File php-composer2.changes of Package php-composer2
-------------------------------------------------------------------
Fri May 12 07:25:24 UTC 2023 - ecsos <ecsos@opensuse.org>
- version update to 2.5.5
2.5.5
* Fixed basic auth failures resulting in infinite retry loop (#11320)
* Fixed GitHub rate limit reporting (#11366)
* Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304)
* Fixed issue displaying solver problems with branch names containing % signs (#11359)
* Fixed race condition in cache validity detection when running Composer highly concurrently (#11375)
* Fixed various minor config command issues (#11353, #11302)
2.5.4
* Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318)
2.5.3
* Added extra.plugin-optional support for allow auto-disabling unknown plugins
which are not critical when running non-interactive (#11315)
2.5.2
* Added warning when require auto-selects a feature branch as that is probably not desired (#11270)
* Fixed self.version requirements reporting lock file integrity errors when changing branches (#11283)
* Fixed require regression which broke the --fixed flag (#11247)
* Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281)
* Fixed autoloading regression on PHP 5.6 (#11285)
* Fixed archive command including an existing archive into itself if run repeatedly (#11239)
* Fixed dev package prompt in require not appearing in some conditions (#11287)
2.5.1
* Fixed ClassLoader regression which made it fail if serialized
(e.g. within PHPUnit process isolation) (#11237)
* Fixed preg type error in svn version guessing (#11231)
2.5.0
* BC Warning: To prevent abuse of our includeFile() function it is now gone,
it was not part of the official API but may still cause issues if some code
incorrectly relied on it (#11015)
* Improved version guessing of require command to use the dependency resolution
result instead of using the latest available version
(except if you run with --no-update) (#11160)
* Improved version selection in archive command (#11230)
* Added autocompletion of config option names in the config command (#11130)
* Added support for writing custom commands as Command classes (#11151)
* Added hard failure when installing from a lock file which does not satisfy
the composer.json requirements (#11195)
* Added warning when the outdated command rejects a new package
due to unmet platform requirements (#11113)
* Added support for bump command to bump >=x to >=installed-version (#11179)
* Added --download-only flag to install command to only download and prime
the cache with the package archives (#11041)
* Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials
are configured for a custom domain (#11062)
* Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
* Added interactive prompt to run-script and exec commands if run without any argument (#11157)
* Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
* Fixed full disk warning to be shown when less than 100MiB is available (#11190)
* Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
* Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)
2.4.4
* Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
* Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
* Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
* Fixed --dry-run flag missing from bump command (#11047)
* Fixed status command reporting differences when the source ref is a tag (#11155)
* Fixed outdated command outputting legend on stdout instead of stderr
* Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
2.4.3
* BC Break: The json format of audit command now has reportedAt as an RFC3339 string
instead of an object which was a mistake (#11120)
* Fixed json format of audit command which was missing affectedVersions (#11120)
* Fixed plugin commands not being loaded during bash completions (#11074)
* Fixed parsing of inline aliases within complex constraints with || or , (#11086)
* Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5
or below silently with a 200 (#11091)
* Fixed JsonFile reading files without checking if they are readable first (#11077)
* Fixed require command with --dry-run failing when requiring a package
requiring stability flag extraction (#11112)
2.4.2
* Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
* Fixed handling of plugin activation when running as root without
COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting,
or does not happen if input is non-interactive
* Fixed package filter on bump command (#11053)
* Fixed handling of --ignore-platform-req with upper-bound ignores
to not apply to conflict rules (#11037)
* Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
* Fixed handling of zero-major versions in outdated command with --major-only (#11032)
* Fixed show --platform regression since 2.4.0 when running in
a directory without composer.json (#11046)
* Fixed a few strict type errors
2.4.1
* Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998)
* Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000)
* Fixed local git repos being copied to cache unnecessarily (#11001)
* Fixed git cache invalidation issue when a git tag gets created
after the cache has loaded a given reference (#11004)
2.4.0
* Added json format output to the new audit command (#10965)
* Added json format output to the check-platform-reqs command (#10979)
* Added GitLab 15+ token refresh support (#10988)
* Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#10995)
* Fixed various bash completion issues
2.4.0-RC1
* Added bash completions for Composer commands, package names, etc (see how to setup) (#10320)
* Added bump command to bump requirements to the currently installed version (#10829)
* Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898)
* Added automatic auditing of security vulnerabilities after update is done,
can be overridden with --no-audit (#10798, #10898)
* Added --audit to install command to also do an audit (#10798, #10898)
* Added r alias to require command (#10953)
* Added composer/class-map-generator dependency to replace
Composer\Autoload\ClassMapGenerator which is now deprecated (#10885)
* Added --locked to depends/prohibits commands (#10834)
* Added --strict-psr flag to dump-autoload command to fail the process
if PSR violations were detected, useful for CI (#10886)
* Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars
to turn on --prefer-stable/--prefer-lowest on update and require command,
useful for CI (#10919)
* Added support for temporary update constraints on all packages
(now also including non-root dependencies) (#10773)
* Added --major-only flag to the outdated command to show only packages with major version updates (#10827)
* Added sections for direct and transitive deps in outdated command output (#10779)
* Added ability for cache GC to clean up vcs and repo caches (#10826)
* Added --gc flag to clear-cache to only trigger a garbage collection instead of clearing everything (#10826)
* Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait for the child process
to exit before Composer exits to avoid dropping output (#10958)
* Added prompt suggesting using --dev when requiring packages with
dev/testing/static analysis keywords present (#10960)
* Added warning in require, init and create-project commands when the latest version
of a package cannot be used due to platform requirements (#10896)
2.3.10
* Fixed plugins from CWD/vendor being loaded in some cases like
create-project or validate even though the target directory is outside of CWD (#10935)
* Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo)
plugins which will not warn/error anymore if not in allow-plugins,
as they are anyway not loaded (#10928)
* Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
* Fixed support for disable_functions containing disk_free_space (#10936)
* Fixed RootPackageRepository usages to always clone the root package
to avoid interoperability issues with plugins (#10940)
2.3.9
* Fixed non-interactive behavior of allow-plugins to throw instead
of continue with a warning to avoid broken installs (#10920)
* Fixed allow-plugins BC mode to ensure old lock files created pre-2.2
can be installed with only a warning but plugins fully loaded (#10920)
* Fixed deprecation notice (#10921)
* Fixed type errors (#10924)
2.3.8
* Fixed support for cache-read-only where the filesystem is not writable (#10906)
* Fixed type error when using allow-plugins: true (#10909)
* Fixed @putenv scripts receiving arguments passed to the command (#10846)
* Fixed support for spaces in paths with binary proxies on Windows (#10836)
* Fixed type error in GitDownloader if branches cannot be listed (#10888)
* Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
* Fixed type errors (#10904, #10897)
2.3.7
* Fixed a few PHPStan ConfigReturnTypeExtension bugs
* Fixed Config default for auth configs to be empty arrays instead of null,
fixes issues with diagnose command (#10814)
* Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
* Fixed bin proxies to allow a proxy to include another one safely (#10823)
* Fixed openssl 3.x version parsing as it is now semver compliant
* Fixed type error when a json file cannot be read (#10818)
* Fixed parsing of multi-line arrays in funding.yml (#10784)
2.3.6
* Added Composer\PHPStan\ConfigReturnTypeExtension to improve return
types of Config::get() which you can also use in plugins CI (#10635)
* Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
* Fixed unnecessary HTTP request in BitbucketDriver (#10729)
* Fixed invalid credentials loop when setting up GitLab token (#10748)
* Fixed PHP 8.2 deprecations (#10766)
* Fixed lock file changes being output even when the lock file creation is disabled
* Fixed race condition when multiple requests asking for auth on
the same hostname fired concurrently (#10763)
* Fixed quoting of commas on Windows (#10775)
* Fixed issue installing path repos with a disabled symlink function (#10786)
* Fixed various type errors (#10753, #10739, #10751)
2.3.5
* Security: Fixed command injection vulnerability in HgDriver/GitDriver
(GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
* Added warning when downloading a file with verify_peer[_name] disabled (#10722)
* Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
* Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
* Fixed validate command checking the lock file even if the lock option is disabled (#10723)
* Fixed detection of default branch name when it changed since
a git repo was mirrored in cache dir (#10701)
2.3.4
* Fixed the generated autoload.php to support running on PHP 5.6+
(down from 7.0+) and warn clearly on older PHP versions (#10714)
* Fixed run-script --list flag regression (#10710)
* Fixed curl downloader handling of DNS resolution failures to do an automatic retry (#10716)
* Fixed script handling of external commands not setting the Path env correctly on windows (#10700)
* Fixed various type errors (#10694, #10696, #10702, #10712, #10703)
2.3.3
* Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
* Added missing config.bitbucket-oauth in composer-schema.json
* Fixed type errors in SvnDriver (#10681)
* Fixed --version output to match the pre-2.3 one (#10684)
* Fixed config/auth.json files not being validated against the composer-schema.json (#10685)
* Fixed generation of autoload crashing if a package has a broken path (#10688)
* Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687)
* Updated semver, jsonlint deps for minor fixes
* Removed dev-master=>dev-main alias from #10372 as it does not work
when reloading from lock file and extracting dev deps (#10651)
2.3.2
* Fixed type error when running exec command (#10672)
* Fixed endless loop in plugin activation prompt when input is
not fully interactive yet appears to be (#10648)
* Fixed type error in ComposerRepository (#10675)
* Fixed issues loading platform packages where the version of a
library cannot be established (#10631)
2.3.1
* Fixed type error when HOME env var is not set (#10670)
2.3.0
* Fixed many strict types errors (#10646, #10642, #10647, #10658,
#10656, #10665, #10660, #10663, #10662)
2.3.0-RC2
* Fixed invalid return value in ComposerRepository::findPackage (#10622)
* Fixed many show command issues due to a flipped condition (#10623)
* Fixed phpversion() handling when it returns false due to an extension defining no version (#10631)
* Fixed remove command failing when no allow-plugin is defined in config (#10629)
* Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632)
2.3.0-RC1
* BC Break: the minimum PHP version is now 7.2.5+, use the Composer 2.2 LTS
if you are stuck with an older PHP (#10343)
* BC Break: added native parameter & return types to many internal APIs,
we explicitly left the most extended/implemented symbols untouched
but if this causes problems nonetheless please report it ASAP (#10547, #10561)
* BC Break: added visibility to all constants, a few internal ones
have been made private/protected, if this causes problems please
report it ASAP (#10550)
* BC Break: the minimum supported Symfony components version is now 5.4,
this only affects you if you are requiring composer/composer directly however,
which is generally frowned upon
* Bumped composer-plugin-api to 2.3.0
* Bumped bundled Symfony components from 2.8 to 5.4 🥳
* Added declare(strict_types=1) to all the classes, which for sure
could cause regressions in edge cases, please report with stack traces (#10567)
* Added --patch-only to the outdated command to only show updates
to patch versions and ignore new major/minor versions (#10589)
* Added clickable links to various commands for terminals which support it (#10430)
* Added ProcessExecutor ability to receive commands as arrays by (internals/plugin change only) (#10435)
* Added abandoned flag to show/outdated commands JSON-formatted output (#10485)
* Added config.reference option to path repositories to configure the way
the reference is generated, and possibly reduce composer.lock conflicts (#10488)
* Added automatic removal of allow-plugins rules when removing a plugin via the remove command (#10615)
* Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS env vars
to configure the equivalent flags (#10616)
* Added support for Symfony 6.0 components
* Added support for psr/log 3.x (#10454)
* Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
* Performance improvement in pool optimization step (#10585)
-------------------------------------------------------------------
Fri May 12 06:17:02 UTC 2023 - ecsos <ecsos@opensuse.org>
- version update to 2.2.21
2.2.21
* Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11326)
2.2.20
* Added extra.plugin-optional support for allow auto-disabling unknown
plugins which are not critical when running non-interactive (#11315)
2.2.19
* Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
* Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
* Fixed handling of --ignore-platform-req with upper-bound ignores
to not apply to conflict rules (#11037)
* Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
-------------------------------------------------------------------
Tue Aug 23 10:32:24 UTC 2022 - ecsos <ecsos@opensuse.org>
- version update to 2.2.18
2.2.18
* Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#10995)
* Fixed duplicate missing extension warnings being displayed (#10938)
* Fixed hg version detection (#10955)
* Fixed git cache invalidation issue when a git tag gets created
after the cache has loaded a given reference (#11004)
2.2.17 2022-07-13
* Fixed plugins from CWD/vendor being loaded in some cases like create-project
or validate even though the target directory is outside of CWD (#10935)
* Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins
which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
* Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
* Fixed support for disable_functions containing disk_free_space (#10936)
* Fixed RootPackageRepository usages to always clone the root package
to avoid interoperability issues with plugins (#10940)
2.2.16 2022-07-05
* Fixed non-interactive behavior of allow-plugins to throw instead of continue
with a warning to avoid broken installs (#10920)
* Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed
with only a warning but plugins fully loaded (#10920)
* Fixed deprecation notice (#10921)
2.2.15 2022-07-01
* Fixed support for cache-read-only where the filesystem is not writable (#10906)
* Fixed type error when using allow-plugins: true (#10909)
* Fixed @putenv scripts receiving arguments passed to the command (#10846)
* Fixed support for spaces in paths with binary proxies on Windows (#10836)
* Fixed type error in GitDownloader if branches cannot be listed (#10888)
* Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
2.2.14 2022-06-06
* Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
* Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
* Fixed bin proxies to allow a proxy to include another one safely (#10823)
* Fixed gitlab-token JSON schema definition (#10800)
* Fixed openssl 3.x version parsing as it is now semver compliant
* Fixed type error when a json file cannot be read (#10818)
* Fixed parsing of multi-line arrays in funding.yml (#10784)
2.2.13 2022-05-25
* Fixed invalid credentials loop when setting up GitLab token (#10748)
* Fixed PHP 8.2 deprecations (#10766)
* Fixed lock file changes being output even when the lock file creation is disabled
* Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763)
* Fixed quoting of commas on Windows (#10775)
* Fixed issue installing path repos with a disabled symlink function (#10786)
2.2.12 2022-04-13
* Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
* Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
* Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
* Fixed validate command checking the lock file even if the lock option is disabled (#10723)
2.2.11 2022-04-01
* Added missing config.bitbucket-oauth in composer-schema.json
* Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
* Updated semver, jsonlint deps for minor fixes
* Fixed generation of autoload crashing if a package has a broken path (#10688)
* Removed dev-master=>dev-main alias from #10372 as it does not work
when reloading from lock file and extracting dev deps (#10651)
2.2.10 2022-03-29
* Fixed Bitbucket authorization detection due to API changes (#10657)
* Fixed validate command warning about dist/source keys if defined (#10655)
* Fixed deletion/handling of corrupted 0-bytes zip archives (#10666)
2.2.9 2022-03-15
* Fixed regression with plugins that modify install path of packages,
see docs if you are authoring such a plugin (#10621)
2.2.8 2022-03-15
* Fixed files autoloading sort order to be fully deterministic (#10617)
* Fixed pool optimization pass edge cases (#10579)
* Fixed require command failing when self.version is used as constraint (#10593)
* Fixed --no-ansi / undecorated output still showing color in repo warnings (#10601)
* Performance improvement in pool optimization step (composer/semver#131)
2.2.7 2022-02-25
* Allow installation together with composer/xdebug-handler ^3 (#10528)
* Fixed support for packages with no licenses in licenses command output (#10537)
* Fixed handling of allow-plugins: false which kept warning (#10530)
* Fixed enum parsing in classmap generation when the enum keyword is not lowercased (#10521)
* Fixed author parsing in init command requiring an email whereas the schema allows a name only (#10538)
* Fixed issues in require command when requiring packages which do not exist
(but are provided by something else you require) (#10541)
* Performance improvement in pool optimization step (#10546)
2.2.6 2022-02-04
* BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for binaries added
in Composer 2.2.2 had to be renamed to COMPOSER_RUNTIME_BIN_DIR (#10512)
* Fixed enum parsing in classmap generation with syntax like enum foo:string without space after : (#10498)
* Fixed package search not urlencoding the input (#10500)
* Fixed reinstall command not firing pre-install-cmd/post-install-cmd events (#10514)
* Fixed edge case in path repositories where a symlink: true option would be ignored
on old Windows and old PHP combos (#10482)
* Fixed test suite compatibility with latest symfony/console releases (#10499)
* Fixed some error reporting edge cases (#10484, #10451, #10493)
2.2.5 2022-01-21
* Disabled composer/package-versions-deprecated by default as it can function
using Composer\InstalledVersions at runtime (#10458)
* Fixed artifact repositories crashing if a phar file was present in the directory (#10406)
* Fixed binary proxy issue on PHP <8 when fseek is used on the proxied binary path (#10468)
* Fixed handling of non-string versions in package repositories metadata (#10470)
2.2.4 2022-01-08
* Fixed handling of process timeout when running async processes during installation
* Fixed GitLab API handling when projects have a repository disabled (#10440)
* Fixed reading of environment variables (e.g. APPDATA) containing unicode characters
to workaround a PHP bug on Windows (#10434)
* Fixed partial update issues with path repos missing if a path repo is required by a path repo (#10431)
* Fixed support for sourcing binaries via the new bin proxies (#10389)
* Fixed messaging when GitHub tokens need SSO authorization (#10432)
-------------------------------------------------------------------
Thu Jan 6 16:52:22 UTC 2022 - pgajdos@suse.com
- version update to 2.2.3
2.2.3 2021-12-31
* Fixed issue with PHPUnit and process isolation now including PHPUnit
<6.5 (#10387)
* Fixed interoperability issue with laminas/laminas-zendframework-bridge
and Composer 2.2 (#10401)
* Fixed binary proxies for shell scripts to work correctly when they are
symlinked (jakzal/phpqa#336)
* Fixed overly greedy pool optimization in cases where a locked package
is not required by anything anymore in a partial update (#10405)
2.2.2 2021-12-29
* Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing
the path to the bin-dir for binaries. Packages relying on finding the
bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402)
* Fixed issue when new binary proxies are combined with PHPUnit and process
isolation (#10387)
* Fixed deprecation warnings when using Symfony 5.4+ and requiring
composer/composer itself (#10404)
* Fixed UX of plugin warnings (#10381)
2.2.1 2021-12-22
* Fixed plugin autoloading including files autoload rules from the root
package (#10382)
* Fixed issue parsing php files with unterminated comments found inside
backticks (#10385)
2.2.0 2021-12-22
* Added support for using dev-main as the default path repo package
version if no VCS info is available (#10372)
* Added --no-scripts as a globally supported flag to all Composer commands
to disable scripts execution (#10371)
* Fixed self-update failing in some edge cases due to loading plugins
(#10371)
* Fixed display of conflicts showing the wrong package name in some
conditions (#10355)
2.2.0-RC1 2021-12-08
* Bumped composer-runtime-api and composer-plugin-api to 2.2.0
* UX Change: Added allow-plugins config value to enhance security against
runtime execution, this will prompt you the first time you use a plugin
and may hang pipelines if they aren't using --no-interaction (-n) as they
should (#10314)
* Added an optimization pass to reduce the amount of redundant inspected
during resolution, drastically improving memory and CPU usage (#9261,
#9620)
* Added a global $_composer_autoload_path variable containing the path
to autoload.php for binaries (#10137)
* Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
* Added support for ignoring the upper bound of platform requirements
using "name+" notation e.g. using --ignore-platform-req=php+ would
allow installing a package requiring php: 8.0.* on PHP 8.1, but not on
PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
* Added support for setting platform packages to false in
config.platform to disable/hide them (#10308)
* Added use-parent-dir option to configure the prompt for using
composer.json in upper directory when none is present in current dir
(#10307)
* Added composer platform package which is always the exact version of
Composer running unlike composer-*-api packages (#10313)
* Added a --source flag to config command to show where config values
are loaded from (#10129)
* Added support for files autoloaders in the runtime scripts/plugins
contexts (#10065)
* Added retry behavior on certain http status and curl error codes (#10162)
* Added abandoned flag display in search command output
* Added support for --ignore-platform-reqs in outdated command (#10293)
* Added --only-vendor (-O) flag to search command to search (and return)
vendor names (#10336)
* Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
* Fixed archive command to behave more like git archive, gitignore/hgignore
are not taken into account anymore, and gitattributes support was improved
(#10309)
* Fixed unlocking of replacers when a replaced package is unlocked (#10280)
* Fixed auto-unlocked path repo packages also unlocking their transitive
deps when -w/-W is used (#10157)
* Fixed handling of recursive package links (e.g. requiring or replacing
oneself)
* Fixed env var reads to check $_SERVER and $_ENV before getenv for broader
ecosystem compatibility (#10218)
* Fixed archive command to produce archives with files sorted by name (#10274)
* Fixed VcsRepository issues where server failure could cause missing
tags/branches (#10319)
* Fixed some error reporting issues (#10283, #10339)
-------------------------------------------------------------------
Sat Dec 11 14:22:54 UTC 2021 - Yunhe Guo <i@guoyunhe.me>
- Use update-alternatives
- Update to 2.1.14
* Fixed invalid release build (2.1.13 was deleted as invalid)
* Removed symfony/console ^6 support as we cannot be compatible
until Composer 2.3.0 is released. If you have issues with
Composer required as a dependency + Symfony make sure you stay
on Symfony 5.4 for now. (#10321)
-------------------------------------------------------------------
Wed Nov 10 12:18:57 UTC 2021 - Yunhe Guo <i@guoyunhe.me>
- Obsoletes php-composer (version 1.x)
- Update to 2.1.12
* Fixed issues in proxied binary files relying on __FILE__ / __DIR__
on php <8 (#10261)
* Fixed 9999999-dev being shown in some cases by the show command (#10260)
* Fixed GitHub Actions output escaping regression on PHP 8.1 (#10250)
- Update to 2.1.11
* Fixed issues in proxied binary files when using declare() on php <8 (#10249)
* Fixed GitHub Actions output escaping issues (#10243)
- Update to 2.1.10
* Added type annotations to all classes, which may have an effect on
CI/static analysis for people using Composer as a dependency (#10159)
* Fixed CurlDownloader requesting gzip encoding even when no gzip
support is present (#10153)
* Fixed regression in 2.1.6 where the help command was not working for
plugin commands (#10147)
* Fixed warning showing when an invalid cache dir is configured but
unused (#10125)
* Fixed require command reverting changes even though dependency
resolution succeeded when something fails in scripts for example (#10118)
* Fixed require not finding the right package version when some newly
required extension is missing from the system (#10167)
* Fixed proxied binary file issues, now using output buffering (e1dbd65)
* Fixed and improved error reporting in several edge cases (#9804,
#10136, #10163, #10224, #10209)
* Fixed some more Windows CLI parameter escaping edge cases
- Update to 2.1.9
* Security: Fixed command injection vulnerability on Windows
(GHSA-frqg-7g38-6gcf / CVE-2021-41116)
* Fixed classmap parsing with a new class parser which does not rely
on regexes anymore (#10107)
* Fixed inline git credentials showing up in output in some conditions
(#10115)
* Fixed support for running updates while offline as long as the
cache contains enough information (#10116)
* Fixed show --all foo/bar which as of 2.0.0 was not showing all
versions anymore but only the installed one (#10095)
* Fixed VCS repos ignoring some versions silently when the API rate
limit is reached (#10132)
* Fixed CA bundle to remove the expired Let's Encrypt root CA
-------------------------------------------------------------------
Fri Sep 17 10:41:52 UTC 2021 - pgajdos@suse.com
- requires php-mbstring [bnc#1187416]
-------------------------------------------------------------------
Wed Sep 15 12:49:17 UTC 2021 - Johannes Weberhofer <jweberhofer@weberhofer.at>
- Update to 2.1.8
Fixed regression in 2.1.7 when parsing classmaps in files containing
invalid Unicode (gh#composer/composer#10102)
- Update to 2.1.7
* Added many type annotations internally, which may have an effect on
CI/static analysis for people using Composer as a dependency. This work will
continue in following releases
* Fixed regression in 2.1.6 when parsing classmaps with empty heredocs
(gh#composer/composer#10067)
* Fixed regression in 2.1.6 where list command was not showing plugin
commands (gh#composer/composer#10075)
* Fixed issue handling package updates where the package type changed
(gh#composer/composer#10076)
* Fixed docker being detected as WSL when run inside WSL
(gh#composer/composer#10094)
- Update to 2.1.6
* Updated internal PHAR signatures to be SHA512 instead of SHA1
* Fixed uncaught exception handler regression (gh#composer/composer#10022)
* Fixed more PHP 8.1 deprecation warnings
(gh#composer/composer#10036, gh#composer/composer#10038,
gh#composer/composer#10061)
* Fixed corrupted zips in the cache from blocking installs until a cache
clear, the bad archives are now deleted automatically on first failure
(gh#composer/composer#10028)
* Fixed URL sanitizer handling of new github tokens (gh#composer/composer#10048)
* Fixed issue finding classes with very long heredocs in classmap
autoload (gh#composer/composer#10050)
* Fixed proc_open being required for simple installs from zip, as well as
diagnose (gh#composer/composer#9253)
* Fixed path repository bug causing symlinks to be left behind after a
package is uninstalled (gh#composer/composer#10023)
* Fixed issue in 7-zip support on windows with certain archives
(gh#composer/composer#10058)
* Fixed bootstrapping process to avoid loading the composer.json and
plugins until necessary, speeding things up slightly (gh#composer/composer#10064)
* Fixed lib-openssl detection on FreeBSD (gh#composer/composer#10046)
* Fixed support for ircs:// protocol for support.irc composer.json entries
-------------------------------------------------------------------
Tue Jul 27 12:55:08 UTC 2021 - Klaus Kämpf <kkaempf@suse.com>
- Require php-curl as Composer strongly recommends this.
-------------------------------------------------------------------
Tue Jul 27 12:46:47 UTC 2021 - Klaus Kämpf <kkaempf@suse.com>
- Update to 2.1.5
Mostly bugfixes. See https://github.com/composer/composer/releases
for details.
-------------------------------------------------------------------
Sun Oct 25 23:13:35 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
- Version 2.0.2
* Fixed regression handling composer show -s in projects where no
version can be guessed from VCS
* Fixed regression handling partial updates/require when a lock
file was missing
* Fixed interop issue with plugins that need to update dist URLs
of packages
- Version 2.0.1
* Fixed crash on PHP8
- Version 2.0.0
* Breaking: This is a major release and while we tried to keep things
compatible for most users, you might want to have a look at the
UPGRADE guides
* Many CPU and memory performance improvements
* The update command is now much more deterministic as it does not
take the already installed packages into account
* Package installation now performs all network operations first
before doing any changes on disk, to reduce the chances of ending
up with a partially updated vendor dir
* Partial updates and require/remove are now much faster as they
only load the metadata required for the updated packages
* Added a platform-check step when vendor/autoload.php gets initialized
which checks the current PHP version/extensions match what is
expected and fails hard otherwise. Can be disabled with the
platform-check config option
* Added a Composer\InstalledVersions class which is autoloaded in
every project and lets you check which packages/versions are
present at runtime
* Added a composer-runtime-api virtual package which you can require
(as e.g. ^2.0) to ensure things like the InstalledVersions class
above are present. It will effectively force people to use Composer
2.x to install your project
* Added support for parallel downloads of package metadata and zip
files, this requires that the curl extension is present and we thus
strongly recommend enabling curl
* Added parallel installation of packages (requires OSX/Linux/WSL,
and that unzip is present in PATH)
* Added much clearer dependency resolution error reporting for common
error cases
* Added support for updating to a specific version with partial
updates, as well as a --with flag to pass in temporary constraint
overrides
* Added automatic removal of packages which are not required anymore
whenever an update is done, this will purge packages previously
left over by partial updates and require/remove
* Added support for TTY mode on Linux/OSX/WSL so that script handlers
now run in interactive mode
* Added only, exclude and canonical options to all repositories, see
repository priorities for details
* Added support for many new lib-* packages in the platform repository
and improved version detection for some ext-* and lib-* packages
* Added pre-operations-exec event to be fired before the packages get
installed/upgraded/removed
* Added pre-pool-create event to be fired before the package pool for
the dependency solver is created, which lets you modify the list
of packages going in
* Added post-file-download event to be fired after package dist files
are downloaded, which lets you do additional checks on the files
* Added --locked flag to show command to see the packages from the
composer.lock file
* Added --unused flag to remove command to make sure any packages
which are not needed anymore get removed
* Added --dry-run flag to require and remove commands
* Added --no-install flag to update, require and remove commands to
disable the install step and only do the update step (composer.lock
file update)
* Added an --ask flag to create-project command to make Composer prompt
for the install dir name, useful for project install instructions
* Added support for multiple --repository flags being passed into
the create-project command, only useful in combination with
--add-repository to persist them to composer.json
* Added --with-dependencies and --with-all-dependencies flag aliases
to require and remove commands for consistency with update
* Added shorthand aliases -w for --with-dependencies and -W for
--with-all-dependencies on update/require/remove commands
* Added more info to vendor/composer/installed.json, a dev key stores
whether dev requirements were installed, and every package now has
an install-path key with its install location
* Added COMPOSER_DISABLE_NETWORK which if set makes Composer do its
best to run offline. This can be useful when you have poor
connectivity or to do benchmarking without network jitter
* Added COMPOSER_DEBUG_EVENTS=1 env var support for plugin authors
to figure out which events are triggered when
* Added setCustomCacheKey to PreFileDownloadEvent and fixed a cache
bug for integrations changing the processed url of package archives
* Added Composer\Util\SyncHelper for plugin authors to deal with
async Promises more easily
* Added $composer->getLoop()->getHttpDownloader() to get access to
the main HttpDownloader instance in plugins
* Added --json and --merge flags to config command to allow editing
complex extra.* values by using json as input
* Added confirmation prompt when running Composer as superuser in
interactive mode
* Added --no-check-version to validate command to remove the warning
in case the version is defined
* Added --ignore-platform-req (without s) to all commands supporting
--ignore-platform-reqs, which accepts a package name so you can
ignore only specific platform requirements
* Added --no-dev support to show and outdated commands to skip dev
requirements
* Added --format=summary flag to license command
* Added a cache-read-only config option to make the cache usable in
read only mode for containers and such
* Added support for wildcards (*) in classmap autoloader paths
* Added support for configuring GitLab deploy tokens in addition to
private tokens, see gitlab-token
* Added support for package version guessing for require and init
command to take all platform packages into account, not just php
version
* Added support for tar in artifact repositories
* Added a non-zero exit code (2) and warning to remove command when
a package to be removed could not be removed
* Added --apcu-autoloader-prefix (or --apcu-prefix for dump-autoload
command) flag to let people use apcu autoloading in a deterministic
output way if that is needed
* Fixed package ordering when autoloading and especially when loading
plugins, to make sure dependencies are loaded before their dependents
* Fixed suggest output being very spammy, it now is only one line
long and shows more rarely
* Fixed conflict rules like e.g. >=5 from matching dev-master, as
it is not normalized to 9999999-dev internally anymore
* Fixed solver bug resulting in endless loops in some cases
* Lots of minor bug fixes and improvements
