Bump composer/composer from 1.4.2 to 1.7.3

[dependabot-preview]

Bumps composer/composer from 1.4.2 to 1.7.3.

Release notes

Sourced from composer/composer's releases.

1.7.3

• Fixed handling of replace/conflict rules. This may affect dependency resolution in some edge cases.
• Fixed Bitbucket API support and migrated all calls to API v2 as v1 is deprecated
• Fixed support for lib-openssl 1.1.1 having only lowercase algorithm names
• Fixed escaping of URLs in Perforce and Svn drivers
• Fixed show command not respecting --path when a single package name was given
• Fixed regression in 1.7.2's handling of metapackages

1.7.2

• Fixed reporting of authentication/rate limiting issues for GitHub API access
• Fixed create-project not checking the checking the latest commit out when a cache was already present
• Fixed reporting of errors when global command can not switch the working directory
• Fixed PHP 5.3 JSON encoding issues with complex unicode character sequences
• Updated to latest ca-bundle and xdebug-handler projects, see related changelogs

1.7.1

• Fixed issue autoloading plugins in require-dev in some conditions
• Fixed handling of SSL to repo.packagist.org on very old PHP versions

1.7.0

• Changed default repository URL from packagist.org to repo.packagist.org, this might affect people with strict firewall rules
• Changed output from Updating to Downgrading when performing package downgrades, this might affect anything parsing output
• Several minor performance improvements
• Added the overridden platform config's PHP version in the diagnose command output
• Added basic authentication support for mercurial repos
• Added explicit i and u aliases for the install and update commands
• Added support for show command to output json format with --tree
• Added support for {glob,braces} support in the path repository's path argument
• Added support in status command for showing diffs in vendor dir even for packages installed as dist/zip archives
• Added --remove-vcs flag to create-project command to avoid prompting for keeping VCS files
• Added --no-secure-http flag to create-project command to bypass https (use at your own risk)
• Added pre-command-run event that lets plugins modify arguments
• Added RemoteFilesystem::getRemoteContents extension point
• Fixed setting scripts via config command
• Fixed --no-plugins not being respected in a few commands

1.7.0-RC

Run composer self-update --preview to try this out!

• Changed default repository URL from packagist.org to repo.packagist.org, this might affect people with strict firewall rules
• Changed output from Updating to Downgrading when performing package downgrades, this might affect anything parsing output
• Several minor performance improvements
• Added basic authentication support for mercurial repos
• Added explicit i and u aliases for the install and update commands
• Added support for show command to output json format with --tree
• Added support for {glob,braces} support in the path repository's path argument
• Added support in status command for showing diffs in vendor dir even for packages installed as dist/zip archives
• Added --remove-vcs flag to create-project command to avoid prompting for keeping VCS files
• Added --no-secure-http flag to create-project command to bypass https (use at your own risk)
• Added pre-command-run event that lets plugins modify arguments

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[1.7.3] 2018-11-01

• Fixed handling of replace/conflict rules. This may affect dependency resolution in some edge cases.
• Fixed Bitbucket API support and migrated all calls to API v2 as v1 is deprecated
• Fixed support for lib-openssl 1.1.1 having only lowercase algorithm names
• Fixed escaping of URLs in Perforce and Svn drivers
• Fixed show command not respecting --path when a single package name was given
• Fixed regression in 1.7.2's handling of metapackages

[1.7.2] 2018-08-16

• Fixed reporting of authentication/rate limiting issues for GitHub API access
• Fixed create-project not checking the checking the latest commit out when a cache was already present
• Fixed reporting of errors when global command can not switch the working directory
• Fixed PHP 5.3 JSON encoding issues with complex unicode character sequences
• Updated to latest ca-bundle and xdebug-handler projects, see related changelogs

[1.7.1] 2018-08-07

• Fixed issue autoloading plugins in require-dev in some conditions
• Fixed handling of SSL to repo.packagist.org on very old PHP versions

[1.7.0] 2018-08-03

• Added the overridden platform config's PHP version in the diagnose command output
• Fixed --no-plugins not being respected in a few commands
• Fixed 1.7.0-RC regression in output showing instead of proper colors
• Fixed 1.7.0-RC regression in output missing "Loading from cache" output on package install

[1.7.0-RC] 2018-07-24

• Changed default repository URL from packagist.org to repo.packagist.org, this might affect people with strict firewall rules
• Changed output from Updating to Downgrading when performing package downgrades, this might affect anything parsing output
• Several minor performance improvements
• Added basic authentication support for mercurial repos
• Added explicit i and u aliases for the install and update commands
• Added support for show command to output json format with --tree
• Added support for {glob,braces} support in the path repository's path argument
• Added support in status command for showing diffs in vendor dir even for packages installed as dist/zip archives
• Added --remove-vcs flag to create-project command to avoid prompting for keeping VCS files
• Added --no-secure-http flag to create-project command to bypass https (use at your own risk)
• Added pre-command-run event that lets plugins modify arguments
• Added RemoteFilesystem::getRemoteContents extension point
• Fixed setting scripts via config command

[1.6.5] 2018-05-04

• Fixed regression in 1.6.4 causing strange update behaviors with dev packages
• Fixed regression in 1.6.4 color support detection for Windows
• Fixed issues dealing with broken symlinks when switching branches and using path repositories

... (truncated)

Commits

• e965b9a Release 1.7.3
• 49a6c56 Update changelog
• 42dca2a Remove weird binary file from repo
• 1898ad1 Make sure we chdir back in case update dir is relative, refs #7519
• a515633 Warning about the UNIX permissions lost if unzip command is not installed.
• 3c543b2 Report "same as actual" version if override package matches actual
• 41458c7 Don't call Symfony ProcessUtils::escapeArgument
• 38a63ba Only show path for installed packages, refs #7698
• f72e231 Ran php-cs-fixer
• 77457ca Show command respects --path flag
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.