search

boxuk / wp-muplugin-loader

A drop-in MU Plugin loader for WordPress
MIT License
19 stars 4 forks source link

[DEPS]: Bump composer/composer from 2.4.2 to 2.5.1 #91

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps composer/composer from 2.4.2 to 2.5.1.

Release notes

Sourced from composer/composer's releases.

2.5.1

  • Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
  • Fixed preg type error in svn version guessing (#11231)

2.5.0

  • BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
  • Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
  • Improved version selection in archive command (#11230)
  • Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
  • Added autocompletion of config option names in the config command (#11130)
  • Added support for writing custom commands as Command classes (#11151)
  • Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
  • Added support for bump command to bump >=x to >=installed-version (#11179)
  • Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
  • Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
  • Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
  • Added interactive prompt to run-script and exec commands if run without any argument (#11157)
  • Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
  • Fixed full disk warning to be shown when less than 100MiB is available (#11190)
  • Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
  • Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)

2.4.4

  • Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
  • Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
  • Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
  • Fixed --dry-run flag missing from bump command (#11047)
  • Fixed status command reporting differences when the source ref is a tag (#11155)
  • Fixed outdated command outputting legend on stdout instead of stderr
  • Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)

2.4.3

  • BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
  • Fixed json format of audit command which was missing affectedVersions (#11120)
  • Fixed plugin commands not being loaded during bash completions (#11074)
  • Fixed parsing of inline aliases within complex constraints with || or , (#11086)
  • Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
  • Fixed JsonFile reading files without checking if they are readable first (#11077)
  • Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
Changelog

Sourced from composer/composer's changelog.

[2.5.1] 2022-12-22

  • Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
  • Fixed preg type error in svn version guessing (#11231)

[2.5.0] 2022-12-20

  • BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
  • Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
  • Improved version selection in archive command (#11230)
  • Added autocompletion of config option names in the config command (#11130)
  • Added support for writing custom commands as Command classes (#11151)
  • Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
  • Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
  • Added support for bump command to bump >=x to >=installed-version (#11179)
  • Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
  • Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
  • Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
  • Added interactive prompt to run-script and exec commands if run without any argument (#11157)
  • Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
  • Fixed full disk warning to be shown when less than 100MiB is available (#11190)
  • Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
  • Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)

[2.4.4] 2022-10-27

  • Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
  • Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
  • Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
  • Fixed --dry-run flag missing from bump command (#11047)
  • Fixed status command reporting differences when the source ref is a tag (#11155)
  • Fixed outdated command outputting legend on stdout instead of stderr
  • Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)

[2.4.3] 2022-10-14

  • BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
  • Fixed json format of audit command which was missing affectedVersions (#11120)
  • Fixed plugin commands not being loaded during bash completions (#11074)
  • Fixed parsing of inline aliases within complex constraints with || or , (#11086)
  • Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
  • Fixed JsonFile reading files without checking if they are readable first (#11077)
  • Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
Commits
  • 923278a Release 2.5.1
  • 9c04f9b Update changelog
  • cf8ce82 Fix preg match type error in svn version guessing, fixes #11231
  • cbb7c91 Fix ClassLoader to be serializable (#11237)
  • 7290f5b Document recovering from invalid merges on composer.lock and composer.json (#...
  • da611e0 Docs: fix documention deep links (#11233)
  • 737fd0f Reverting release version changes
  • 09ef0e3 Release 2.5.0
  • 5d659be Update changelog
  • be053cb Allow underscores in cache keys to avoid conflicts with package names contain...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #94.