Revisions of php-composer2

buildservice-autocommit accepted request 1223669 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 54)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) committed (revision 53)
checkin
buildservice-autocommit accepted request 1179900 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 52)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) committed (revision 51)
checkin
buildservice-autocommit accepted request 1149085 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 50)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) accepted request 1148935 from Bernd Ritter's avatar Bernd Ritter (comrad) (revision 49)
- Updated composer2.phar to match upstreams sha256 1ffd0be3f27e237b1ae47f9e8f29f96ac7f50a0bd9eef4f88cdbe94dd04bfff0
buildservice-autocommit accepted request 1146367 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 48)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) committed (revision 47)
- version update to 2.7.1 [bsc#1219757] CVE-2024-24821
Petr Gajdos's avatar Petr Gajdos (pgajdos) committed (revision 46)
- version update to 2.7.1
  2.7.1
  * Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 (#11842)
  *  Fixed diagnose auditing of Composer dependencies failing when running from the phar
  2.7.0
  * Security: Fixed code execution and possible privilege escalation via compromised
    vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821)
  * Changed the default of the audit.abandoned config setting to fail, set it to report or
    ignore if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED env var (#11643)
  * Added --minimal-changes (-m) flag to update/require/remove commands to perform
    partial update with --with-dependencies while changing only what is absolutely
    necessary in transitive dependencies (#11665)
  * Added --sort-by-age (-A) flag to outdated/show commands to allow
     sorting by and displaying the release date (most outdated first) (#11762)
  * Added support for --self combined with --installed or --locked in show command, to
    add the root package to the package list being output (#11785)
  * Added severity information to audit command output (#11702)
  * Added scripts-aliases top level key in composer.json to define aliases for custom scripts you defined (#11666)
  * Added IPv4 fallback on connection timeout, as well as a COMPOSER_IPRESOLVE env var to force
    IPv4 or IPv6, set it to 4 or 6 (#11791)
  * Added support for wildcards in outdated's --ignore arg (#11831)
  * Added support for bump command bumping * to >=current version (#11694)
  * Added detection of constraints that cannot possibly match anything to validate command (#11829)
  * Added package source information to the output of install when running in very verbose (-vv) mode (#11763)
  * Added audit of Composer's own bundled dependencies in diagnose command (#11761)
  * Added GitHub token expiration date to diagnose command output (#11688)
  * Added non-zero status code to why/why-not commands (#11796)
  * Added error when calling show --direct <package> with an indirect/transitive dependency (#11728)
  * Added COMPOSER_FUND=0 env var to hide calls for funding (#11779)
  * Fixed bump command not bumping packages required with a v prefix (#11764)
buildservice-autocommit accepted request 1117489 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 45)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) accepted request 1117487 from Ish Sookun's avatar Ish Sookun (Ishwon) (revision 44)
Updates php-composer to version 2.6.5.
buildservice-autocommit accepted request 1114950 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 43)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) accepted request 1114790 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 42)
- version update to 2.6.4
  * 2.6.4 2023-09-29 [bsc#1215859]
    - Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible,
      executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
    - Fixed json output of abandoned packages in audit command (#11647)
    - Performance improvement in pool optimization step (#11638)
    - Performance improvement in show -a <packagename> (#11659)
  * 2.6.3 2023-09-15
    - Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future
      default in 2.7) to make the audit command report abandoned packages as a security problem (#11639)
    - Added a warning when duplicates files autoload rules are detected (#11109)
    - Fixed unhandled promise rejection regression (#11620)
    - Fixed loading of root aliases on path repo packages when doing partial updates (#11632)
    - Fixed archive command not producing the correct output if the temp dir is a symlink (#11636)
    - Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629)
  * 2.6.2 2023-09-03
    - Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them,
      they are now more transparent (#11562)" which caused a regression (#11617)
    - Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit
      audits with require, create-project or update commands (#11616)
    - Fixed create-project infinite post-install loop in some circumstances (#11613)
  * 2.6.1 2023-09-01
    - Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which
      caused a regression (#11612)
  * 2.6.0 2023-09-01
    - Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
    - Added rm alias to the remove command (#11367)
    - Added runtime platform check to verify the php-64bit requirement is met (#11334)
    - Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
    - Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying
buildservice-autocommit accepted request 1112968 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 41)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) committed (revision 40)
  * [bsc#1198494]
buildservice-autocommit accepted request 1105263 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 39)
baserev update by copy to link target
Petr Gajdos's avatar Petr Gajdos (pgajdos) accepted request 1101051 from Ish Sookun's avatar Ish Sookun (Ishwon) (revision 38)
- Update to version 2.5.8
  * Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495)
  * Fixed EventDispatcher on windows picking bat files when using "@php binary" (#11490)
  * Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492)
  * Fixed type declarations on ClassLoader (#11500)
- Update to version 2.5.7
  * Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)
- Update to version 2.5.6
  * BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
  * Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
  * Fixed lock file verification on install to deal better with replace/provide (#11475)
  * Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
  * Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
  * Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
  * Fixed support for plugin classes being marked as readonly (#11404)
  * Fixed getmypid being required as it is not always available (#11401)
  * Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)
buildservice-autocommit accepted request 1075002 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 37)
baserev update by copy to link target
Yunhe Guo's avatar Yunhe Guo (guoyunhe) committed (revision 36)
- Update to version 2.5.5
  * Fixed basic auth failures resulting in infinite retry loop (#11320)
  * Fixed GitHub rate limit reporting (#11366)
  * Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304)
  * Fixed issue displaying solver problems with branch names containing `%` signs (#11359)
  * Fixed race condition in cache validity detection when running Composer highly concurrently (#11375)
  * Fixed various minor config command issues (#11353, #11302)
buildservice-autocommit accepted request 1067188 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 35)
baserev update by copy to link target
Displaying revisions 1 - 20 of 54
openSUSE Build Service is sponsored by