BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
Improved version selection in archive command (#11230)
Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
Added autocompletion of config option names in the config command (#11130)
Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
Added support for bump command to bump >=x to >=installed-version (#11179)
Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
Added interactive prompt to run-script and exec commands if run without any argument (#11157)
Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
Fixed full disk warning to be shown when less than 100MiB is available (#11190)
Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)
2.4.4
Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
Fixed --dry-run flag missing from bump command (#11047)
Fixed status command reporting differences when the source ref is a tag (#11155)
Fixed outdated command outputting legend on stdout instead of stderr
Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
2.4.3
BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
Fixed json format of audit command which was missing affectedVersions (#11120)
Fixed plugin commands not being loaded during bash completions (#11074)
Fixed parsing of inline aliases within complex constraints with || or , (#11086)
Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
Fixed JsonFile reading files without checking if they are readable first (#11077)
Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
2.4.2
Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
Improved version selection in archive command (#11230)
Added autocompletion of config option names in the config command (#11130)
Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
Added support for bump command to bump >=x to >=installed-version (#11179)
Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
Added interactive prompt to run-script and exec commands if run without any argument (#11157)
Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
Fixed full disk warning to be shown when less than 100MiB is available (#11190)
Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)
[2.4.4] 2022-10-27
Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
Fixed --dry-run flag missing from bump command (#11047)
Fixed status command reporting differences when the source ref is a tag (#11155)
Fixed outdated command outputting legend on stdout instead of stderr
Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
[2.4.3] 2022-10-14
BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
Fixed json format of audit command which was missing affectedVersions (#11120)
Fixed plugin commands not being loaded during bash completions (#11074)
Fixed parsing of inline aliases within complex constraints with || or , (#11086)
Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
Fixed JsonFile reading files without checking if they are readable first (#11077)
Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
[2.4.2] 2022-09-14
Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps composer/composer from 2.0.13 to 2.5.0.
Release notes
Sourced from composer/composer's releases.
... (truncated)
Changelog
Sourced from composer/composer's changelog.
... (truncated)
Commits
09ef0e3
Release 2.5.05d659be
Update changelogbe053cb
Allow underscores in cache keys to avoid conflicts with package names contain...5e6ccae
Improve version selection in archive command, fixes #4794 (#11230)685ec29
Increase disk size warning to 100MB minimum, closes #111903534499
Add test covering edge case of composer repo format, closes #112068969f80
Update baseline (1739, 93)2aa33aa
Update PHPStan (#11222)957e7a9
Merge pull request #11218 from localheinz/fix/patchef7ba73
Add support for bumping >=x to >=latest, fixes #11179Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)