Skip to content

Bump composer/composer from 2.0.13 to 2.5.8 #522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump composer/composer from 2.0.13 to 2.5.8 #522

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Aug 28, 2023

Bumps composer/composer from 2.0.13 to 2.5.8.

Release notes

Sourced from composer/composer's releases.

2.5.8

  • Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495)
  • Fixed EventDispatcher on windows picking bat files when using @php binary (#11490)
  • Fixed ICU CDLR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492)
  • Fixed type declarations on ClassLoader (#11500)

2.5.7

  • Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)

2.5.6

  • BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
  • Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
  • Fixed lock file verification on install to deal better with replace/provide (#11475)
  • Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
  • Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
  • Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
  • Fixed support for plugin classes being marked as readonly (#11404)
  • Fixed getmypid being required as it is not always available (#11401)
  • Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)

2.5.5

  • Fixed basic auth failures resulting in infinite retry loop (#11320)
  • Fixed GitHub rate limit reporting (#11366)
  • Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304)
  • Fixed issue displaying solver problems with branch names containing % signs (#11359)
  • Fixed race condition in cache validity detection when running Composer highly concurrently (#11375)
  • Fixed various minor config command issues (#11353, #11302)

2.5.4

  • Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318)

2.5.3

  • Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)

2.5.2

  • Added warning when require auto-selects a feature branch as that is probably not desired (#11270)
  • Fixed self.version requirements reporting lock file integrity errors when changing branches (#11283)
  • Fixed require regression which broke the --fixed flag (#11247)
  • Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281)
  • Fixed autoloading regression on PHP 5.6 (#11285)
  • Fixed archive command including an existing archive into itself if run repeatedly (#11239)
  • Fixed dev package prompt in require not appearing in some conditions (#11287)

2.5.1

  • Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
  • Fixed preg type error in svn version guessing (#11231)

2.5.0

  • BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
  • Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.5.8] 2023-06-09

  • Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495)
  • Fixed EventDispatcher on windows picking bat files when using "@​php binary" (#11490)
  • Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492)
  • Fixed type declarations on ClassLoader (#11500)

[2.5.7] 2023-05-24

  • Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481)

[2.5.6] 2023-05-24

  • BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455)
  • Fixed metapackages showing their install path as the root package's path instead of empty (#11455)
  • Fixed lock file verification on install to deal better with replace/provide (#11475)
  • Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405)
  • Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08)
  • Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454)
  • Fixed support for plugin classes being marked as readonly (#11404)
  • Fixed getmypid being required as it is not always available (#11401)
  • Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)

[2.5.5] 2023-03-21

  • Fixed basic auth failures resulting in infinite retry loop (#11320)
  • Fixed GitHub rate limit reporting (#11366)
  • Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304)
  • Fixed issue displaying solver problems with branch names containing % signs (#11359)
  • Fixed race condition in cache validity detection when running Composer highly concurrently (#11375)
  • Fixed various minor config command issues (#11353, #11302)

[2.5.4] 2023-02-15

  • Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318)

[2.5.3] 2023-02-10

  • Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)

[2.5.2] 2023-02-04

  • Added warning when require auto-selects a feature branch as that is probably not desired (#11270)
  • Fixed self.version requirements reporting lock file integrity errors when changing branches (#11283)
  • Fixed require regression which broke the --fixed flag (#11247)
  • Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281)
  • Fixed autoloading regression on PHP 5.6 (#11285)
  • Fixed archive command including an existing archive into itself if run repeatedly (#11239)
  • Fixed dev package prompt in require not appearing in some conditions (#11287)

... (truncated)

Commits
  • 4c51614 Release 2.5.8
  • 3f385d4 Update types some more, refs #11500
  • 45368a5 Update types some more, refs #11500
  • c12b551 Update type declarations on ClassLoader, fixes #11482 (#11500)
  • 7f6de36 Fix typo
  • ff67cdf Ignore ICU CDLR version fetching when ICU cannot initialize the resource bund...
  • 3ae662f Fix EventDispatcher on windows picking bat files when using "@​php binary", fi...
  • 902a153 Fix regression in edge cases where root package gets added to a repository al...
  • 7d6c76e Reverting release version changes
  • d477018 Release 2.5.7
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump composer/composer from 2.0.13 to 2.5.8
379db0c 
Bumps [composer/composer](https://github.com/composer/composer) from 2.0.13 to 2.5.8.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/main/CHANGELOG.md)
- [Commits](composer/composer@2.0.13...2.5.8)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 28, 2023
@dependabot dependabot bot mentioned this pull request Aug 28, 2023
Closed
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Sep 1, 2023

Superseded by #523.

@dependabot dependabot bot closed this Sep 1, 2023
@dependabot dependabot bot deleted the dependabot/composer/composer/composer-2.5.8 branch September 1, 2023 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant