./devel/php-composer, Dependency Manager for PHP

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.1.11, Package name: php74-composer-2.1.11, Maintainer: tpaul

Composer is a tool for dependency management in PHP. It allows you to
declare the libraries your project depends on and it will manage
(install/update) them for you.


Required to run:
[textproc/php-json] [archivers/php-zip] [converters/php-mbstring]

Required to build:
[pkgtools/cwrappers]

Master sites:


Version history: (Expand)


CVS history: (Expand)


   2021-11-03 13:08:05 by Travis Paul | Files touched by this commit (2)
Log message:
php-composer: Update to 2.1.11

Upstream release notes:

2.1.11
 - Fixed issues in proxied binary files when using declare() on php <8 (#10249)
 - Fixed GitHub Actions output escaping issues (#10243)

2.1.10
 - Added type annotations to all classes, which may have an effect on
   CI/static analysis for people using Composer as a dependency (#10159)
 - Fixed CurlDownloader requesting gzip encoding even when no gzip support is
   present (#10153)
 - Fixed regression in 2.1.6 where the help command was not working for plugin
   commands (#10147)
 - Fixed warning showing when an invalid cache dir is configured but
   unused (#10125)
 - Fixed require command reverting changes even though dependency resolution
   succeeded when something fails in scripts for example (#10118)
 - Fixed require not finding the right package version when some newly
   required extension is missing from the system (#10167)
 - Fixed proxied binary file issues, now using output buffering (e1dbd65)
 - Fixed and improved error reporting in several edge cases
   (#9804, #10136, #10163, #10224, #10209)
 - Fixed some more Windows CLI parameter escaping edge cases
   2021-10-27 14:29:27 by Travis Paul | Files touched by this commit (2) | Package updated
Log message:
php-composer: Update to 2.1.9

Upstream release notes:

2.1.9
 - Security: Fixed command injection vulnerability on Windows
   (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
 - Fixed classmap parsing with a new class parser which does not rely on regexes
   anymore (#10107)
 - Fixed inline git credentials showing up in output in some conditions (#10115)
 - Fixed support for running updates while offline as long as the cache contains
   enough information (#10116)
 - Fixed show --all foo/bar which as of 2.0.0 was not showing all versions
   anymore but only the installed one (#10095)
 - Fixed VCS repos ignoring some versions silently when the API rate limit is
   reached (#10132)
 - Fixed CA bundle to remove the expired Let's Encrypt root CA

2.1.8
 - Fixed regression in 2.1.7 when parsing classmaps in files containing invalid
   Unicode (#10102)

2.1.7
 - Added many type annotations internally, which may have an effect on CI/static
   analysis for people using Composer as a dependency. This work will continue
   in following releases
 - Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
 - Fixed regression in 2.1.6 where list command was not showing plugin commands
   (#10075)
 - Fixed issue handling package updates where the package type changed (#10076)
 - Fixed docker being detected as WSL when run inside WSL (#10094)

2.1.6
 - Updated internal PHAR signatures to be SHA512 instead of SHA1
 - Fixed uncaught exception handler regression (#10022)
 - Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
 - Fixed corrupted zips in the cache from blocking installs until a cache clear,
   the bad archives are now deleted automatically on first failure (#10028)
 - Fixed URL sanitizer handling of new github tokens (#10048)
 - Fixed issue finding classes with very long heredocs in classmap autoload
   (#10050)
 - Fixed proc_open being required for simple installs from zip, as well as
   diagnose (#9253)
 - Fixed path repository bug causing symlinks to be left behind after a package
   is uninstalled (#10023)
 - Fixed issue in 7-zip support on windows with certain archives (#10058)
 - Fixed bootstrapping process to avoid loading the composer.json and plugins
   until necessary, speeding things up slightly (#10064)
 - Fixed lib-openssl detection on FreeBSD (#10046)
 - Fixed support for ircs:// protocol for support.irc composer.json entries
   2021-10-26 12:20:11 by Nia Alarie | Files touched by this commit (3016)
Log message:
archivers: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Could not be committed due to merge conflict:
devel/py-traitlets/distinfo

The following distfiles were unfetchable (note: some may be only fetched
conditionally):

./devel/pvs/distinfo pvs-3.2-solaris.tgz
./devel/eclipse/distinfo eclipse-sourceBuild-srcIncluded-3.0.1.zip
   2021-10-07 15:44:44 by Nia Alarie | Files touched by this commit (3017)
Log message:
devel: Remove SHA1 hashes for distfiles
   2021-08-12 23:47:53 by Travis Paul | Files touched by this commit (2)
Log message:
php-composer: Update to 2.1.5

For full list of upstream release notes please see:
  https://github.com/composer/composer/releases
   2021-05-24 08:41:51 by =?UTF-8?B?RnLDqWTDqXJpYyBGYXViZXJ0ZWF1?= | Files touched by this commit (2) | Package updated
Log message:
php-composer: Update to 2.0.14

Upstream release notes:
  - Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3
  - Fixed handling of inline-update-constraints with references or stability
    flags (#9847)
  - Fixed async processes erroring in an unclear way when they failed to start
    (#9808)
  - Fixed support for the upcoming Symfony 6.0 release when Composer is
    installed as a library (#9896)
  - Fixed progress output missing newlines on PowerShell, and disable progress
    output by default when CI env var is present (#9621)
  - Fixed support for Vagrant/VirtualBox filesystem slowness when installing
    binaries from packages (#9627)
  - Fixed type annotations for the InstalledVersions class
  - Deprecated InstalledVersions::getRawData in favor of
    InstalledVersions::getAllRawData (#9816)
   2021-04-27 22:53:23 by Travis Paul | Files touched by this commit (2) | Package updated
Log message:
php-composer: Update to 2.0.13

Upstream release notes:

 - Security: Fixed command injection vulnerability in HgDriver/HgDownloader and
   hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx /
   CVE-2021-29472)
 - Fixed install step at the end of the init command to take new dependencies
   into account correctly
 - Fixed update --lock listing updates which were not really happening (#9812)
 - Fixed support for --no-dev combined with --locked in outdated and show
   commands (#9788)
   2021-04-02 14:42:48 by Travis Paul | Files touched by this commit (2) | Package updated
Log message:
php-composer: Update to 2.0.12

Upstream release notes:
 - Fixed support for new GitHub OAuth token format (#9757)
 - Fixed support for Vagrant/VirtualBox filesystem slowness by adding short
   sleeps in some places (#9627)
 - Fixed unclear error reporting when a package is in the lock file but not in
   the remote repositories (#9750)
 - Fixed processes silently ignoring the CWD when it does not exist
 - Fixed new Windows bin handling to avoid proxying phar files (#9742)
 - Fixed issue extracting archives into paths that already exist, fixing
   problems with some custom installers (composer/installers#479)
 - Fixed support for branch names starting with master/trunk/default (#9739)
 - Fixed self-update to preserve phar file permissions on Windows (#9733)
 - Fixed detection of hg version when localized (#9753)
 - Fixed git execution failures to also include the stdout output (#9720)