47b56323b3
Accepting request 1149085 from server:php:applications
Ana Guerrero2024-02-22 19:59:25 +00:00
8ad381ac8e
Accepting request 1148935 from home:comrad:branches:openSUSE:Factory
Petr Gajdos2024-02-22 08:24:45 +00:00
ee6bf0ea74
Accepting request 1146367 from server:php:applications
Ana Guerrero2024-02-13 21:44:16 +00:00
5761df88bc
- version update to 2.7.1 [bsc#1219757] CVE-2024-24821
Petr Gajdos2024-02-12 10:18:59 +00:00
0e18abde92
- version update to 2.7.1 2.7.1 * Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 (#11842) * Fixed diagnose auditing of Composer dependencies failing when running from the phar 2.7.0 * Security: Fixed code execution and possible privilege escalation via compromised vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821) * Changed the default of the audit.abandoned config setting to fail, set it to report or ignore if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED env var (#11643) * Added --minimal-changes (-m) flag to update/require/remove commands to perform partial update with --with-dependencies while changing only what is absolutely necessary in transitive dependencies (#11665) * Added --sort-by-age (-A) flag to outdated/show commands to allow sorting by and displaying the release date (most outdated first) (#11762) * Added support for --self combined with --installed or --locked in show command, to add the root package to the package list being output (#11785) * Added severity information to audit command output (#11702) * Added scripts-aliases top level key in composer.json to define aliases for custom scripts you defined (#11666) * Added IPv4 fallback on connection timeout, as well as a COMPOSER_IPRESOLVE env var to force IPv4 or IPv6, set it to 4 or 6 (#11791) * Added support for wildcards in outdated's --ignore arg (#11831) * Added support for bump command bumping * to >=current version (#11694) * Added detection of constraints that cannot possibly match anything to validate command (#11829) * Added package source information to the output of install when running in very verbose (-vv) mode (#11763) * Added audit of Composer's own bundled dependencies in diagnose command (#11761) * Added GitHub token expiration date to diagnose command output (#11688) * Added non-zero status code to why/why-not commands (#11796) * Added error when calling show --direct <package> with an indirect/transitive dependency (#11728) * Added COMPOSER_FUND=0 env var to hide calls for funding (#11779) * Fixed bump command not bumping packages required with a v prefix (#11764)
Petr Gajdos2024-02-12 10:16:56 +00:00
a953ccfc79
Accepting request 1117489 from server:php:applications
Ana Guerrero2023-10-12 21:44:34 +00:00
6ad30507ee
Accepting request 1117487 from home:Ishwon
Petr Gajdos2023-10-12 15:46:18 +00:00
bdbfa109a4
Accepting request 1114950 from server:php:applications
Ana Guerrero2023-10-04 20:31:30 +00:00
348c056ef9
Accepting request 1114790 from home:pgajdos
Petr Gajdos2023-10-03 08:38:10 +00:00
a1a648edbf
Accepting request 1112968 from server:php:applications
Ana Guerrero2023-09-22 19:49:43 +00:00
e754ae86d5
- Update to version 2.5.4 * Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318) - Update to version 2.5.3 * Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)
Yunhe Guo2023-02-15 15:11:24 +00:00
28d4031815
- Update to version 2.5.2 * Added warning when require auto-selects a feature branch as that is probably not desired (#11270) * Fixed self.version requirements reporting lock file integrity errors when changing branches (#11283) * Fixed require regression which broke the --fixed flag (#11247) * Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281) * Fixed autoloading regression on PHP 5.6 (#11285) * Fixed archive command including an existing archive into itself if run repeatedly (#11239) * Fixed dev package prompt in require not appearing in some conditions (#11287)
Yunhe Guo2023-02-04 14:13:01 +00:00
4b94f8c5d4
- Update to version 2.5.1 * Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237) * Fixed preg type error in svn version guessing (#11231)
Yunhe Guo2022-12-25 05:15:45 +00:00
8c7ed665f7
- Update to version 2.5.0 * BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015) * Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160) * Improved version selection in archive command (#11230) * Added autocompletion of config option names in the config command (#11130) * Added support for writing [custom commands as Command classes](https://getcomposer.org/doc/articles/scripts.md#writing-custom-commands) (#11151) * Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195) * Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113) * Added support for bump command to bump >=x to >=installed-version (#11179) * Added --download-only flag to install command to only download and prime the cache with the package archives (#11041) * Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062) * Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085) * Added interactive prompt to run-script and exec commands if run without any argument (#11157) * Added interactive prompt where to store credentials when a project-local auth.json exists (#11188) * Fixed full disk warning to be shown when less than 100MiB is available (#11190) * Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229) * Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)
Yunhe Guo2022-12-21 12:32:42 +00:00
e01dc0263a
- Update to version 2.4.4 * Added extra debug output when a zip extraction fails while on GitHub Actions (#11148) * Fixed cache write failures when the cache dir gets removed during a composer run (#11076) * Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077) * Fixed --dry-run flag missing from bump command (#11047) * Fixed status command reporting differences when the source ref is a tag (#11155) * Fixed outdated command outputting legend on stdout instead of stderr * Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137) - Update to version 2.4.3 * BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120) * Fixed json format of audit command which was missing affectedVersions (#11120) * Fixed plugin commands not being loaded during bash completions (#11074) * Fixed parsing of inline aliases within complex constraints with || or , (#11086) * Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091) * Fixed JsonFile reading files without checking if they are readable first (#11077) * Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
Yunhe Guo2022-11-06 11:46:06 +00:00
3d75fb16c9
- Update to version 2.4.2 * Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024) * Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive * Fixed package filter on bump command (#11053) * Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037) * Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0 * Fixed handling of zero-major versions in outdated command with --major-only (#11032) * Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046) * Fixed a few strict type errors - Update to version 2.4.1 * Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998) * Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000) * Fixed local git repos being copied to cache unnecessarily (#11001) * Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004) - Update to version 2.4.0 * Added bash completions for Composer commands, package names, etc (see how to setup) (#10320) * Added bump command to bump requirements to the currently installed version (#10829) * Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898)
Yunhe Guo2022-09-25 06:33:06 +00:00
3e1bacc24d
Accepting request 990767 from server:php:applications
Richard Brown2022-07-26 17:43:38 +00:00
4f0b754270
- Update to version 2.3.10 * Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935) * Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928) * Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925) * Fixed support for disable_functions containing disk_free_space (#10936) * Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940) - Update to version 2.3.9 * Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#10920) * Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#10920) * Fixed deprecation notice (#10921) * Fixed type errors (#10924)
Yunhe Guo2022-07-16 06:33:41 +00:00
ed896b83a3
- Update to version 2.3.8 * Fixed support for cache-read-only where the filesystem is not writable (#10906) * Fixed type error when using allow-plugins: true (#10909) * Fixed @putenv scripts receiving arguments passed to the command (#10846) * Fixed support for spaces in paths with binary proxies on Windows (#10836) * Fixed type error in GitDownloader if branches cannot be listed (#10888) * Fixed RootPackageInterface issue on PHP 5.3.3 (#10895) * Fixed type errors (#10904, #10897)
Yunhe Guo2022-07-02 06:04:43 +00:00
5b929af7be
- Update to version 2.3.7 * Fixed a few PHPStan ConfigReturnTypeExtension bugs * Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#10814) * Fixed handling of broken symlinks when checking whether a package is still installed (#6708) * Fixed bin proxies to allow a proxy to include another one safely (#10823) * Fixed openssl 3.x version parsing as it is now semver compliant * Fixed type error when a json file cannot be read (#10818) * Fixed parsing of multi-line arrays in funding.yml (#10784)
Yunhe Guo2022-06-11 09:29:29 +00:00
f69c77fe4d
- Update to version 2.3.6 * Added Composer\PHPStan\ConfigReturnTypeExtension to improve return types of Config::get() which you can also use in plugins CI (#10635) * Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811) * Fixed unnecessary HTTP request in BitbucketDriver (#10729) * Fixed invalid credentials loop when setting up GitLab token (#10748) * Fixed PHP 8.2 deprecations (#10766) * Fixed lock file changes being output even when the lock file creation is disabled * Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763) * Fixed quoting of commas on Windows (#10775) * Fixed issue installing path repos with a disabled symlink function (#10786) * Fixed various type errors (#10753, #10739, #10751)
Yunhe Guo2022-06-03 07:03:17 +00:00
5df592d40d
- Update to version 2.3.3 * Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682) * Added missing config.bitbucket-oauth in composer-schema.json * Fixed type errors in SvnDriver (#10681) * Fixed --version output to match the pre-2.3 one (#10684) * Fixed config/auth.json files not being validated against the composer-schema.json (#10685) * Fixed generation of autoload crashing if a package has a broken path (#10688) * Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687) * Updated semver, jsonlint deps for minor fixes * Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651) - Update to version 2.3.2 * Fixed type error when running exec command (#10672) * Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#10648) * Fixed type error in ComposerRepository (#10675) * Fixed issues loading platform packages where the version of a library cannot be established (#10631) - Update to version 2.3.1 * Fixed type error when HOME env var is not set (#10670) - Update to version 2.3.0 * Fixed many strict types errors (#10646, #10642, #10647, #10658, #10656, #10665, #10660, #10663, #10662) * Fixed invalid return value in ComposerRepository::findPackage (#10622) * Fixed many show command issues due to a flipped condition
Yunhe Guo2022-04-03 07:50:53 +00:00
225b9c7e5b
- Update to version 2.2.6 * BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for binaries added in Composer 2.2.2 had to be renamed to COMPOSER_RUNTIME_BIN_DIR (#10512) * Fixed enum parsing in classmap generation with syntax like enum foo:string without space after : (#10498) * Fixed package search not urlencoding the input (#10500) * Fixed reinstall command not firing pre-install-cmd/post-install-cmd events (#10514) * Fixed edge case in path repositories where a symlink: true option would be ignored on old Windows and old PHP combos (#10482) * Fixed test suite compatibility with latest symfony/console releases (#10499) * Fixed some error reporting edge cases (#10484, #10451, #10493) - Update to version 2.2.5 * Disabled composer/package-versions-deprecated by default as it can function using Composer\InstalledVersions at runtime (#10458) * Fixed artifact repositories crashing if a phar file was present in the directory (#10406) * Fixed binary proxy issue on PHP <8 when fseek is used on the proxied binary path (#10468) * Fixed handling of non-string versions in package repositories metadata (#10470) - Update to version 2.2.4 * Fixed handling of process timeout when running async processes during installation * Fixed GitLab API handling when projects have a repository disabled (#10440) * Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#10434)
Yunhe Guo2022-02-19 03:52:32 +00:00
Ana Guerrero
Petr Gajdos
Dominique Leuenberger
Yunhe Guo
Richard Brown
Johannes Weberhofer
Ralf Lang