File php-composer.changes of Package php-composer
-------------------------------------------------------------------
Tue Sep 20 12:26:25 UTC 2016 - jweberhofer@weberhofer.at
- version 1.2.1
* Fixed edge case issues with the static autoloader
* Minor fixes
-------------------------------------------------------------------
Sat Sep 10 06:52:54 UTC 2016 - jweberhofer@weberhofer.at
- version 1.2.0
* Security: Fixed httpoxy vulnerability. This only affects people using
Composer outside of the CLI
* Added caching of git repositories if you have git 2.3+ installed.
Repositories will now be cached once and then cloned from local cache so
subsequent installs should be faster
* Added detection of HEAD changes to the status command. If you git checkout X
in a vendor directory for example it will tell you that it is not at the
version that was installed
* Added a virtual php-ipv6 extension to require PHP compiled with IPv6 support
* Added --no-suggest to install and update commands to skip output of suggestions at the end
* Added --type to the search command to restrict to a given package type
* Added fossil support as alternative to git/svn/.. for package downloads
* Improved BitBucket OAuth support
* Added support for blocking cache operations using
COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
* Added support for using declare(strict_types=1) in plugins
* Added --prefer-stable and --prefer-lowest to the require command
* Added --no-scripts to the require and remove commands
* Added _comment top level key to the schema to endorse using it as a place
to store comments (it can be a string or array of strings)
* Added support for justinrainbow/json-schema 2.0
* Fixed binaries not being re-installed if deleted by users or the bin-dir
changes. update and install will now re-install them
* Fixed home command to avoid rogue output on unix
* Many minor UX and docs improvements
-------------------------------------------------------------------
Tue Jul 5 12:25:10 UTC 2016 - jweberhofer@weberhofer.at
- version 1.1.3
* Fixed bitbucket oauth instructions
* Fixed version parsing issue
* Fixed handling of bad proxies that modify JSON content on the fly
- version 1.1.2
* Fixed degraded mode issue when accessing packagist.org
* Fixed GitHub access_token being added on subsequent requests in case of
redirections
* Fixed exclude-from-classmap not working in some circumstances
* Fixed openssl warning preventing the use of config command for disabling
tls
- version 1.1.1
* Fixed regression in handling of #reference which made it update every time
* Fixed dev platform requirements being required even in --no-dev install
from a lock file
* Fixed parsing of extension versions that do not follow valid numbers, we
now try to parse x.y.z and ignore the rest
* Fixed exact constraints warnings appearing for 0.x versions
* Fixed regression in the remove command
- version 1.1.0
* Added ability for plugins to register their own composer commands
* Added BaseCommand::isProxyCommand that can be overriden to mark a command
as being a mere proxy, which helps avoid duplicate warnings etc on composer
startup
* Optimized the autoloader initialization using static loading on PHP 5.6 and
above, this reduces the load time for large classmaps to almost nothing
* Added --latest to show command to show the latest version available of your
dependencies
* Added --outdated to show command an composer outdated alias for it, to show
only packages in need of update
* Added --direct to show and outdated commands to show only your direct
dependencies in the listing
* Added support for editing all top-level properties (name,
minimum-stability, ...) as well as extra values via the config command
* Added abandoned state warning to the show and outdated commands when
listing latest packages
* Added support for ~/ and $HOME/ in the path repository paths
* Added support for wildcards in the show command package filter, e.g.
composer show seld/*
* Added ability to call composer itself from scripts via @composer ...
* Added untracked files detection to the status command
* Added warning to validate command when using exact-version requires
* Added warning once per domain when accessing insecure URLs with secure-http
disabled
* Added a dependency on composer/ca-bundle (extracted CA bundle management to
a standalone lib)
* Added support for empty directories when archiving to tar
* Added an init event for plugins to react to, which occurs right after a
Composer instance is fully initialized
* Added fallback to SSH for https bitbucket URLs
* Added many new detections of problems in the why-not/prohibits command to
figure out why something does not get installed in the expected version
* Added a deprecation notice for script event listeners that use legacy
script classes
* Fixed abandoned state not showing up if you had a package installed before
it was marked abandoned
* Fixed --no-dev updates creating an incomplete lock file, everything is now
always resolved on update
* Fixed partial updates in case the vendor dir was not up to date with the
lock file
* Fixed archiving generating long paths in zip files on Windows
- version 1.0.3
* Security: Fixed possible command injection from the env vars into our sudo
detection
* Fixed interactive authentication with gitlab
* Fixed class name replacement in plugins
* Fixed classmap generation mistakenly detecting anonymous classes
* Fixed auto-detection of stability flags in complex constraints like
2.0-dev || ^1.5
* Fixed content-length handling when redirecting to very small responses
- version 1.0.2
* Fixed regression in 1.0.1 on systems with mbstring.func_overload enabled
* Fixed regression in 1.0.1 that made dev packages update to the latest
reference even if not whitelisted in a partial update
* Fixed init command ignoring the COMPOSER env var for choosing the json file
name
* Fixed error reporting bug when the dependency resolution fails
* Fixed handling of $ sign in composer config command in some cases it could
* corrupt the json file
- version 1.0.1
* Fixed URL updating when a package's URL changes, composer.lock now contains
the right URL including correct reference
* Fixed URL updating of the origin git remote as well for packages installed
as git clone
* Fixed binary .bat files generated from linux being incompatible with
windows cmd
* Fixed handling of paths with trailing slashes in path repository
* Fixed create-project not using platform config when selecting a package
* Fixed self-update not showing the channel it uses to perform the update
* Fixed file downloads not failing loudly when the content does not match the
Content-Length header
* Fixed secure-http detecting some malformed URLs as insecure
* Updated CA bundle
-------------------------------------------------------------------
Wed Apr 6 06:03:57 UTC 2016 - jimmy@boombatower.com
- version 1.0.0
* Added support for bitbucket-oauth configuration
* Added warning when running composer as super user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must
* Added PluginManager::getGlobalComposer getter to retrieve the global instance (which can be null!)
* Fixed dependency solver error reporting in many cases it now shows you proper errors instead of just saying a package does not exist
* Fixed output of failed downloads appearing as 100% done instead of Failed
* Fixed handling of empty directories when archiving, they are not skipped anymore
* Fixed installation of broken plugins corrupting the vendor state when combined with symlinked path repositories
-------------------------------------------------------------------
Wed Dec 9 09:06:26 UTC 2015 - jimmy@boombatower.com
- Utilize php version agnostic packages to be compatible with php7.
-------------------------------------------------------------------
Sun Nov 15 10:00:58 UTC 2015 - kkaempf@suse.com
- Fix version: indicate alpha release via ~ (tilde)
- Add php5-json dependency
- version 1.0.0-alpha11
* Added config.platform to let you specify what your target environment
looks like and make sure you do not inadvertently install dependencies
that would break it
* Added exclude-from-classmap in the autoload config that lets you
ignore sub-paths of classmapped directories, or psr-0/4 directories
when building optimized autoloaders
* Added path repository type to install/symlink packages from local paths
* Added possibility to reference script handlers from within other
handlers using @script-name to reduce duplication
* Added suggests command to show what packages are suggested, use -v to
see more details
* Added content-hash inside the composer.lock to restrict the warnings
about outdated lock file to some specific changes in the composer.json
file
* Added archive-format and archive-dir config options to specify default
values for the archive command
* Added --classmap-authoritative to install, update, require, remove and
dump-autoload commands, forcing the optimized classmap to be
authoritative
* Added -A / --with-dependencies to the validate command to allow
validating all your dependencies recursively
* Added --strict to the validate command to treat any warning as an
error that then returns a non-zero exit code
* Added a dependency on composer/semver, which is the externalized lib
for all the version constraints parsing and handling
* Added support for classmap autoloading to load plugin classes and
script handlers
* Added bin-compat config option that if set to full will create .bat
proxy for binaries even if Compoesr runs in a linux VM
* Added SPDX 2.0 support, and externalized that in a
composer/spdx-licenses lib
* Added warnings when the classmap autoloader finds duplicate classes
* Added --file to the archive command to choose the filename
* Added Ctrl+C handling in create-project to cancel the operation cleanly
* Fixed version guessing to use ^ always, default to stable versions,
and avoid versions that require a higher php version than you have
* Fixed the lock file switching back and forth between old and new URL
when a package URL is changed and many people run updates
* Fixed partial updates updating things they shouldn't when the current
vendor dir was out of date with the lock file
* Fixed PHAR file creation to be more reproducible and always generate
the exact same phar file from a given source
* Fixed issue when checking out git branches or tags that are also the
name of a file in the repo
* Many minor fixes and documentation additions and UX improvements
-------------------------------------------------------------------
Wed Aug 26 14:20:11 UTC 2015 - jweberhofer@weberhofer.at
- Fixed download location
-------------------------------------------------------------------
Tue Jun 16 11:34:18 UTC 2015 - jweberhofer@weberhofer.at
- php5-openssl is reuired, too.
-------------------------------------------------------------------
Tue May 26 13:51:25 UTC 2015 - jweberhofer@weberhofer.at
- php5-phar is required
-------------------------------------------------------------------
Tue Apr 28 16:23:39 UTC 2015 - jweberhofer@weberhofer.at
- Renamed package
- Added license
-------------------------------------------------------------------
Mon Apr 27 15:15:28 UTC 2015 - jweberhofer@weberhofer.at
- version 1.0.0-alpha10
* Break: The following event classes are deprecated and you should update
your script handlers to use the new ones in type hints:
- Composer\Script\CommandEvent is deprecated, use Composer\Script\Event
- Composer\Script\PackageEvent is deprecated, use
Composer\Installer\PackageEvent
* Break: Output is now split between stdout and stderr. Any irrelevant output
to each command is on stderr as per unix best practices.
* Added support for npm-style semver operators (^ and - ranges, (space) =
AND, || = OR)
* Added --prefer-lowest to update command to allow testing a package with the
lowest declared dependencies
* Added support for parsing semver build metadata +anything at the end of
versions
* Added --sort-packages option to require command for sorting dependencies
* Added --no-autoloader to install and update commands to skip autoload
generation
* Added --list to run-script command to see available scripts
* Added --absolute to config command to get back absolute paths
* Added classmap-authoritative config option, if enabled only the classmap
info will be used by the composer autoloader
* Added support for branch-alias on numeric branches
* Added support for the https_proxy/HTTPS_PROXY env vars used only for https
URLs
* Added support for using real composer repos as local paths in
create-project command
* Added --no-dev to licenses command
* Added support for PHP 7.0 nightly builds
* Fixed detection of stability when parsing multiple constraints
* Fixed installs from lock file containing updated composer.json requirement
* Fixed the autoloader suffix in vendor/autoload.php changing in every build
* Many minor fixes, documentation additions and UX improvements
-------------------------------------------------------------------
Wed Jan 7 15:56:17 UTC 2015 - jweberhofer@weberhofer.at
- version 1.0.0-alpha9
* Added remove command to do the reverse of require
* Added --ignore-platform-reqs to install/update commands to install even
if you are missing a php extension or have an invalid php version
* Added a warning when abandoned packages are being installed
* Added auto-selection of the version constraint in the require command,
which can now be used simply as composer require foo/bar
* Added ability to define custom composer commands using scripts
* Added browse command to open a browser to the given package's repo URL
(or homepage with -H)
* Added an autoload-dev section to declare dev-only autoload
rules + a --no-dev flag to dump-autoload
* Added an auth.json file, with store-auths config option
* Added a http-basic config option to store login/pwds to hosts
* Added failover to source/dist and vice-versa in case a download method
fails
* Added --path (-P) flag to the show command to see the install path of
packages
* Added --update-with-dependencies and --update-no-dev flags to the require
command
* Added optimize-autoloader config option to force the -o flag from the
config
* Added clear-cache command
* Added a GzipDownloader to download single gzipped files
* Added ssh support in the github-protocols config option
* Added pre-dependencies-solving and post-dependencies-solving events
* Added pre-archive-cmd and post-archive-cmd script events to the archive
command
* Added a no-api flag to GitHub VCS repos to skip the API but still get zip
downloads
* Added http-basic auth support for private git repos not on github
* Added support for autoloading .hh files when running HHVM
* Added support for PHP 5.6
* Added support for OTP auth when retrieving a GitHub API key
* Fixed isolation of files autoloaded scripts to ensure they can not affect
anything
* Improved performance of solving dependencies
* Improved SVN and Perforce support
* A boatload of minor fixes, documentation additions and UX improvements
-------------------------------------------------------------------
Sat Jul 19 10:53:46 UTC 2014 - lang@b1-systems.de
- version 1.0.0-alpha8
Break: The install command now has --dev enabled by default. --no-dev can be used to install without dev requirements
Added composer-plugin package type to allow extensibility, and deprecated composer-installer
Added psr-4 autoloading support and deprecated target-dir since it is a better alternative
Added --no-plugins flag to replace --no-custom-installers where available
Added global command to operate Composer in a user-global directory
Added licenses command to list the license of all your dependencies
Added pre-status-cmd and post-status-cmd script events to the status command
Added post-root-package-install and post-create-project-cmd script events to the create-project command
Added pre-autoload-dump script event
Added --rollback flag to self-update
Added --no-install flag to create-project to skip installing the dependencies
Added a hhvm platform package to require Facebook's HHVM implementation of PHP
Added github-domains config option to allow using GitHub Enterprise with Composer's GitHub support
Added prepend-autoloader config option to allow appending Composer's autoloader instead of the default prepend behavior
Added Perforce support to the VCS repository
Added a vendor/composer/autoload_files.php file that lists all files being included by the files autoloader
Added support for the no_proxy env var and other proxy support improvements
Added many robustness tweaks to make sure zip downloads work more consistently and corrupted caches are invalidated
Added the release date to composer -V output
Added autoloader-suffix config option to allow overriding the randomly generated autoloader class suffix
Fixed BitBucket API usage
Fixed parsing of inferred stability flags that are more stable than the minimum stability
Fixed installation order of plugins/custom installers
Fixed tilde and wildcard version constraints to be more intuitive regarding stabilities
Fixed handling of target-dir changes when updating packages
Improved performance of the class loader
Improved memory usage and performance of solving dependencies
Tons of minor bug fixes and improvements
-------------------------------------------------------------------
Sun May 19 21:30:03 UTC 2013 - jweberhofer@weberhofer.at
- Upgraded to version 1.0.0-alpha7
-------------------------------------------------------------------
Wed Mar 6 10:36:52 UTC 2013 - jweberhofer@weberhofer.at
- Initial release 1.0.0-alpha6