Path to this page:
Subject: CVS commit: pkgsrc/devel/php-composer
From: Travis Paul
Date: 2021-10-27 14:29:27
Message id: 20211027122927.9F262FA97@cvs.NetBSD.org
Log Message:
php-composer: Update to 2.1.9
Upstream release notes:
2.1.9
- Security: Fixed command injection vulnerability on Windows
(GHSA-frqg-7g38-6gcf / CVE-2021-41116)
- Fixed classmap parsing with a new class parser which does not rely on regexes
anymore (#10107)
- Fixed inline git credentials showing up in output in some conditions (#10115)
- Fixed support for running updates while offline as long as the cache contains
enough information (#10116)
- Fixed show --all foo/bar which as of 2.0.0 was not showing all versions
anymore but only the installed one (#10095)
- Fixed VCS repos ignoring some versions silently when the API rate limit is
reached (#10132)
- Fixed CA bundle to remove the expired Let's Encrypt root CA
2.1.8
- Fixed regression in 2.1.7 when parsing classmaps in files containing invalid
Unicode (#10102)
2.1.7
- Added many type annotations internally, which may have an effect on CI/static
analysis for people using Composer as a dependency. This work will continue
in following releases
- Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
- Fixed regression in 2.1.6 where list command was not showing plugin commands
(#10075)
- Fixed issue handling package updates where the package type changed (#10076)
- Fixed docker being detected as WSL when run inside WSL (#10094)
2.1.6
- Updated internal PHAR signatures to be SHA512 instead of SHA1
- Fixed uncaught exception handler regression (#10022)
- Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
- Fixed corrupted zips in the cache from blocking installs until a cache clear,
the bad archives are now deleted automatically on first failure (#10028)
- Fixed URL sanitizer handling of new github tokens (#10048)
- Fixed issue finding classes with very long heredocs in classmap autoload
(#10050)
- Fixed proc_open being required for simple installs from zip, as well as
diagnose (#9253)
- Fixed path repository bug causing symlinks to be left behind after a package
is uninstalled (#10023)
- Fixed issue in 7-zip support on windows with certain archives (#10058)
- Fixed bootstrapping process to avoid loading the composer.json and plugins
until necessary, speeding things up slightly (#10064)
- Fixed lib-openssl detection on FreeBSD (#10046)
- Fixed support for ircs:// protocol for support.irc composer.json entries
Files: