search

dshoreman / servidor

A modern web application for managing servers
GNU Lesser General Public License v2.1
9 stars 11 forks source link

Bump composer/composer from 2.1.12 to 2.2.18 #554

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps composer/composer from 2.1.12 to 2.2.18.

Release notes

Sourced from composer/composer's releases.

2.2.18

  • Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#10995)
  • Fixed duplicate missing extension warnings being displayed (#10938)
  • Fixed hg version detection (#10955)
  • Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004)

2.2.17

PSA: If you are seeing issues running non-interactive create-project with a project that does not configure allow-plugins, see the top post of #10928 for a workaround.

  • Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935)
  • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
  • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
  • Fixed support for disable_functions containing disk_free_space (#10936)
  • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940)

2.2.16

  • Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#10920)
  • Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#10920)
  • Fixed deprecation notice (#10921)

2.2.15

  • Fixed support for cache-read-only where the filesystem is not writable (#10906)
  • Fixed type error when using allow-plugins: true (#10909)
  • Fixed @​putenv scripts receiving arguments passed to the command (#10846)
  • Fixed support for spaces in paths with binary proxies on Windows (#10836)
  • Fixed type error in GitDownloader if branches cannot be listed (#10888)
  • Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)

2.2.14

  • Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
  • Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
  • Fixed bin proxies to allow a proxy to include another one safely (#10823)
  • Fixed gitlab-token JSON schema definition (#10800)
  • Fixed openssl 3.x version parsing as it is now semver compliant
  • Fixed type error when a json file cannot be read (#10818)
  • Fixed parsing of multi-line arrays in funding.yml (#10784)

2.2.13

  • Fixed invalid credentials loop when setting up GitLab token (#10748)
  • Fixed PHP 8.2 deprecations (#10766)
  • Fixed lock file changes being output even when the lock file creation is disabled
  • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763)
  • Fixed quoting of commas on Windows (#10775)
  • Fixed issue installing path repos with a disabled symlink function (#10786)

2.2.12

  • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
  • Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
  • Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
  • Fixed validate command checking the lock file even if the lock option is disabled (#10723)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.2.18] 2022-08-20

  • Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#10995)
  • Fixed duplicate missing extension warnings being displayed (#10938)
  • Fixed hg version detection (#10955)
  • Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004)

[2.2.17] 2022-07-13

  • Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935)
  • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
  • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
  • Fixed support for disable_functions containing disk_free_space (#10936)
  • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940)

[2.2.16] 2022-07-05

  • Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#10920)
  • Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#10920)
  • Fixed deprecation notice (#10921)

[2.2.15] 2022-07-01

  • Fixed support for cache-read-only where the filesystem is not writable (#10906)
  • Fixed type error when using allow-plugins: true (#10909)
  • Fixed @​putenv scripts receiving arguments passed to the command (#10846)
  • Fixed support for spaces in paths with binary proxies on Windows (#10836)
  • Fixed type error in GitDownloader if branches cannot be listed (#10888)
  • Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)

[2.2.14] 2022-06-06

  • Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
  • Fixed JSON schema regex pattern for name to be JS compatible (#10811)
  • Fixed bin proxies to allow a proxy to include another one safely (#10823)
  • Fixed gitlab-token JSON schema definition (#10800)
  • Fixed openssl 3.x version parsing as it is now semver compliant
  • Fixed type error when a json file cannot be read (#10818)
  • Fixed parsing of multi-line arrays in funding.yml (#10784)

[2.2.13] 2022-05-25

  • Fixed invalid credentials loop when setting up GitLab token (#10748)
  • Fixed PHP 8.2 deprecations (#10766)
  • Fixed lock file changes being output even when the lock file creation is disabled
  • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763)
  • Fixed quoting of commas on Windows (#10775)
  • Fixed issue installing path repos with a disabled symlink function (#10786)

[2.2.12] 2022-04-13

... (truncated)

Commits
  • 8417590 Release 2.2.18
  • 78c0282 Update changelog
  • 917748c Fix cache invalidation issue when a git tag gets created on an old ref after ...
  • e823f24 Match default choice to actual default (#11010)
  • 2152b20 Correct prohibits/why-not example command (#10994)
  • 104bf0d Handle 404s gracefully when loading providers in ComposerRepo, fixes #10974
  • f2141dd Fix tests from #10985
  • 598c1c7 Fix phpstan error
  • 6457a88 Fix COMPOSER_NO_DEV to work with --update-no-dev for require/remove commands ...
  • 1f0bd51 GitHubDriver: stricter URL validation to avoid issues with undefined index ow...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dshoreman/servidor/network/alerts).
dependabot[bot] commented 1 year ago

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

dependabot[bot] commented 1 year ago

Looks like composer/composer is up-to-date now, so this is no longer needed.