Sourced from ramsey/composer-install's releases.

2.1.0

Added

• Force the use of composer update if a lock file is not present, avoiding the warning that appears when running composer install without a lock file.

2.0.5

Fixed

• Don't error on out-of-sync lock file (#206, #213)
• Do not append empty restore key (#216)

2.0.4

Fixed

• Fix typo in variable name

2.0.3

Fixed

• Convert GitHub Action notices to debug messages (#211)
• Ensure compatibility with Composer 1.x (#209, #210)

2.0.2

Fixed

• Fix case when values other than locked, highest, or lowest are passed for dependency_versions. In these cases, we always default to locked.

2.0.1

Fixed

• Fix case where cache keys might collide if using more than one working directory on a project.
• Improve error handling and reporting.
• Validate composer.json and emit error message if it does not validate.

2.0.0

Added

• Use --prefer-stable with lowest dependencies (#178)
• Allow use of a custom cache key (#167)
• Allow ability to ignore the cache

Changed

• Switch to a composite action from a JavaScript action

Fixed

• Fix case where working-directory did not run composer install in the correct working directory (#187)
• Fix problems with retrieving cache with parallel builds (#161, #152)
• Fix problems restoring from cache on Windows (#79)

• f680dac test: add PHP path back to command, as well as debug message
• 3c51967 test: ensure we use the alternate composer location
• 9389fa5 feat: force use of "update" if there is no lock file
• fcd69c7 test: move clean-up stage to bottom of test files
• 367fb02 chore: use latest version of Vulnerability Disclosure Policy
• 470b5b7 ci: use expressions in case conditions for code coverage
• 89752f0 ci: run shellcheck on scripts (#214)
• c610daf ci: convert to single line for code coverage reporting (#218)
• 713bde7 fix: don't error out on out-of-sync lock file (#213)
• 6ba32f2 GH Actions: various tweaks (#217)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)