Bump composer/composer from 2.0.13 to 2.5.0

[dependabot]

Bumps composer/composer from 2.0.13 to 2.5.0.

Release notes

Sourced from composer/composer's releases.

2.5.0

• BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
• Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
• Improved version selection in archive command (#11230)
• Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
• Added autocompletion of config option names in the config command (#11130)
• Added support for writing custom commands as Command classes (#11151)
• Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
• Added support for bump command to bump >=x to >=installed-version (#11179)
• Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
• Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
• Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
• Added interactive prompt to run-script and exec commands if run without any argument (#11157)
• Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
• Fixed full disk warning to be shown when less than 100MiB is available (#11190)
• Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
• Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)

2.4.4

• Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
• Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
• Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
• Fixed --dry-run flag missing from bump command (#11047)
• Fixed status command reporting differences when the source ref is a tag (#11155)
• Fixed outdated command outputting legend on stdout instead of stderr
• Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)

2.4.3

• BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
• Fixed json format of audit command which was missing affectedVersions (#11120)
• Fixed plugin commands not being loaded during bash completions (#11074)
• Fixed parsing of inline aliases within complex constraints with || or , (#11086)
• Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
• Fixed JsonFile reading files without checking if they are readable first (#11077)
• Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)

2.4.2

• Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
• Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
• Fixed package filter on bump command (#11053)
• Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037)
• Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
• Fixed handling of zero-major versions in outdated command with --major-only (#11032)
• Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046)
• Fixed a few strict type errors

2.4.1

• Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998)
• Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.5.0] 2022-12-20

• BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
• Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
• Improved version selection in archive command (#11230)
• Added autocompletion of config option names in the config command (#11130)
• Added support for writing custom commands as Command classes (#11151)
• Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
• Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
• Added support for bump command to bump >=x to >=installed-version (#11179)
• Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
• Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
• Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
• Added interactive prompt to run-script and exec commands if run without any argument (#11157)
• Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
• Fixed full disk warning to be shown when less than 100MiB is available (#11190)
• Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
• Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)

[2.4.4] 2022-10-27

• Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
• Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
• Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
• Fixed --dry-run flag missing from bump command (#11047)
• Fixed status command reporting differences when the source ref is a tag (#11155)
• Fixed outdated command outputting legend on stdout instead of stderr
• Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)

[2.4.3] 2022-10-14

• BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
• Fixed json format of audit command which was missing affectedVersions (#11120)
• Fixed plugin commands not being loaded during bash completions (#11074)
• Fixed parsing of inline aliases within complex constraints with || or , (#11086)
• Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
• Fixed JsonFile reading files without checking if they are readable first (#11077)
• Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)

[2.4.2] 2022-09-14

• Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
• Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
• Fixed package filter on bump command (#11053)
• Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037)
• Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
• Fixed handling of zero-major versions in outdated command with --major-only (#11032)
• Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046)
• Fixed a few strict type errors

... (truncated)

Commits

• 09ef0e3 Release 2.5.0
• 5d659be Update changelog
• be053cb Allow underscores in cache keys to avoid conflicts with package names contain...
• 5e6ccae Improve version selection in archive command, fixes #4794 (#11230)
• 685ec29 Increase disk size warning to 100MB minimum, closes #11190
• 3534499 Add test covering edge case of composer repo format, closes #11206
• 8969f80 Update baseline (1739, 93)
• 2aa33aa Update PHPStan (#11222)
• 957e7a9 Merge pull request #11218 from localheinz/fix/patch
• ef7ba73 Add support for bumping >=x to >=latest, fixes #11179
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #515.