|
|
|
|
@@ -1,3 +1,90 @@
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 22 13:40:32 UTC 2025 - Petr Gajdos <pgajdos@suse.com>
|
|
|
|
|
|
|
|
|
|
- version update to 2.9.2
|
|
|
|
|
* Added new --no-security-blocking flag to disable/configure security blocking (#12617)
|
|
|
|
|
* Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
|
|
|
|
|
* Fixed config command not being able to set the new audit settings (#12609)
|
|
|
|
|
* Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
|
|
|
|
|
* Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)
|
|
|
|
|
- version update to 2.9.1
|
|
|
|
|
* Fixed regression in phpunit binary proxies (#12601)
|
|
|
|
|
* Fixed script handler autoloading issues (#12606)
|
|
|
|
|
* Fixed null call of Command::setDescription in some cases (#12605)
|
|
|
|
|
* Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)
|
|
|
|
|
- version update to 2.9.0
|
|
|
|
|
* Bumped composer-plugin-api to 2.9.0
|
|
|
|
|
* Added automatic blocking of packages with security advisories from updates (#11956)
|
|
|
|
|
* Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
|
|
|
|
|
* Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
|
|
|
|
|
* Added audit > ignore-abandoned config setting to ignore some packages (#12572)
|
|
|
|
|
* Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
|
|
|
|
|
* Added repository command to add, remove, or update repositories more easily (#12388)
|
|
|
|
|
* Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
|
|
|
|
|
* Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
|
|
|
|
|
* Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
|
|
|
|
|
* Added support for forgejo / codeberg.org repositories (#12307)
|
|
|
|
|
* Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
|
|
|
|
|
* Added support for HTTP/3 if libcurl supports it (#12363)
|
|
|
|
|
* Added support for custom header authentication (#12372)
|
|
|
|
|
* Added support for client TLS certificates (#12406)
|
|
|
|
|
* Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595)
|
|
|
|
|
* Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473)
|
|
|
|
|
* Added support for running init without interaction (#12546)
|
|
|
|
|
* Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585)
|
|
|
|
|
* Added support for Windows Sudo to elevate during self-update (#12543)
|
|
|
|
|
* Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456)
|
|
|
|
|
* Fixed display of dist refs for dev versions when source is missing (#12562)
|
|
|
|
|
* Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423)
|
|
|
|
|
* Fixed compatibility issues with Symfony 7
|
|
|
|
|
* Fixed issues with PHP preloading being hard to debug (#12528)
|
|
|
|
|
- version update to 2.9.0rc1
|
|
|
|
|
* Bumped composer-plugin-api to 2.9.0
|
|
|
|
|
* Added automatic blocking of packages with security advisories from updates (#11956)
|
|
|
|
|
* Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
|
|
|
|
|
* Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
|
|
|
|
|
* Added audit > ignore-abandoned config setting to ignore some packages (#12572)
|
|
|
|
|
* Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
|
|
|
|
|
* Added repository command to add, remove, or update repositories more easily (#12388)
|
|
|
|
|
* Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
|
|
|
|
|
* Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
|
|
|
|
|
* Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
|
|
|
|
|
* Added support for forgejo / codeberg.org repositories (#12307)
|
|
|
|
|
* Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
|
|
|
|
|
* Added support for HTTP/3 if libcurl supports it (#12363)
|
|
|
|
|
* Added support for custom header authentication (#12372)
|
|
|
|
|
* Added support for client TLS certificates (#12406)
|
|
|
|
|
* Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595)
|
|
|
|
|
* Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473)
|
|
|
|
|
* Added support for running init without interaction (#12546)
|
|
|
|
|
* Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585)
|
|
|
|
|
* Added support for Windows Sudo to elevate during self-update (#12543)
|
|
|
|
|
* Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456)
|
|
|
|
|
* Fixed display of dist refs for dev versions when source is missing (#12562)
|
|
|
|
|
* Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423)
|
|
|
|
|
* Fixed compatibility issues with Symfony 7
|
|
|
|
|
* Fixed issues with PHP preloading being hard to debug (#12528)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Oct 6 19:20:01 UTC 2025 - Ferdinand Thiessen <rpm@fthiessen.de>
|
|
|
|
|
|
|
|
|
|
- version update to 2.8.12
|
|
|
|
|
* Fixed json schema issues with version validation
|
|
|
|
|
* Fixed support for Bitbucket API tokens
|
|
|
|
|
* Fixed handling of spaces in paths when using binaries
|
|
|
|
|
* Fixed config --global path resolution issue
|
|
|
|
|
* Reduced peak memory usage while loading packages
|
|
|
|
|
* Dropped react/promise 2.x support
|
|
|
|
|
- version update to 2.8.11
|
|
|
|
|
* Fixed bump command handling
|
|
|
|
|
* Fixed psr-4 warnings being shown when using symlinked directories
|
|
|
|
|
* Fixed audit command failing hard if any advisory constraint was invalid
|
|
|
|
|
- version update to 2.8.10
|
|
|
|
|
* Fixed plugins appearing loaded despite not being loaded yet
|
|
|
|
|
* Fixed forward compatibility with Symfony 7.4
|
|
|
|
|
* Fixed deprecation warning on PHP 8.4 when platform check fails
|
|
|
|
|
* Fixed json schema issues with version validation
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jul 2 10:49:10 UTC 2025 - pgajdos@suse.com
|
|
|
|
|
|
|
|
|
|
|
