Skip to content

Bump composer/composer from 2.0.13 to 2.2.3#482

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/composer/composer/composer-2.2.3
Closed

Bump composer/composer from 2.0.13 to 2.2.3#482
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/composer/composer/composer-2.2.3

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 31, 2021

Bumps composer/composer from 2.0.13 to 2.2.3.

Release notes

Sourced from composer/composer's releases.

2.2.3

  • Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387)
  • Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#10401)
  • Fixed binary proxies for shell scripts to work correctly when they are symlinked (Fix builds jakzal/phpqa#336)
  • Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#10405)

2.2.2

  • Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402)
  • Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#10387)
  • Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#10404)
  • Fixed UX of plugin warnings (#10381)

2.2.1

  • Fixed plugin autoloading including files autoload rules from the root package (#10382)
  • Fixed issue parsing php files with unterminated comments found inside backticks (#10385)

2.2.0

Read the Composer 2.2 Release Announcement for more details on the release highlights.

Complete Changelog

  • Bumped composer-runtime-api and composer-plugin-api to 2.2.0
  • UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
  • Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
  • Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
  • Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
  • Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
  • Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
  • Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
  • Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
  • Added a --source flag to config command to show where config values are loaded from (#10129)
  • Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
  • Added retry behavior on certain http status and curl error codes (#10162)
  • Added abandoned flag display in search command output
  • Added support for --ignore-platform-reqs in outdated command (#10293)
  • Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
  • Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
  • Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
  • Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
  • Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
  • Fixed unlocking of replacers when a replaced package is unlocked (#10280)
  • Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
  • Fixed handling of recursive package links (e.g. requiring or replacing oneself)
  • Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218)
  • Fixed archive command to produce archives with files sorted by name (#10274)
  • Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319)
  • Fixed self-update failing in some edge cases due to loading plugins (#10371)
  • Fixed display of conflicts showing the wrong package name in some conditions (#10355)
  • Fixed some error reporting issues (#10283, #10339)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.2.3] 2021-12-31

  • Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387)
  • Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#10401)
  • Fixed binary proxies for shell scripts to work correctly when they are symlinked (Fix builds jakzal/phpqa#336)
  • Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#10405)

[2.2.2] 2021-12-29

  • Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402)
  • Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#10387)
  • Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#10404)
  • Fixed UX of plugin warnings (#10381)

[2.2.1] 2021-12-22

  • Fixed plugin autoloading including files autoload rules from the root package (#10382)
  • Fixed issue parsing php files with unterminated comments found inside backticks (#10385)

[2.2.0] 2021-12-22

  • Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
  • Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
  • Fixed self-update failing in some edge cases due to loading plugins (#10371)
  • Fixed display of conflicts showing the wrong package name in some conditions (#10355)

[2.2.0-RC1] 2021-12-08

  • Bumped composer-runtime-api and composer-plugin-api to 2.2.0
  • UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
  • Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
  • Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
  • Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
  • Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
  • Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
  • Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
  • Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
  • Added a --source flag to config command to show where config values are loaded from (#10129)
  • Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
  • Added retry behavior on certain http status and curl error codes (#10162)
  • Added abandoned flag display in search command output
  • Added support for --ignore-platform-reqs in outdated command (#10293)
  • Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
  • Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
  • Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
  • Fixed unlocking of replacers when a replaced package is unlocked (#10280)
  • Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)
  • Fixed handling of recursive package links (e.g. requiring or replacing oneself)
  • Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218)
  • Fixed archive command to produce archives with files sorted by name (#10274)

... (truncated)

Commits
  • 3c92ba5 Release 2.2.3
  • 3ed2295 Update changelog for 2.2.3
  • efc7a3f fix: Do not optimise away packages due to a requirement by a locked package t...
  • 75e4d30 Fix warnings when some code reuses the phpvfscomposer:// stream wrapper to tr...
  • 2cd16b4 Suppress errors if realpath fails or is missing
  • 390260c Resolve binary realpath to make sure symlinking bin proxies works, refs jakza...
  • d1d5d75 Fix detection of PHP files to match also broken ones with leading whitespace ...
  • 84f8fda Remove getCode usage as it is not type safe apparently, see https://github.co...
  • 09d1330 Fix is_file() not working on the phpvfscomposer:// file when filtering phpuni...
  • 164a769 Avoid returning actual fstat information as it induces modern PHPs in error w...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump composer/composer from 2.0.13 to 2.2.3
9385c65 
Bumps [composer/composer](https://github.com/composer/composer) from 2.0.13 to 2.2.3.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)
- [Commits](composer/composer@2.0.13...2.2.3)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 31, 2021
@dependabot dependabot bot mentioned this pull request Dec 31, 2021
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 10, 2022

Superseded by #484.

@dependabot dependabot bot closed this Jan 10, 2022
@dependabot dependabot bot deleted the dependabot/composer/composer/composer-2.2.3 branch January 10, 2022 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants