BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
Fixed lock file verification on install to deal better with replace/provide (#11475)
Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
Fixed support for plugin classes being marked as readonly (#11404)
Fixed getmypid being required as it is not always available (#11401)
Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
2.5.5
Fixed basic auth failures resulting in infinite retry loop (#11320)
Fixed archive command including an existing archive into itself if run repeatedly (#11239)
Fixed dev package prompt in require not appearing in some conditions (#11287)
2.5.1
Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
Fixed preg type error in svn version guessing (#11231)
2.5.0
BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
Improved version selection in archive command (#11230)
Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
Added autocompletion of config option names in the config command (#11130)
BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
Fixed lock file verification on install to deal better with replace/provide (#11475)
Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
Fixed support for plugin classes being marked as readonly (#11404)
Fixed getmypid being required as it is not always available (#11401)
Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
[2.5.5] 2023-03-21
Fixed basic auth failures resulting in infinite retry loop (#11320)
Fixed archive command including an existing archive into itself if run repeatedly (#11239)
Fixed dev package prompt in require not appearing in some conditions (#11287)
[2.5.1] 2022-12-22
Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
Fixed preg type error in svn version guessing (#11231)
[2.5.0] 2022-12-20
BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
Improved version selection in archive command (#11230)
Added autocompletion of config option names in the config command (#11130)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps composer/composer from 2.4.2 to 2.5.6.
Release notes
Sourced from composer/composer's releases.
... (truncated)
Changelog
Sourced from composer/composer's changelog.
... (truncated)
Commits
f7c05db
Release 2.5.63ab8310
Update changelog2365438
Fix lock file verification to take into account root provider/replacers and o...9d965b9
Fix authentication issues with private bitbucket repos (#11464)9885d23
Ensure stripos() receives a stringe51d755
Fix numeric default-branches with v prefix (e.g. v2.x-dev) being treated as n...7397a78
Update deps3a48e39
Return null for install path for metapackages instead of an empty path which ...a79eef2
Fix class renaming in plugin manager2b58f2c
Fix getmypid being required as it is not always available, fixes #11401Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)