Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
Fixed --dry-run flag missing from bump command (#11047)
Fixed status command reporting differences when the source ref is a tag (#11155)
Fixed outdated command outputting legend on stdout instead of stderr
Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
2.4.3
BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
Fixed json format of audit command which was missing affectedVersions (#11120)
Fixed plugin commands not being loaded during bash completions (#11074)
Fixed parsing of inline aliases within complex constraints with || or , (#11086)
Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
Fixed JsonFile reading files without checking if they are readable first (#11077)
Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
2.4.2
Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
Fixed --dry-run flag missing from bump command (#11047)
Fixed status command reporting differences when the source ref is a tag (#11155)
Fixed outdated command outputting legend on stdout instead of stderr
Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
[2.4.3] 2022-10-14
BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
Fixed json format of audit command which was missing affectedVersions (#11120)
Fixed plugin commands not being loaded during bash completions (#11074)
Fixed parsing of inline aliases within complex constraints with || or , (#11086)
Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
Fixed JsonFile reading files without checking if they are readable first (#11077)
Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
[2.4.2] 2022-09-14
Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps composer/composer from 2.4.1 to 2.4.4.
Release notes
Sourced from composer/composer's releases.
Changelog
Sourced from composer/composer's changelog.
Commits
e8d9087Release 2.4.44900a14Update changelogbb726b8Fix status command reporting differences when source reference is a tag name,...10e757dAdd extra debug info when running GH Actions and an archive extraction fails,...923ff98Update phpstan90673e4Update URL masking patterns for new GitHub fine-grained PATs8554731Fix regression in loading Composer on SMB/network shares, refs #8231 #11077803e4e5Catch runtime exception while initializing Composer to make sure a missing co...e5b8f2dAdd "--dry-run" to bump command (#11047)8d3a304Fix outdated command outputting some of the legend to stdoutDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)