Bump composer/composer from 1.9.0 to 2.0.8

[dependabot-preview]

Bumps composer/composer from 1.9.0 to 2.0.8.

Release notes

Sourced from composer/composer's releases.

2.0.8

• Fixed packages with aliases not matching conflicts which match the alias
• Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
• Fixed curl error handling edge cases
• Fixed cached git repositories becoming stale by having a git gc applied to them periodically
• Fixed issue initializing plugins when using dev packages
• Fixed update --lock / mirrors failing to update in some edge cases
• Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

2.0.7

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
• Fixed root aliases not being present in lock file if not required by anything else
• Fixed remove command requiring a lock file to be present
• Fixed Composer\InstalledVersions to always contain up to date data during installation
• Fixed status command breaking on slow networks
• Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

2.0.6

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

2.0.5

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
• Improved platform-check handling of issue reporting
• Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed
• Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left)
• Fixed issues when curl functions are disabled
• Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present
• Fixed issues removing/upgrading packages from path repositories on Windows
• Fixed regression in 2.0.4 when handling of git@bitbucket.org URLs in vcs repositories
• Fixed issue running create-project in current directory on Windows

2.0.4

• Fixed check-platform-req command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages
• Fixed config & create-project adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to config to restore the old behavior in the unlikely case this is needed
• Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates
• Fixed Bitbucket API authentication issue

2.0.3

• Fixed bug in outdated command where dev packages with branch-aliases where always shown as being outdated
• Fixed issue in lock file interoperability with composer 1.x when using dev-master as xxx aliases
• Fixed new --locked option being missing from outdated command, for checking outdated packages directly from the lock file
• Fixed a few debug/error reporting strings

2.0.2

• Fixed regression handling composer show -s in projects where no version can be guessed from VCS
• Fixed regression handling partial updates/require when a lock file was missing
• Fixed interop issue with plugins that need to update dist URLs of packages, see docs if you need this

2.0.1

• Fixed crash on PHP8

Changelog

Sourced from composer/composer's changelog.

[2.0.8] 2020-12-03

• Fixed packages with aliases not matching conflicts which match the alias
• Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
• Fixed curl error handling edge cases
• Fixed cached git repositories becoming stale by having a git gc applied to them periodically
• Fixed issue initializing plugins when using dev packages
• Fixed update --lock / mirrors failing to update in some edge cases
• Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

[2.0.7] 2020-11-13

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
• Fixed root aliases not being present in lock file if not required by anything else
• Fixed remove command requiring a lock file to be present
• Fixed Composer\InstalledVersions to always contain up to date data during installation
• Fixed status command breaking on slow networks
• Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

[2.0.6] 2020-11-07

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

[2.0.5] 2020-11-06

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
• Improved platform-check handling of issue reporting
• Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed
• Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left)
• Fixed issues when curl functions are disabled
• Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present
• Fixed issues removing/upgrading packages from path repositories on Windows
• Fixed regression in 2.0.4 when handling of git@bitbucket.org URLs in vcs repositories
• Fixed issue running create-project in current directory on Windows

[2.0.4] 2020-10-30

• Fixed check-platform-req command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages
• Fixed config & create-project adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to config to restore the old behavior in the unlikely case this is needed
• Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates
• Fixed Bitbucket API authentication issue

[2.0.3] 2020-10-28

• Fixed bug in outdated command where dev packages with branch-aliases where always shown as being outdated
• Fixed issue in lock file interoperability with composer 1.x when using dev-master as xxx aliases
• Fixed new --locked option being missing from outdated command, for checking outdated packages directly from the lock file
• Fixed a few debug/error reporting strings

[2.0.2] 2020-10-25

Commits

• 62139b2 Release 2.0.8
• 40ea194 Update changelog
• 29f4c0b Merge branch '1.10'
• 3287379 Update changelog
• 8b71199 Update deps
• 7f3a56f Merge pull request #9360 from naderman/pool-builder-unlock-consider-all-const...
• 5a826ca Merge pull request #9537 from villfa/fix/binaries
• adf7beb Merge pull request #9532 from mvorisek/patch-2
• 4e8ca92 Fix error with binaries in PHP8
• db0656e Duplicate partial update unlock but keep old version test with provide keyword
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #92.