search

cweagans / composer-patches

Simple patches plugin for Composer
https://www.cweagans.net/project/composer-patches
BSD 3-Clause "New" or "Revised" License
1.53k stars 240 forks source link

Bump composer/composer from 2.7.9 to 2.8.0 #594

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps composer/composer from 2.7.9 to 2.8.0.

Release notes

Sourced from composer/composer's releases.

2.8.0

  • BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
  • Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
  • Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
  • Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
  • Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
  • Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
  • Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
  • Added a JSON schema for the composer.lock file (#12123)
  • Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
  • Added --type flag to filter packages by type(s) in the reinstall command (#12114)
  • Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
  • Added warning in dump-autoload when vendor files have been deleted (#12139)
  • Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
  • Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
  • Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
  • Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
  • Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
  • Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
  • Fixed init command to validate the given license identifier (#12115)
  • Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
  • Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
  • Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
  • Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
  • Fixed handling of platform packages in why-not command and partial updates (#12110)
  • Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

Full Changelog: https://github.com/composer/composer/compare/2.7.9...2.8.0

Changelog

Sourced from composer/composer's changelog.

[2.8.0] 2024-10-02

  • BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
  • Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
  • Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
  • Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
  • Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
  • Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
  • Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
  • Added a JSON schema for the composer.lock file (#12123)
  • Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
  • Added --type flag to filter packages by type(s) in the reinstall command (#12114)
  • Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
  • Added warning in dump-autoload when vendor files have been deleted (#12139)
  • Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
  • Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
  • Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
  • Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
  • Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
  • Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
  • Fixed init command to validate the given license identifier (#12115)
  • Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
  • Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
  • Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
  • Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
  • Fixed handling of platform packages in why-not command and partial updates (#12110)
  • Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken
Commits
  • d5e75c2 Release 2.8.0
  • 71aa35b Update changelog
  • c6271f1 Fix init command to accept proprietary as license
  • 57e9795 Fix issue downloading from codeload.github.com when using basic-auth for gith...
  • a01ab9b Better app password support for bitbucket (#12103)
  • 31d83b2 Add composer audit --ignore-severity option (#12132)
  • 5b25607 Tweak output of VcsRepo to be less verbose
  • 58e8da7 Update deps
  • edb1588 Handle dump-autoload where vendor folder is not installed or not complete (#1...
  • 8949f91 Fix deprecated ParametersAcceptorSelector::selectSingle (#12136)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
coveralls commented 1 month ago

Pull Request Test Coverage Report for Build 11154499363

Details

Totals Coverage Status
Change from base Build 10933316020: 0.0%
Covered Lines: 546
Relevant Lines: 610
💛 - Coveralls