafc85192 to e499bf910b

2024-03-11 17:03:46 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.7.1~~ to Update dependency composer/composer to v2.7.2

2024-03-11 17:03:51 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from e499bf910b to 221bfe2b74

2024-04-19 20:03:38 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.7.2~~ to Update dependency composer/composer to v2.7.3

2024-04-19 20:03:42 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from 221bfe2b74 to 9ac7c2e89a

2024-04-22 20:03:36 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.7.3~~ to Update dependency composer/composer to v2.7.4

2024-04-22 20:03:41 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from 9ac7c2e89a to ec63f4aef5

2024-05-03 15:03:35 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.7.4~~ to Update dependency composer/composer to v2.7.5

2024-05-03 15:03:40 +00:00

renovate-bot force-pushed renovate/composer-composer-2.x from ec63f4aef5 to 342ea0f6bb

2024-05-04 22:03:34 +00:00

Compare

renovate-bot changed title from ~~Update dependency composer/composer to v2.7.5~~ to Update dependency composer/composer to v2.7.6

2024-05-04 22:03:39 +00:00

continuous-integration/drone/pr Build is passing

Details

This pull request can be merged automatically.

You are not authorized to merge this pull request.

You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.

git checkout -b renovate/composer-composer-2.x master

git pull origin renovate/composer-composer-2.x

Step 2:

Merge the changes and update on Gitea.

git checkout master

git merge --no-ff renovate/composer-composer-2.x

git push origin master

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No project

No Assignees

1 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: mwalbeck/docker-composer#551