Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
|
8645eba557 |
BIN
composer.phar
LFS
BIN
composer.phar
LFS
Binary file not shown.
Binary file not shown.
@@ -1,3 +1,107 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 15 13:17:09 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
- version update to 2.9.3
|
||||
* Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
|
||||
* Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected (#12677)
|
||||
* Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645)
|
||||
* Fixed client-certificate authentication implementation (#12667)
|
||||
* Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694)
|
||||
* Fixed crash when --bump-after-update is used and the lock file is disabled (#12660)
|
||||
* Fixed support for SecureTransport + LibreSSL on macOS (#12615)
|
||||
* Fixed display of reasons for why advisories are ignored (#12668)
|
||||
* Fixed compatibility issues when git has log.showSignature enabled (#12666)
|
||||
* Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662)
|
||||
* Fixed EventDispatcher requiring a full Composer instance to function (#12629)
|
||||
- fixes [bsc#1255768]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 22 13:40:32 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
- version update to 2.9.2
|
||||
* Added new --no-security-blocking flag to disable/configure security blocking (#12617)
|
||||
* Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
|
||||
* Fixed config command not being able to set the new audit settings (#12609)
|
||||
* Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
|
||||
* Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)
|
||||
- version update to 2.9.1
|
||||
* Fixed regression in phpunit binary proxies (#12601)
|
||||
* Fixed script handler autoloading issues (#12606)
|
||||
* Fixed null call of Command::setDescription in some cases (#12605)
|
||||
* Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)
|
||||
- version update to 2.9.0
|
||||
* Bumped composer-plugin-api to 2.9.0
|
||||
* Added automatic blocking of packages with security advisories from updates (#11956)
|
||||
* Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
|
||||
* Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
|
||||
* Added audit > ignore-abandoned config setting to ignore some packages (#12572)
|
||||
* Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
|
||||
* Added repository command to add, remove, or update repositories more easily (#12388)
|
||||
* Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
|
||||
* Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
|
||||
* Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
|
||||
* Added support for forgejo / codeberg.org repositories (#12307)
|
||||
* Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
|
||||
* Added support for HTTP/3 if libcurl supports it (#12363)
|
||||
* Added support for custom header authentication (#12372)
|
||||
* Added support for client TLS certificates (#12406)
|
||||
* Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595)
|
||||
* Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473)
|
||||
* Added support for running init without interaction (#12546)
|
||||
* Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585)
|
||||
* Added support for Windows Sudo to elevate during self-update (#12543)
|
||||
* Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456)
|
||||
* Fixed display of dist refs for dev versions when source is missing (#12562)
|
||||
* Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423)
|
||||
* Fixed compatibility issues with Symfony 7
|
||||
* Fixed issues with PHP preloading being hard to debug (#12528)
|
||||
- version update to 2.9.0rc1
|
||||
* Bumped composer-plugin-api to 2.9.0
|
||||
* Added automatic blocking of packages with security advisories from updates (#11956)
|
||||
* Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
|
||||
* Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
|
||||
* Added audit > ignore-abandoned config setting to ignore some packages (#12572)
|
||||
* Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
|
||||
* Added repository command to add, remove, or update repositories more easily (#12388)
|
||||
* Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
|
||||
* Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
|
||||
* Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
|
||||
* Added support for forgejo / codeberg.org repositories (#12307)
|
||||
* Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
|
||||
* Added support for HTTP/3 if libcurl supports it (#12363)
|
||||
* Added support for custom header authentication (#12372)
|
||||
* Added support for client TLS certificates (#12406)
|
||||
* Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595)
|
||||
* Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473)
|
||||
* Added support for running init without interaction (#12546)
|
||||
* Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585)
|
||||
* Added support for Windows Sudo to elevate during self-update (#12543)
|
||||
* Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456)
|
||||
* Fixed display of dist refs for dev versions when source is missing (#12562)
|
||||
* Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423)
|
||||
* Fixed compatibility issues with Symfony 7
|
||||
* Fixed issues with PHP preloading being hard to debug (#12528)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 6 19:20:01 UTC 2025 - Ferdinand Thiessen <rpm@fthiessen.de>
|
||||
|
||||
- version update to 2.8.12
|
||||
* Fixed json schema issues with version validation
|
||||
* Fixed support for Bitbucket API tokens
|
||||
* Fixed handling of spaces in paths when using binaries
|
||||
* Fixed config --global path resolution issue
|
||||
* Reduced peak memory usage while loading packages
|
||||
* Dropped react/promise 2.x support
|
||||
- version update to 2.8.11
|
||||
* Fixed bump command handling
|
||||
* Fixed psr-4 warnings being shown when using symlinked directories
|
||||
* Fixed audit command failing hard if any advisory constraint was invalid
|
||||
- version update to 2.8.10
|
||||
* Fixed plugins appearing loaded despite not being loaded yet
|
||||
* Fixed forward compatibility with Symfony 7.4
|
||||
* Fixed deprecation warning on PHP 8.4 when platform check fails
|
||||
* Fixed json schema issues with version validation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 2 10:49:10 UTC 2025 - pgajdos@suse.com
|
||||
|
||||
|
||||
@@ -1,7 +1,8 @@
|
||||
#
|
||||
# spec file for package php-composer2
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2026 SUSE LLC
|
||||
# Copyright (c) 2025 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -17,7 +18,7 @@
|
||||
|
||||
|
||||
Name: php-composer2
|
||||
Version: 2.8.9
|
||||
Version: 2.9.3
|
||||
Release: 0
|
||||
Summary: Dependency Management for PHP
|
||||
License: MIT
|
||||
|
||||
Reference in New Issue
Block a user