Bump composer/composer from 1.9.0 to 2.0.6

[dependabot-preview]

Bumps composer/composer from 1.9.0 to 2.0.6.

Release notes

Sourced from composer/composer's releases.

2.0.6

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

2.0.5

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
• Improved platform-check handling of issue reporting
• Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed
• Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left)
• Fixed issues when curl functions are disabled
• Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present
• Fixed issues removing/upgrading packages from path repositories on Windows
• Fixed regression in 2.0.4 when handling of git@bitbucket.org URLs in vcs repositories
• Fixed issue running create-project in current directory on Windows

2.0.4

• Fixed check-platform-req command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages
• Fixed config & create-project adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to config to restore the old behavior in the unlikely case this is needed
• Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates
• Fixed Bitbucket API authentication issue

2.0.3

• Fixed bug in outdated command where dev packages with branch-aliases where always shown as being outdated
• Fixed issue in lock file interoperability with composer 1.x when using dev-master as xxx aliases
• Fixed new --locked option being missing from outdated command, for checking outdated packages directly from the lock file
• Fixed a few debug/error reporting strings

2.0.2

• Fixed regression handling composer show -s in projects where no version can be guessed from VCS
• Fixed regression handling partial updates/require when a lock file was missing
• Fixed interop issue with plugins that need to update dist URLs of packages, see docs if you need this

2.0.1

• Fixed crash on PHP8

2.0.0

Read the Composer 2.0 announcement first for the highlights!

Complete 2.0 Changelog

• Breaking: This is a major release and while we tried to keep things compatible for most users, you might want to have a look at the UPGRADE guides
• Many CPU and memory performance improvements
• The update command is now much more deterministic as it does not take the already installed packages into account
• Package installation now performs all network operations first before doing any changes on disk, to reduce the chances of ending up with a partially updated vendor dir
• Partial updates and require/remove are now much faster as they only load the metadata required for the updated packages
• Added a platform-check step when vendor/autoload.php gets initialized which checks the current PHP version/extensions match what is expected and fails hard otherwise. Can be disabled with the platform-check config option
• Added a Composer\InstalledVersions class which is autoloaded in every project and lets you check which packages/versions are present at runtime
• Added a composer-runtime-api virtual package which you can require (as e.g. ^2.0) to ensure things like the InstalledVersions class above are present. It will effectively force people to use Composer 2.x to install your project
• Added support for parallel downloads of package metadata and zip files, this requires that the curl extension is present and we thus strongly recommend enabling curl
• Added parallel installation of packages (requires OSX/Linux/WSL, and that unzip is present in PATH)

Changelog

Sourced from composer/composer's changelog.

[2.0.6] 2020-11-07

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

[2.0.5] 2020-11-06

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
• Improved platform-check handling of issue reporting
• Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed
• Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left)
• Fixed issues when curl functions are disabled
• Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present
• Fixed issues removing/upgrading packages from path repositories on Windows
• Fixed regression in 2.0.4 when handling of git@bitbucket.org URLs in vcs repositories
• Fixed issue running create-project in current directory on Windows

[2.0.4] 2020-10-30

• Fixed check-platform-req command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages
• Fixed config & create-project adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to config to restore the old behavior in the unlikely case this is needed
• Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates
• Fixed Bitbucket API authentication issue

[2.0.3] 2020-10-28

• Fixed bug in outdated command where dev packages with branch-aliases where always shown as being outdated
• Fixed issue in lock file interoperability with composer 1.x when using dev-master as xxx aliases
• Fixed new --locked option being missing from outdated command, for checking outdated packages directly from the lock file
• Fixed a few debug/error reporting strings

[2.0.2] 2020-10-25

• Fixed regression handling composer show -s in projects where no version can be guessed from VCS
• Fixed regression handling partial updates/require when a lock file was missing
• Fixed interop issue with plugins that need to update dist URLs of packages, see docs if you need this

[2.0.1] 2020-10-24

• Fixed crash on PHP8

[2.0.0] 2020-10-24

• Fixed proxy handling issues when combined with our new curl-based downloader
• Fixed solver bug resulting in endless loops in some cases
• Fixed solver output being extremely long due to learnt rules
• Fixed solver bug with multi literals
• Fixed a couple minor regressions

[2.0.0-RC2] 2020-10-14

Commits

• d5789bd Release 2.0.6
• 86f0c10 Update changelog
• c362d00 Fix regression handling installs with custom installers not passing a fully q...
• 3e9cb5e Update changelog for 2.0.5
• f31564e Fix check-platform-reqs --no-dev to not require lock anymore
• 2a8cc06 Merge pull request #9426 from UrGuardian4ngel/bugfix/add-missing-directory-se...
• 611a9f5 Drop unused imports
• c35a8e7 Fix missing directory separator in FileDownloader
• 3f68999 Avoid using curl when it has been disabled, fixes #9423
• 4b8e77b Merge pull request #9422 from kdambekalns/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #84.