Bumped composer-runtime-api and composer-plugin-api to 2.2.0
UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
Added a --source flag to config command to show where config values are loaded from (#10129)
Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
Added retry behavior on certain http status and curl error codes (#10162)
Added abandoned flag display in search command output
Added support for --ignore-platform-reqs in outdated command (#10293)
Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
Fixed unlocking of replacers when a replaced package is unlocked (#10280)
Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
Fixed plugin autoloading including files autoload rules from the root package (#10382)
Fixed issue parsing php files with unterminated comments found inside backticks (#10385)
[2.2.0] 2021-12-22
Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
Fixed self-update failing in some edge cases due to loading plugins (#10371)
Fixed display of conflicts showing the wrong package name in some conditions (#10355)
[2.2.0-RC1] 2021-12-08
Bumped composer-runtime-api and composer-plugin-api to 2.2.0
UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
Added a --source flag to config command to show where config values are loaded from (#10129)
Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
Added retry behavior on certain http status and curl error codes (#10162)
Added abandoned flag display in search command output
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
2 years ago
Bumps composer/composer from 2.1.12 to 2.2.4.
Release notes
Sourced from composer/composer's releases.
... (truncated)
Changelog
Sourced from composer/composer's changelog.
... (truncated)
Commits
8a5ad75Release 2.2.4d468815Update changelog93d4c8eFix #10366: Improve messaging when GitHub tokens need SSO authorization (#10432)24b62a1Add support for sourcing binaries despite the bin proxy being present, take 26dea58cAdd support for sourcing binaries despite the bin proxy being presentd961998Workaround PHP bug properly as getenv() without arg also returns mangled valu...9305deaOnly run getenv workaround on PHP 7.1.13+641ad10Fix partial update where path repos are being auto-unlocked two levels deep n...64d39a9Fix phpstan error0b436deFix last bit phpstan errorDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)