search

NiclasvanEyk / initializer-for-laravel

🚀 A quickstart generator for Laravel projects
https://laravel.initializer.dev
MIT License
82 stars 10 forks source link

Bump composer/composer from 2.5.5 to 2.6.0 #372

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps composer/composer from 2.5.5 to 2.6.0.

Release notes

Sourced from composer/composer's releases.

2.6.0

  • Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
  • Added rm alias to the remove command (#11367)
  • Added runtime platform check to verify the php-64bit requirement is met (#11334)
  • Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
  • Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
  • Added support for bumping patch level in ~1.2.3 constraints (#11590)
  • Added prompt in require if the package name is not found but similar ones exist (#11284)
  • Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
  • Added support for local directory paths for repositories of type composer (#11526)
  • Added links to package homepages in why/why-not command output (#11308)
  • Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
  • Added support for gathering security advisories from multiple repositories for a single package (#11436)
  • Fixed install and update exit code to be non-zero if the post-install security audit failed (#11362)
  • Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)
  • Fixed executability of non-php binaries which are not marked executable (#11557)
  • Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
  • Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
  • Fixed json editing to preserve indentation when updating json files (#11390)
  • Fixed handling of broken junctions on windows (#11550)
  • Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
  • Fixed svn repo parsing in some edge cases (#11350)
  • Fixed handling of archive URLs without file extension (#11520)
  • Performance improvement in pool optimization step (#11449, #11450)

2.5.8

  • Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495)
  • Fixed EventDispatcher on windows picking bat files when using @php binary (#11490)
  • Fixed ICU CDLR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492)
  • Fixed type declarations on ClassLoader (#11500)

2.5.7

  • Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)

2.5.6

  • BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
  • Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
  • Fixed lock file verification on install to deal better with replace/provide (#11475)
  • Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
  • Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
  • Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
  • Fixed support for plugin classes being marked as readonly (#11404)
  • Fixed getmypid being required as it is not always available (#11401)
  • Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
Changelog

Sourced from composer/composer's changelog.

[2.6.0] 2023-09-01

  • Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
  • Added rm alias to the remove command (#11367)
  • Added runtime platform check to verify the php-64bit requirement is met (#11334)
  • Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
  • Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
  • Added support for bumping patch level in ~1.2.3 constraints (#11590)
  • Added prompt in require if the package name is not found but similar ones exist (#11284)
  • Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
  • Added support for local directory paths for repositories of type composer (#11526)
  • Added links to package homepages in why/why-not command output (#11308)
  • Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
  • Added support for gathering security advisories from multiple repositories for a single package (#11436)
  • Fixed install and update exit code to be non-zero if the post-install security audit failed (#11362)
  • Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)
  • Fixed executability of non-php binaries which are not marked executable (#11557)
  • Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
  • Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
  • Fixed json editing to preserve indentation when updating json files (#11390)
  • Fixed handling of broken junctions on windows (#11550)
  • Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
  • Fixed svn repo parsing in some edge cases (#11350)
  • Fixed handling of archive URLs without file extension (#11520)
  • Performance improvement in pool optimization step (#11449, #11450)

[2.5.8] 2023-06-09

  • Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495)
  • Fixed EventDispatcher on windows picking bat files when using "@​php binary" (#11490)
  • Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492)
  • Fixed type declarations on ClassLoader (#11500)

[2.5.7] 2023-05-24

  • Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)

[2.5.6] 2023-05-24

  • BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
  • Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
  • Fixed lock file verification on install to deal better with replace/provide (#11475)
  • Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
  • Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
  • Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
  • Fixed support for plugin classes being marked as readonly (#11404)
  • Fixed getmypid being required as it is not always available (#11401)
  • Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
codecov[bot] commented 1 year ago

Codecov Report

Patch and project coverage have no change.

Comparison is base (67b98bc) 0.00% compared to head (cf34902) 0.00%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #372 +/- ## ======================================= Coverage 0.00% 0.00% Complexity 363 363 ======================================= Files 129 129 Lines 1585 1585 ======================================= Misses 1585 1585 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

dependabot[bot] commented 1 year ago

Superseded by #376.