Subject: CVS commit: pkgsrc/devel/php-composer
From: Travis Paul
Date: 2021-10-27 14:29:27
Message id:

Log Message:
php-composer: Update to 2.1.9

Upstream release notes:

 - Security: Fixed command injection vulnerability on Windows
   (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
 - Fixed classmap parsing with a new class parser which does not rely on regexes
   anymore (#10107)
 - Fixed inline git credentials showing up in output in some conditions (#10115)
 - Fixed support for running updates while offline as long as the cache contains
   enough information (#10116)
 - Fixed show --all foo/bar which as of 2.0.0 was not showing all versions
   anymore but only the installed one (#10095)
 - Fixed VCS repos ignoring some versions silently when the API rate limit is
   reached (#10132)
 - Fixed CA bundle to remove the expired Let's Encrypt root CA

 - Fixed regression in 2.1.7 when parsing classmaps in files containing invalid
   Unicode (#10102)

 - Added many type annotations internally, which may have an effect on CI/static
   analysis for people using Composer as a dependency. This work will continue
   in following releases
 - Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
 - Fixed regression in 2.1.6 where list command was not showing plugin commands
 - Fixed issue handling package updates where the package type changed (#10076)
 - Fixed docker being detected as WSL when run inside WSL (#10094)

 - Updated internal PHAR signatures to be SHA512 instead of SHA1
 - Fixed uncaught exception handler regression (#10022)
 - Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
 - Fixed corrupted zips in the cache from blocking installs until a cache clear,
   the bad archives are now deleted automatically on first failure (#10028)
 - Fixed URL sanitizer handling of new github tokens (#10048)
 - Fixed issue finding classes with very long heredocs in classmap autoload
 - Fixed proc_open being required for simple installs from zip, as well as
   diagnose (#9253)
 - Fixed path repository bug causing symlinks to be left behind after a package
   is uninstalled (#10023)
 - Fixed issue in 7-zip support on windows with certain archives (#10058)
 - Fixed bootstrapping process to avoid loading the composer.json and plugins
   until necessary, speeding things up slightly (#10064)
 - Fixed lib-openssl detection on FreeBSD (#10046)
 - Fixed support for ircs:// protocol for support.irc composer.json entries