Bump composer/composer from 2.5.8 to 2.6.2

[dependabot]

Bumps composer/composer from 2.5.8 to 2.6.2.

Release notes

Sourced from composer/composer's releases.

2.6.2

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

2.6.1

• Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612)

2.6.0

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
• Added rm alias to the remove command (#11367)
• Added runtime platform check to verify the php-64bit requirement is met (#11334)
• Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
• Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
• Added support for bumping patch level in ~1.2.3 constraints (#11590)
• Added prompt in require if the package name is not found but similar ones exist (#11284)
• Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
• Added support for local directory paths for repositories of type composer (#11526)
• Added links to package homepages in why/why-not command output (#11308)
• Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
• Added support for gathering security advisories from multiple repositories for a single package (#11436)
• Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362)
• Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2)
• Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1)
• Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
• Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
• Fixed json editing to preserve indentation when updating json files (#11390)
• Fixed handling of broken junctions on windows (#11550)
• Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
• Fixed svn repo parsing in some edge cases (#11350)
• Fixed handling of archive URLs without file extension (#11520)
• Performance improvement in pool optimization step (#11449, #11450)

Changelog

Sourced from composer/composer's changelog.

[2.6.2] 2023-09-03

• Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617)
• Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616)
• Fixed create-project infinite post-install loop in some circumstances (#11613)

[2.6.1] 2023-09-01

• Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612)

[2.6.0] 2023-09-01

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605)
• Added rm alias to the remove command (#11367)
• Added runtime platform check to verify the php-64bit requirement is met (#11334)
• Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418)
• Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608)
• Added support for bumping patch level in ~1.2.3 constraints (#11590)
• Added prompt in require if the package name is not found but similar ones exist (#11284)
• Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453)
• Added support for local directory paths for repositories of type composer (#11526)
• Added links to package homepages in why/why-not command output (#11308)
• Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271)
• Added support for gathering security advisories from multiple repositories for a single package (#11436)
• Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362)
• Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2)
• Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1)
• Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593)
• Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493)
• Fixed json editing to preserve indentation when updating json files (#11390)
• Fixed handling of broken junctions on windows (#11550)
• Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534)
• Fixed svn repo parsing in some edge cases (#11350)
• Fixed handling of archive URLs without file extension (#11520)
• Performance improvement in pool optimization step (#11449, #11450)

Commits

• 623e5e1 Release 2.6.2
• 3033c0f Update changelog
• 40244dc Revert "Set $_SERVER['SCRIPT_NAME'] within proxy command (#11562)" (#11617)
• 98a588e Avoid COMPOSER env being set if not necessary as it can cause issues with scr...
• 90cbb14 Fix exit code 5 on composer require/create-project command (#11616)
• d221d5c Reverting release version changes
• ee851d6 Release 2.6.1
• b4617c9 Update changelog
• 5fae76c Revert "Allow executing binaries which are not marked executable via shell pr...
• 9ab8ef5 Reverting release version changes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)