Bump composer/composer from 2.0.13 to 2.2.1

[dependabot]

Bumps composer/composer from 2.0.13 to 2.2.1.

Release notes

Sourced from composer/composer's releases.

2.2.1

• Fixed plugin autoloading including files autoload rules from the root package (#10382)
• Fixed issue parsing php files with unterminated comments found inside backticks (#10385)

2.2.0

Read the Composer 2.2 Release Announcement for more details on the release highlights.

Complete Changelog

• Bumped composer-runtime-api and composer-plugin-api to 2.2.0
• UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
• Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
• Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
• Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
• Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
• Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
• Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
• Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
• Added a --source flag to config command to show where config values are loaded from (#10129)
• Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
• Added retry behavior on certain http status and curl error codes (#10162)
• Added abandoned flag display in search command output
• Added support for --ignore-platform-reqs in outdated command (#10293)
• Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
• Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
• Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
• Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
• Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
• Fixed unlocking of replacers when a replaced package is unlocked (#10280)
• Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
• Fixed handling of recursive package links (e.g. requiring or replacing oneself)
• Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218)
• Fixed archive command to produce archives with files sorted by name (#10274)
• Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319)
• Fixed self-update failing in some edge cases due to loading plugins (#10371)
• Fixed display of conflicts showing the wrong package name in some conditions (#10355)
• Fixed some error reporting issues (#10283, #10339)

2.2.0-RC1

Composer 2.2 will be LTS

Read more about the LTS plan and PHP version support in the upcoming Composer 2.3 if you're using a legacy PHP version.

Try it out now and get ready for the upcoming stable release

• Use composer self-update --preview to try the latest prerelease version.
• Use composer self-update --stable to go back to stable releases.

Changelog

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.2.1] 2021-12-22

• Fixed plugin autoloading including files autoload rules from the root package (#10382)
• Fixed issue parsing php files with unterminated comments found inside backticks (#10385)

[2.2.0] 2021-12-22

• Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
• Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
• Fixed self-update failing in some edge cases due to loading plugins (#10371)
• Fixed display of conflicts showing the wrong package name in some conditions (#10355)

[2.2.0-RC1] 2021-12-08

• Bumped composer-runtime-api and composer-plugin-api to 2.2.0
• UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
• Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
• Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
• Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
• Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
• Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
• Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
• Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
• Added a --source flag to config command to show where config values are loaded from (#10129)
• Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
• Added retry behavior on certain http status and curl error codes (#10162)
• Added abandoned flag display in search command output
• Added support for --ignore-platform-reqs in outdated command (#10293)
• Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
• Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
• Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
• Fixed unlocking of replacers when a replaced package is unlocked (#10280)
• Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
• Fixed handling of recursive package links (e.g. requiring or replacing oneself)
• Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218)
• Fixed archive command to produce archives with files sorted by name (#10274)
• Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319)
• Fixed some error reporting issues (#10283, #10339)

[2.1.14] 2021-11-30

• Fixed invalid release build

[2.1.13] 2021-11-30

• Removed symfony/console ^6 support as we cannot be compatible until Composer 2.3.0 is released. If you have issues with Composer required as a dependency + Symfony make sure you stay on Symfony 5.4 for now. (#10321)

[2.1.12] 2021-11-09

• Fixed issues in proxied binary files relying on FILE / DIR on php <8 (#10261)

... (truncated)

Commits

• bbc265e Release 2.2.1
• 96ecc00 Update changelog
• e1bf45a Fix issue parsing php files with unterminated comments found inside backticks...
• 226689b Fix plugin autoloading including files autoload rules from the root package, ...
• 25835bb Reverting release version changes
• e174a4c Release 2.2.0
• 613980b Update baseline
• f0060b7 Use web URLs for Gitlab support metadata (#10377)
• 54123e4 Fix autoloader compatibility with older releases of laminas/laminas-zendframe...
• 756c51d Update changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #481.