typisttech / imposter-plugin

Composer plugin that wraps all composer vendor packages inside your own namespace. Intended for WordPress plugins.
https://www.typist.tech/projects/imposter-plugin
MIT License
150 stars 11 forks source link

Bump composer/composer from 2.0.13 to 2.2.0 #478

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps composer/composer from 2.0.13 to 2.2.0.

Release notes

Sourced from composer/composer's releases.

2.2.0

Read the Composer 2.2 Release Announcement for more details on the release highlights.

Complete Changelog

  • Bumped composer-runtime-api and composer-plugin-api to 2.2.0
  • UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
  • Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
  • Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
  • Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
  • Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
  • Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
  • Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
  • Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
  • Added a --source flag to config command to show where config values are loaded from (#10129)
  • Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
  • Added retry behavior on certain http status and curl error codes (#10162)
  • Added abandoned flag display in search command output
  • Added support for --ignore-platform-reqs in outdated command (#10293)
  • Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
  • Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
  • Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
  • Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
  • Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
  • Fixed unlocking of replacers when a replaced package is unlocked (#10280)
  • Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
  • Fixed handling of recursive package links (e.g. requiring or replacing oneself)
  • Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218)
  • Fixed archive command to produce archives with files sorted by name (#10274)
  • Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319)
  • Fixed self-update failing in some edge cases due to loading plugins (#10371)
  • Fixed display of conflicts showing the wrong package name in some conditions (#10355)
  • Fixed some error reporting issues (#10283, #10339)

2.2.0-RC1

Composer 2.2 will be LTS

Read more about the LTS plan and PHP version support in the upcoming Composer 2.3 if you're using a legacy PHP version.

Try it out now and get ready for the upcoming stable release

  • Use composer self-update --preview to try the latest prerelease version.
  • Use composer self-update --stable to go back to stable releases.

Changelog

  • Bumped composer-runtime-api and composer-plugin-api to 2.2.0
  • UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
  • Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
  • Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.2.0] 2021-12-22

  • Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
  • Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
  • Fixed self-update failing in some edge cases due to loading plugins (#10371)
  • Fixed display of conflicts showing the wrong package name in some conditions (#10355)

[2.2.0-RC1] 2021-12-08

  • Bumped composer-runtime-api and composer-plugin-api to 2.2.0
  • UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
  • Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
  • Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
  • Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
  • Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
  • Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
  • Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
  • Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
  • Added a --source flag to config command to show where config values are loaded from (#10129)
  • Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
  • Added retry behavior on certain http status and curl error codes (#10162)
  • Added abandoned flag display in search command output
  • Added support for --ignore-platform-reqs in outdated command (#10293)
  • Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
  • Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
  • Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
  • Fixed unlocking of replacers when a replaced package is unlocked (#10280)
  • Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
  • Fixed handling of recursive package links (e.g. requiring or replacing oneself)
  • Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218)
  • Fixed archive command to produce archives with files sorted by name (#10274)
  • Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319)
  • Fixed some error reporting issues (#10283, #10339)

[2.1.14] 2021-11-30

  • Fixed invalid release build

[2.1.13] 2021-11-30

  • Removed symfony/console ^6 support as we cannot be compatible until Composer 2.3.0 is released. If you have issues with Composer required as a dependency + Symfony make sure you stay on Symfony 5.4 for now. (#10321)

[2.1.12] 2021-11-09

  • Fixed issues in proxied binary files relying on FILE / DIR on php <8 (#10261)
  • Fixed 9999999-dev being shown in some cases by the show command (#10260)
  • Fixed GitHub Actions output escaping regression on PHP 8.1 (#10250)

[2.1.11] 2021-11-02

... (truncated)

Commits
  • e174a4c Release 2.2.0
  • 613980b Update baseline
  • f0060b7 Use web URLs for Gitlab support metadata (#10377)
  • 54123e4 Fix autoloader compatibility with older releases of laminas/laminas-zendframe...
  • 756c51d Update changelog
  • 188b692 Add test verifying only plugin deps are autoloaded (#10374)
  • 71ab70d Disable files autoloading for scripts to avoid untrusted code execution at ru...
  • 8f1b3d2 Add --no-scripts to all commands and disable plugins/scripts when running sel...
  • 24eac88 Switch the default version in path repo packages to dev-main and add a dev-ma...
  • 95e41ae Fix phpstan
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #480.