Revisions of php-composer2
buildservice-autocommit
accepted
request 1149085
from
Petr Gajdos (pgajdos)
(revision 50)
Petr Gajdos (pgajdos)
(revision 50)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1148935
from
Bernd Ritter (comrad)
(revision 49)
- Updated composer2.phar to match upstreams sha256 1ffd0be3f27e237b1ae47f9e8f29f96ac7f50a0bd9eef4f88cdbe94dd04bfff0
buildservice-autocommit
accepted
request 1146367
from
Petr Gajdos (pgajdos)
(revision 48)
Petr Gajdos (pgajdos)
(revision 48)
baserev update by copy to link target
Petr Gajdos (pgajdos)
committed
(revision 47)
- version update to 2.7.1 [bsc#1219757] CVE-2024-24821
Petr Gajdos (pgajdos)
committed
(revision 46)
- version update to 2.7.1
2.7.1
* Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 (#11842)
* Fixed diagnose auditing of Composer dependencies failing when running from the phar
2.7.0
* Security: Fixed code execution and possible privilege escalation via compromised
vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821)
* Changed the default of the audit.abandoned config setting to fail, set it to report or
ignore if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED env var (#11643)
* Added --minimal-changes (-m) flag to update/require/remove commands to perform
partial update with --with-dependencies while changing only what is absolutely
necessary in transitive dependencies (#11665)
* Added --sort-by-age (-A) flag to outdated/show commands to allow
sorting by and displaying the release date (most outdated first) (#11762)
* Added support for --self combined with --installed or --locked in show command, to
add the root package to the package list being output (#11785)
* Added severity information to audit command output (#11702)
* Added scripts-aliases top level key in composer.json to define aliases for custom scripts you defined (#11666)
* Added IPv4 fallback on connection timeout, as well as a COMPOSER_IPRESOLVE env var to force
IPv4 or IPv6, set it to 4 or 6 (#11791)
* Added support for wildcards in outdated's --ignore arg (#11831)
* Added support for bump command bumping * to >=current version (#11694)
* Added detection of constraints that cannot possibly match anything to validate command (#11829)
* Added package source information to the output of install when running in very verbose (-vv) mode (#11763)
* Added audit of Composer's own bundled dependencies in diagnose command (#11761)
* Added GitHub token expiration date to diagnose command output (#11688)
* Added non-zero status code to why/why-not commands (#11796)
* Added error when calling show --direct <package> with an indirect/transitive dependency (#11728)
* Added COMPOSER_FUND=0 env var to hide calls for funding (#11779)
* Fixed bump command not bumping packages required with a v prefix (#11764)
buildservice-autocommit
accepted
request 1117489
from
Petr Gajdos (pgajdos)
(revision 45)
Petr Gajdos (pgajdos)
(revision 45)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1117487
from
Ish Sookun (Ishwon)
(revision 44)
Updates php-composer to version 2.6.5.
buildservice-autocommit
accepted
request 1114950
from
Petr Gajdos (pgajdos)
(revision 43)
Petr Gajdos (pgajdos)
(revision 43)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1114790
from
Petr Gajdos (pgajdos)
(revision 42)
- version update to 2.6.4
* 2.6.4 2023-09-29 [bsc#1215859]
- Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible,
executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
- Fixed json output of abandoned packages in audit command (#11647)
- Performance improvement in pool optimization step (#11638)
- Performance improvement in show -a <packagename> (#11659)
* 2.6.3 2023-09-15
- Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future
default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
- Added a warning when duplicates files autoload rules are detected (#11109)
- Fixed unhandled promise rejection regression (#11620)
- Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
- Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
- Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)
* 2.6.2 2023-09-03
- Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them,
they are now more transparent (#11562)" which caused a regression (#11617)
- Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit
audits with require, create-project or update commands (#11616)
- Fixed create-project infinite post-install loop in some circumstances (#11613)
* 2.6.1 2023-09-01
- Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which
caused a regression (#11612)
* 2.6.0 2023-09-01
- Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
- Added rm alias to the remove command (#11367)
- Added runtime platform check to verify the php-64bit requirement is met (#11334)
- Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
- Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying
buildservice-autocommit
accepted
request 1112968
from
Petr Gajdos (pgajdos)
(revision 41)
Petr Gajdos (pgajdos)
(revision 41)
baserev update by copy to link target
buildservice-autocommit
accepted
request 1105263
from
Petr Gajdos (pgajdos)
(revision 39)
Petr Gajdos (pgajdos)
(revision 39)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1101051
from
Ish Sookun (Ishwon)
(revision 38)
- Update to version 2.5.8 * Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495) * Fixed EventDispatcher on windows picking bat files when using "@php binary" (#11490) * Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492) * Fixed type declarations on ClassLoader (#11500) - Update to version 2.5.7 * Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481) - Update to version 2.5.6 * BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455) * Fixed metapackages showing their install path as the root package's path instead of empty (#11455) * Fixed lock file verification on install to deal better with replace/provide (#11475) * Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405) * Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08) * Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454) * Fixed support for plugin classes being marked as readonly (#11404) * Fixed getmypid being required as it is not always available (#11401) * Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
buildservice-autocommit
accepted
request 1075002
from
Factory Maintainer (factory-maintainer)
(revision 37)
Factory Maintainer (factory-maintainer)
(revision 37)
baserev update by copy to link target
Yunhe Guo (guoyunhe)
committed
(revision 36)
- Update to version 2.5.5 * Fixed basic auth failures resulting in infinite retry loop (#11320) * Fixed GitHub rate limit reporting (#11366) * Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304) * Fixed issue displaying solver problems with branch names containing `%` signs (#11359) * Fixed race condition in cache validity detection when running Composer highly concurrently (#11375) * Fixed various minor config command issues (#11353, #11302)
buildservice-autocommit
accepted
request 1067188
from
Factory Maintainer (factory-maintainer)
(revision 35)
Factory Maintainer (factory-maintainer)
(revision 35)
baserev update by copy to link target
Yunhe Guo (guoyunhe)
committed
(revision 34)
- Update to version 2.5.4 * Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318) - Update to version 2.5.3 * Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)
buildservice-autocommit
accepted
request 1064394
from
Factory Maintainer (factory-maintainer)
(revision 33)
Factory Maintainer (factory-maintainer)
(revision 33)
baserev update by copy to link target
Yunhe Guo (guoyunhe)
committed
(revision 32)
- Update to version 2.5.2 * Added warning when `require` auto-selects a feature branch as that is probably not desired (#11270) * Fixed `self.version` requirements reporting lock file integrity errors when changing branches (#11283) * Fixed `require` regression which broke the --fixed flag (#11247) * Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281) * Fixed autoloading regression on PHP 5.6 (#11285) * Fixed archive command including an existing archive into itself if run repeatedly (#11239) * Fixed dev package prompt in `require` not appearing in some conditions (#11287)
buildservice-autocommit
accepted
request 1045982
from
Factory Maintainer (factory-maintainer)
(revision 31)
Factory Maintainer (factory-maintainer)
(revision 31)
baserev update by copy to link target
Displaying revisions 1 - 20 of 50
