0590c66537
- Update to version 2.8.8 - Fixed json schema issues with version validation - Fixed issues running on 32bit machines - Update to version 2.8.7 - Added COMPOSER_MAX_PARALLEL_PROCESS env var to control max amount of parallel processes Composer will start - Added zstd/brotli presence in diagnose command output - Fixed error handler to avoid spamming deprecation notices - Fixed InstalledVersions returning duplicate data at Composer runtime - Fixed handling of --with ... constraints to make them apply to packages replaced a package with a different name - Fixed deprecation warnings showing up in IDE code inspections within the vendor dir - Fixed a few json schema completeness issues - Fixed issue autoloading files with a .phar inside the path - Update to version 2.8.6 - Added COMPOSER_WITH_DEPENDENCIES and COMPOSER_WITH_ALL_DEPENDENCIES env vars to enable the --with[-all]-dependencies flags - Added COMPOSER_SKIP_SCRIPTS env var to tell Composer to skip certain script handlers by script names (comma separated) - Fixed handling of backslash in folder names when creating archives - Fixed detection of containerd for containers to avoid warning about root usage - Update to version 2.8.5 - Fixed InstalledVersions regression from 2.8.4 when reload() is used - Fixed psr-0/psr-4 rules having unstable order in vendor/composer/autoload*.php - Fixed a few warnings happening incorrectly in edge cases - Update to version 2.8.4 - Fixed exit code of the audit command not being meaningful (now 1 for vulnerabilities and 2 for abandoned, 3 for both) - Fixed issue on plugin upgrade when it defines multiple classes - Fixed duplicate errors appearing in the output depending on php settings - Fixed InstalledVersions returning duplicate data in some instances - Fixed installed.php sorting to be deterministic - Fixed bump-after-update failing when using inline constraints - Fixed create-project command to now disable symlinking when used with a path repo as argument - Fixed validate --no-check-publish to hide publish errors entirely as they are irrelevant - Fixed audit command returning a failing code when composer audit fails as this should not trigger build failures, but running audit as standard part of your build is probably a terrible idea anyway - Fixed curl usage to disable multiplexing on broken versions when proxies are in use - Update to version 2.8.3 - Fixed react/promise requirement to allow 2.x installs again - Fixed some issues when lock:false is set in require and bump commands - Update to version 2.8.2 - Fixed crash while suggesting providers if they have no description - Fixed issues creating lock files violating the schema in some circumstances - Fixed create-project regression in 2.8.1 when using path repos with relative paths - Fixed ctrl-C aborts not working inside text prompts - Fixed git failing silently when git cannot read a repo due to ownership violations - Fixed handling of signals in non-PHP binaries run via proxies - Update to version 2.8.1 - Fixed init command regression when no license is provided - Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues - Fixed create-project to inherit the target folder's permissions for installed project files - Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly - Update to version 2.8.0 - BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes - Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer - Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting - Added --ignore-severity flag to the audit command to ignore one or more advisory severities - Added --bump-after-update flag to the update command to run bump after the update is done - Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs - Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies - Added a JSON schema for the composer.lock file - Added better support for Bitbucket app passwords when cloning repos / installing from source - Added --type flag to filter packages by type(s) in the reinstall command - Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found - Added warning in dump-autoload when vendor files have been deleted - Added warnings for each missing platform package when running create-project to avoid having to run it again and again - Added sorting of packages in allow-plugins when sort-packages is enabled - Added suggestion of provider packages / polyfills when an ext or lib package is missing - Improved interactive package update selection by first outputting all packages and their possible updates - Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way - Fixed PHP 8.4 deprecation warnings about E_STRICT - Fixed init command to validate the given license identifier - Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches - Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 - Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs - Fixed php://stdin potentially being open several times when running Composer programmatically - Fixed handling of platform packages in why-not command and partial updates - Added source signature and keyring
Petr Gajdos2025-04-17 10:59:22 +00:00
942d8100ef
Accepting request 1223669 from server:php:applications
Ana Guerrero2024-11-12 18:24:11 +00:00
47b56323b3
Accepting request 1149085 from server:php:applications
Ana Guerrero2024-02-22 19:59:25 +00:00
8ad381ac8e
Accepting request 1148935 from home:comrad:branches:openSUSE:Factory
Petr Gajdos2024-02-22 08:24:45 +00:00
ee6bf0ea74
Accepting request 1146367 from server:php:applications
Ana Guerrero2024-02-13 21:44:16 +00:00
5761df88bc
- version update to 2.7.1 [bsc#1219757] CVE-2024-24821
Petr Gajdos2024-02-12 10:18:59 +00:00
0e18abde92
- version update to 2.7.1 2.7.1 * Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 (#11842) * Fixed diagnose auditing of Composer dependencies failing when running from the phar 2.7.0 * Security: Fixed code execution and possible privilege escalation via compromised vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821) * Changed the default of the audit.abandoned config setting to fail, set it to report or ignore if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED env var (#11643) * Added --minimal-changes (-m) flag to update/require/remove commands to perform partial update with --with-dependencies while changing only what is absolutely necessary in transitive dependencies (#11665) * Added --sort-by-age (-A) flag to outdated/show commands to allow sorting by and displaying the release date (most outdated first) (#11762) * Added support for --self combined with --installed or --locked in show command, to add the root package to the package list being output (#11785) * Added severity information to audit command output (#11702) * Added scripts-aliases top level key in composer.json to define aliases for custom scripts you defined (#11666) * Added IPv4 fallback on connection timeout, as well as a COMPOSER_IPRESOLVE env var to force IPv4 or IPv6, set it to 4 or 6 (#11791) * Added support for wildcards in outdated's --ignore arg (#11831) * Added support for bump command bumping * to >=current version (#11694) * Added detection of constraints that cannot possibly match anything to validate command (#11829) * Added package source information to the output of install when running in very verbose (-vv) mode (#11763) * Added audit of Composer's own bundled dependencies in diagnose command (#11761) * Added GitHub token expiration date to diagnose command output (#11688) * Added non-zero status code to why/why-not commands (#11796) * Added error when calling show --direct <package> with an indirect/transitive dependency (#11728) * Added COMPOSER_FUND=0 env var to hide calls for funding (#11779) * Fixed bump command not bumping packages required with a v prefix (#11764)
Petr Gajdos2024-02-12 10:16:56 +00:00
a953ccfc79
Accepting request 1117489 from server:php:applications
Ana Guerrero2023-10-12 21:44:34 +00:00
6ad30507ee
Accepting request 1117487 from home:Ishwon
Petr Gajdos2023-10-12 15:46:18 +00:00
bdbfa109a4
Accepting request 1114950 from server:php:applications
Ana Guerrero2023-10-04 20:31:30 +00:00
348c056ef9
Accepting request 1114790 from home:pgajdos
Petr Gajdos2023-10-03 08:38:10 +00:00
a1a648edbf
Accepting request 1112968 from server:php:applications
Ana Guerrero2023-09-22 19:49:43 +00:00
e754ae86d5
- Update to version 2.5.4 * Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318) - Update to version 2.5.3 * Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)
Yunhe Guo2023-02-15 15:11:24 +00:00
28d4031815
- Update to version 2.5.2 * Added warning when require auto-selects a feature branch as that is probably not desired (#11270) * Fixed self.version requirements reporting lock file integrity errors when changing branches (#11283) * Fixed require regression which broke the --fixed flag (#11247) * Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281) * Fixed autoloading regression on PHP 5.6 (#11285) * Fixed archive command including an existing archive into itself if run repeatedly (#11239) * Fixed dev package prompt in require not appearing in some conditions (#11287)
Yunhe Guo2023-02-04 14:13:01 +00:00
4b94f8c5d4
- Update to version 2.5.1 * Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237) * Fixed preg type error in svn version guessing (#11231)
Yunhe Guo2022-12-25 05:15:45 +00:00
8c7ed665f7
- Update to version 2.5.0 * BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015) * Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160) * Improved version selection in archive command (#11230) * Added autocompletion of config option names in the config command (#11130) * Added support for writing [custom commands as Command classes](https://getcomposer.org/doc/articles/scripts.md#writing-custom-commands) (#11151) * Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195) * Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113) * Added support for bump command to bump >=x to >=installed-version (#11179) * Added --download-only flag to install command to only download and prime the cache with the package archives (#11041) * Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062) * Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085) * Added interactive prompt to run-script and exec commands if run without any argument (#11157) * Added interactive prompt where to store credentials when a project-local auth.json exists (#11188) * Fixed full disk warning to be shown when less than 100MiB is available (#11190) * Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229) * Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)
Yunhe Guo2022-12-21 12:32:42 +00:00
e01dc0263a
- Update to version 2.4.4 * Added extra debug output when a zip extraction fails while on GitHub Actions (#11148) * Fixed cache write failures when the cache dir gets removed during a composer run (#11076) * Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077) * Fixed --dry-run flag missing from bump command (#11047) * Fixed status command reporting differences when the source ref is a tag (#11155) * Fixed outdated command outputting legend on stdout instead of stderr * Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137) - Update to version 2.4.3 * BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120) * Fixed json format of audit command which was missing affectedVersions (#11120) * Fixed plugin commands not being loaded during bash completions (#11074) * Fixed parsing of inline aliases within complex constraints with || or , (#11086) * Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091) * Fixed JsonFile reading files without checking if they are readable first (#11077) * Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
Yunhe Guo2022-11-06 11:46:06 +00:00
3d75fb16c9
- Update to version 2.4.2 * Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024) * Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive * Fixed package filter on bump command (#11053) * Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037) * Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0 * Fixed handling of zero-major versions in outdated command with --major-only (#11032) * Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046) * Fixed a few strict type errors - Update to version 2.4.1 * Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998) * Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000) * Fixed local git repos being copied to cache unnecessarily (#11001) * Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004) - Update to version 2.4.0 * Added bash completions for Composer commands, package names, etc (see how to setup) (#10320) * Added bump command to bump requirements to the currently installed version (#10829) * Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898)
Yunhe Guo2022-09-25 06:33:06 +00:00
3e1bacc24d
Accepting request 990767 from server:php:applications
Richard Brown2022-07-26 17:43:38 +00:00
4f0b754270
- Update to version 2.3.10 * Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935) * Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928) * Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925) * Fixed support for disable_functions containing disk_free_space (#10936) * Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940) - Update to version 2.3.9 * Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#10920) * Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#10920) * Fixed deprecation notice (#10921) * Fixed type errors (#10924)
Yunhe Guo2022-07-16 06:33:41 +00:00
ed896b83a3
- Update to version 2.3.8 * Fixed support for cache-read-only where the filesystem is not writable (#10906) * Fixed type error when using allow-plugins: true (#10909) * Fixed @putenv scripts receiving arguments passed to the command (#10846) * Fixed support for spaces in paths with binary proxies on Windows (#10836) * Fixed type error in GitDownloader if branches cannot be listed (#10888) * Fixed RootPackageInterface issue on PHP 5.3.3 (#10895) * Fixed type errors (#10904, #10897)
Yunhe Guo2022-07-02 06:04:43 +00:00
5b929af7be
- Update to version 2.3.7 * Fixed a few PHPStan ConfigReturnTypeExtension bugs * Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#10814) * Fixed handling of broken symlinks when checking whether a package is still installed (#6708) * Fixed bin proxies to allow a proxy to include another one safely (#10823) * Fixed openssl 3.x version parsing as it is now semver compliant * Fixed type error when a json file cannot be read (#10818) * Fixed parsing of multi-line arrays in funding.yml (#10784)
Yunhe Guo2022-06-11 09:29:29 +00:00
f69c77fe4d
- Update to version 2.3.6 * Added Composer\PHPStan\ConfigReturnTypeExtension to improve return types of Config::get() which you can also use in plugins CI (#10635) * Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811) * Fixed unnecessary HTTP request in BitbucketDriver (#10729) * Fixed invalid credentials loop when setting up GitLab token (#10748) * Fixed PHP 8.2 deprecations (#10766) * Fixed lock file changes being output even when the lock file creation is disabled * Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763) * Fixed quoting of commas on Windows (#10775) * Fixed issue installing path repos with a disabled symlink function (#10786) * Fixed various type errors (#10753, #10739, #10751)
Yunhe Guo2022-06-03 07:03:17 +00:00
5df592d40d
- Update to version 2.3.3 * Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682) * Added missing config.bitbucket-oauth in composer-schema.json * Fixed type errors in SvnDriver (#10681) * Fixed --version output to match the pre-2.3 one (#10684) * Fixed config/auth.json files not being validated against the composer-schema.json (#10685) * Fixed generation of autoload crashing if a package has a broken path (#10688) * Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687) * Updated semver, jsonlint deps for minor fixes * Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651) - Update to version 2.3.2 * Fixed type error when running exec command (#10672) * Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#10648) * Fixed type error in ComposerRepository (#10675) * Fixed issues loading platform packages where the version of a library cannot be established (#10631) - Update to version 2.3.1 * Fixed type error when HOME env var is not set (#10670) - Update to version 2.3.0 * Fixed many strict types errors (#10646, #10642, #10647, #10658, #10656, #10665, #10660, #10663, #10662) * Fixed invalid return value in ComposerRepository::findPackage (#10622) * Fixed many show command issues due to a flipped condition
Yunhe Guo2022-04-03 07:50:53 +00:00
225b9c7e5b
- Update to version 2.2.6 * BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for binaries added in Composer 2.2.2 had to be renamed to COMPOSER_RUNTIME_BIN_DIR (#10512) * Fixed enum parsing in classmap generation with syntax like enum foo:string without space after : (#10498) * Fixed package search not urlencoding the input (#10500) * Fixed reinstall command not firing pre-install-cmd/post-install-cmd events (#10514) * Fixed edge case in path repositories where a symlink: true option would be ignored on old Windows and old PHP combos (#10482) * Fixed test suite compatibility with latest symfony/console releases (#10499) * Fixed some error reporting edge cases (#10484, #10451, #10493) - Update to version 2.2.5 * Disabled composer/package-versions-deprecated by default as it can function using Composer\InstalledVersions at runtime (#10458) * Fixed artifact repositories crashing if a phar file was present in the directory (#10406) * Fixed binary proxy issue on PHP <8 when fseek is used on the proxied binary path (#10468) * Fixed handling of non-string versions in package repositories metadata (#10470) - Update to version 2.2.4 * Fixed handling of process timeout when running async processes during installation * Fixed GitLab API handling when projects have a repository disabled (#10440) * Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#10434)
Yunhe Guo2022-02-19 03:52:32 +00:00
Dominique Leuenberger
Petr Gajdos
Ana Guerrero
Yunhe Guo
Richard Brown
Johannes Weberhofer
Ralf Lang