Skip to content

Bump composer/composer from 1.9.3 to 1.10.4 #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 9, 2020
Merged

Bump composer/composer from 1.9.3 to 1.10.4 #39

merged 1 commit into from
Apr 9, 2020

Conversation

dependabot-preview[bot]
Copy link
Contributor

Bumps composer/composer from 1.9.3 to 1.10.4.

Release notes

Sourced from composer/composer's releases.

1.10.4

  • Fixed 1.10.2 regression in path symlinking with absolute path repos

1.10.3

  • Fixed invalid --2 flag warning in self-update when no channel is requested

1.10.2

  • Added --1 flag to self-update command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released
  • Fixed path repository symlinks being made relative when the repo url is defined as absolute paths
  • Fixed potential issues when using "composer ..." in scripts and composer/composer was also required in the project
  • Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs
  • Fixed handling of malformed info in fund command
  • Fixed Symfony5 compatibility issues in a few commands

1.10.1

  • Fixed path repository warning on empty path when using wildcards
  • Fixed superfluous warnings when generating optimized autoloaders

1.10.0

  • Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
  • Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
  • Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
  • Added composer fund command to show funding info of your dependencies. Read more
  • Added bearer auth config to authenticate using Authorization: Bearer <token> headers
  • Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file
  • Added support for --format=json output for show command when showing a single package
  • Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text
  • Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist
  • Added @putenv script handler to set environment variables from composer.json for following scripts
  • Added lock option that can be set to false, in which case no composer.lock file will be generated
  • Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed
  • Fixed issue where --no-dev autoload generation was excluding some packages which should not have been excluded
  • Added support for IPv6 addresses in NO_PROXY
  • Added package homepage display in the show command
  • Added debug info about HTTP authentications
  • Added Symfony 5 compatibility
  • Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement
  • Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/
  • Fixed archive command to persist file permissions inside the zip files
  • Fixed init/require command to avoid suggesting packages which are already selected in the search results
  • Fixed create-project UX issues
  • Fixed filemtime for vendor/composer/* files is now only changing when the files actually change
  • Fixed issues detecting docker environment with an active open_basedir

1.10.0-RC

  • Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
  • Deprecated: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
  • Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
  • Added composer fund command to show funding info of your dependencies
  • Added support for --format=json output for show command when showing a single package
... (truncated)
Changelog

Sourced from composer/composer's changelog.

[1.10.4] 2020-04-09

  • Fixed 1.10.2 regression in path symlinking with absolute path repos

[1.10.3] 2020-04-09

  • Fixed invalid --2 flag warning in self-update when no channel is requested

[1.10.2] 2020-04-09

  • Added --1 flag to self-update command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released
  • Fixed path repository symlinks being made relative when the repo url is defined as absolute paths
  • Fixed potential issues when using "composer ..." in scripts and composer/composer was also required in the project
  • Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs
  • Fixed handling of malformed info in fund command
  • Fixed Symfony5 compatibility issues in a few commands

[1.10.1] 2020-03-13

  • Fixed path repository warning on empty path when using wildcards
  • Fixed superfluous warnings when generating optimized autoloaders

[1.10.0] 2020-03-10

  • Added bearer auth config to authenticate using Authorization: Bearer <token> headers
  • Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file
  • Fixed composer fund command and funding info parsing to be more useful
  • Fixed issue where --no-dev autoload generation was excluding some packages which should not have been excluded
  • Fixed 1.10-RC regression in create project's handling of absolute paths

[1.10.0-RC] 2020-02-14

  • Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
  • Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
  • Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
  • Added composer fund command to show funding info of your dependencies
  • Added support for --format=json output for show command when showing a single package
  • Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text
  • Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist
  • Added @putenv script handler to set environment variables from composer.json for following scripts
  • Added lock option that can be set to false, in which case no composer.lock file will be generated
  • Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed
  • Added support for IPv6 addresses in NO_PROXY
  • Added package homepage display in the show command
  • Added debug info about HTTP authentications
  • Added Symfony 5 compatibility
  • Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement
  • Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/
  • Fixed archive command to persist file permissions inside the zip files
  • Fixed init/require command to avoid suggesting packages which are already selected in the search results
... (truncated)
Commits
  • 1efa685 Release 1.10.4
  • eb314c5 Update changelog
  • e121de3 Fix variable used for symlinking absolute paths, refs #8700
  • 0001635 Update changelog
  • f70b3b0 Avoid warning about --2 usage when no channel is requested
  • a4cd422 Update changelog
  • b79f2b5 Make sure scripts calling composer call the correct composer binary even if t...
  • ccc8829 Allow forcing self-update to stick to 1.x or 2.x using --1 and --2 flags, fix...
  • 067101d Only send GitHub API token to api.github.com domain (#8747)
  • 46db638 fix typo
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview
Bump composer/composer from 1.9.3 to 1.10.4
d4f6a65 
Bumps [composer/composer](https://github.com/composer/composer) from 1.9.3 to 1.10.4.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/master/CHANGELOG.md)
- [Commits](composer/composer@1.9.3...1.10.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
@dependabot-preview dependabot-preview bot mentioned this pull request Apr 9, 2020
Closed
@dependabot-preview dependabot-preview bot merged commit c544e92 into master Apr 9, 2020
@dependabot-preview dependabot-preview bot deleted the dependabot/composer/composer/composer-1.10.4 branch April 9, 2020 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants