Log message:
php-composer: Update to 2.2.18

Upstream release notes:

- Fixed COMPOSER_NO_DEV so it also works with require and remove's
  --update-no-dev (#10995)
- Fixed duplicate missing extension warnings being displayed (#10938)
- Fixed hg version detection (#10955)
- Fixed git cache invalidation issue when a git tag gets created after the
  cache has loaded a given reference (#11004)

Log message:
php-composer: Update to 2.2.17

Upstream release notes:

2.2.17
PSA: If you are seeing issues running non-interactive create-project with a
project that does not configure allow-plugins, see the top post of #10928 for
a workaround.
- Fixed plugins from CWD/vendor being loaded in some cases like create-project
  or validate even though the target directory is outside of CWD (#10935)
- Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which
  will not warn/error anymore if not in allow-plugins, as they are anyway not
  loaded (#10928)
- Fixed pre-install check for allowed plugins not taking --no-plugins into
  account (#10925)
- Fixed support for disable_functions containing disk_free_space (#10936)
- Fixed RootPackageRepository usages to always clone the root package to avoid
  interoperability issues with plugins (#10940)

2.2.16
- Fixed non-interactive behavior of allow-plugins to throw instead of continue
  with a warning to avoid broken installs (#10920)
- Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be
  installed with only a warning but plugins fully loaded (#10920)
- Fixed deprecation notice (#10921)

2.2.15
- Fixed support for cache-read-only where the filesystem is not writable
  (#10906)
- Fixed type error when using allow-plugins: true (#10909)
- Fixed @putenv scripts receiving arguments passed to the command (#10846)
- Fixed support for spaces in paths with binary proxies on Windows (#10836)
- Fixed type error in GitDownloader if branches cannot be listed (#10888)
- Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)

Log message:
php-composer: Update to 2.2.12

Upstream Release Notes:

2.2.14
- Fixed handling of broken symlinks when checking whether a package is still
  installed (#6708)
- Fixed name validation regex in schema causing issues with JS IDEs like VS
  Code (#10811)
- Fixed bin proxies to allow a proxy to include another one safely (#10823)
- Fixed gitlab-token JSON schema definition (#10800)
- Fixed openssl 3.x version parsing as it is now semver compliant
- Fixed type error when a json file cannot be read (#10818)
- Fixed parsing of multi-line arrays in funding.yml (#10784)

2.2.13
- Fixed invalid credentials loop when setting up GitLab token (#10748)
- Fixed PHP 8.2 deprecations (#10766)
- Fixed lock file changes being output even when the lock file creation is
  disabled
- Fixed race condition when multiple requests asking for auth on the same
  hostname fired concurrently (#10763)
- Fixed quoting of commas on Windows (#10775)
- Fixed issue installing path repos with a disabled symlink function (#10786)

Log message:
php-composer: Update to 2.2.12

Upstream release notes:

2.2.12
 - Security: Fixed command injection vulnerability in HgDriver/GitDriver
   (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
 - Fixed curl downloader not retrying when a DNS resolution failure occurs
   (#10716)
 - Fixed composer.lock file still being used/read when the lock config option
   is disabled (#10726)
 - Fixed validate command checking the lock file even if the lock option is
   disabled (#10723)

2.2.11
 - Added missing config.bitbucket-oauth in composer-schema.json
 - Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS
   range (#10682)
 - Updated semver, jsonlint deps for minor fixes
 - Fixed generation of autoload crashing if a package has a broken path
   (#10688)
 - Removed dev-master=>dev-main alias from #10372 as it does not work when
   reloading from lock file and extracting dev deps (#10651)

2.2.10
 - Fixed Bitbucket authorization detection due to API changes (#10657)
 - Fixed validate command warning about dist/source keys if defined (#10655)
 - Fixed deletion/handling of corrupted 0-bytes zip archives (#10666)

2.2.9
 - Fixed regression with plugins that modify install path of packages, see docs
   if you are authoring such a plugin (#10621)

2.2.8
 - Fixed files autoloading sort order to be fully deterministic (#10617)
 - Fixed pool optimization pass edge cases (#10579)
 - Fixed require command failing when self.version is used as constraint
   (#10593)
 - Fixed --no-ansi / undecorated output still showing color in repo warnings
   (#10601)
 - Performance improvement in pool optimization step (composer/semver#131)

2.2.7
 - Allow installation together with composer/xdebug-handler ^3 (#10528)
 - Fixed support for packages with no licenses in licenses command output
   (#10537)
 - Fixed handling of allow-plugins: false which kept warning (#10530)
 - Fixed enum parsing in classmap generation when the enum keyword is not
   lowercased (#10521)
 - Fixed author parsing in init command requiring an email whereas the schema
   allows a name only (#10538)
 - Fixed issues in require command when requiring packages which do not exist
   (but are provided by something else you require) (#10541)
 - Performance improvement in pool optimization step (#10546)

Log message:
php-composer: Update to 2.2.6

Upstream release notes:
  2.2.6: https://github.com/composer/composer/releases/tag/2.2.6
  2.2.5: https://github.com/composer/composer/releases/tag/2.2.5
  2.2.4: https://github.com/composer/composer/releases/tag/2.2.4
  2.2.3: https://github.com/composer/composer/releases/tag/2.2.3
  2.2.2: https://github.com/composer/composer/releases/tag/2.2.2
  2.2.1: https://github.com/composer/composer/releases/tag/2.2.1
  2.2.0: https://github.com/composer/composer/releases/tag/2.2.0

Log message:
php-composer: Update to 2.1.14

Upstream release notes:

2.1.14
 - Fixed invalid release build (2.1.13 was deleted as invalid)
 - Removed symfony/console ^6 support as we cannot be compatible until Composer
   2.3.0 is released. If you have issues with Composer required as a dependency
   + Symfony make sure you stay on Symfony 5.4 for now. (#10321)

2.1.12
 - Fixed issues in proxied binary files relying on __FILE__ / __DIR__ on
   php <8 (#10261)
 - Fixed 9999999-dev being shown in some cases by the show command (#10260)
 - Fixed GitHub Actions output escaping regression on PHP 8.1 (#10250)

Log message:
php-composer: Update to 2.1.11

Upstream release notes:

2.1.11
 - Fixed issues in proxied binary files when using declare() on php <8 (#10249)
 - Fixed GitHub Actions output escaping issues (#10243)

2.1.10
 - Added type annotations to all classes, which may have an effect on
   CI/static analysis for people using Composer as a dependency (#10159)
 - Fixed CurlDownloader requesting gzip encoding even when no gzip support is
   present (#10153)
 - Fixed regression in 2.1.6 where the help command was not working for plugin
   commands (#10147)
 - Fixed warning showing when an invalid cache dir is configured but
   unused (#10125)
 - Fixed require command reverting changes even though dependency resolution
   succeeded when something fails in scripts for example (#10118)
 - Fixed require not finding the right package version when some newly
   required extension is missing from the system (#10167)
 - Fixed proxied binary file issues, now using output buffering (e1dbd65)
 - Fixed and improved error reporting in several edge cases
   (#9804, #10136, #10163, #10224, #10209)
 - Fixed some more Windows CLI parameter escaping edge cases

Log message:
php-composer: Update to 2.1.9

Upstream release notes:

2.1.9
 - Security: Fixed command injection vulnerability on Windows
   (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
 - Fixed classmap parsing with a new class parser which does not rely on regexes
   anymore (#10107)
 - Fixed inline git credentials showing up in output in some conditions (#10115)
 - Fixed support for running updates while offline as long as the cache contains
   enough information (#10116)
 - Fixed show --all foo/bar which as of 2.0.0 was not showing all versions
   anymore but only the installed one (#10095)
 - Fixed VCS repos ignoring some versions silently when the API rate limit is
   reached (#10132)
 - Fixed CA bundle to remove the expired Let's Encrypt root CA

2.1.8
 - Fixed regression in 2.1.7 when parsing classmaps in files containing invalid
   Unicode (#10102)

2.1.7
 - Added many type annotations internally, which may have an effect on CI/static
   analysis for people using Composer as a dependency. This work will continue
   in following releases
 - Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
 - Fixed regression in 2.1.6 where list command was not showing plugin commands
   (#10075)
 - Fixed issue handling package updates where the package type changed (#10076)
 - Fixed docker being detected as WSL when run inside WSL (#10094)

2.1.6
 - Updated internal PHAR signatures to be SHA512 instead of SHA1
 - Fixed uncaught exception handler regression (#10022)
 - Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
 - Fixed corrupted zips in the cache from blocking installs until a cache clear,
   the bad archives are now deleted automatically on first failure (#10028)
 - Fixed URL sanitizer handling of new github tokens (#10048)
 - Fixed issue finding classes with very long heredocs in classmap autoload
   (#10050)
 - Fixed proc_open being required for simple installs from zip, as well as
   diagnose (#9253)
 - Fixed path repository bug causing symlinks to be left behind after a package
   is uninstalled (#10023)
 - Fixed issue in 7-zip support on windows with certain archives (#10058)
 - Fixed bootstrapping process to avoid loading the composer.json and plugins
   until necessary, speeding things up slightly (#10064)
 - Fixed lib-openssl detection on FreeBSD (#10046)
 - Fixed support for ircs:// protocol for support.irc composer.json entries