Composer asks if I want to trust "php-http/discovery" when 1.15.0 gets required. This breaks CI pipelines when php-http/discovery is an indirect dependency.
How to reproduce
composer require php-http/discovery
Possible Solution
Use a new major version (2.0.0) for breaking changes.
Additional context
$ composer require php-http/discovery
./composer.json has been created
Running composer update php-http/discovery
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
Locking php-http/discovery (1.15.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
php-http/discovery contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "php-http/discovery" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?]
PHP version: 8.1.15 Composer version: 2.5.2 Description
Composer asks if I want to trust "php-http/discovery" when 1.15.0 gets required. This breaks CI pipelines when php-http/discovery is an indirect dependency.
How to reproduce composer require php-http/discovery
Possible Solution Use a new major version (2.0.0) for breaking changes.
Additional context $ composer require php-http/discovery ./composer.json has been created Running composer update php-http/discovery Loading composer repositories with package information Updating dependencies Lock file operations: 1 install, 0 updates, 0 removals