Bump composer/composer from 2.0.13 to 2.2.4

[dependabot]

Bumps composer/composer from 2.0.13 to 2.2.4.

Release notes

Sourced from composer/composer's releases.

2.2.4

• Fixed handling of process timeout when running async processes during installation
• Fixed GitLab API handling when projects have a repository disabled (#10440)
• Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#10434)
• Fixed partial update issues with path repos missing if a path repo is required by a path repo (#10431)
• Fixed support for sourcing binaries via the new bin proxies (#10389)
• Fixed messaging when GitHub tokens need SSO authorization (#10432)

2.2.3

• Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387)
• Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#10401)
• Fixed binary proxies for shell scripts to work correctly when they are symlinked (Fix builds jakzal/phpqa#336)
• Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#10405)

2.2.2

• Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402)
• Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#10387)
• Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#10404)
• Fixed UX of plugin warnings (#10381)

2.2.1

• Fixed plugin autoloading including files autoload rules from the root package (#10382)
• Fixed issue parsing php files with unterminated comments found inside backticks (#10385)

2.2.0

Read the Composer 2.2 Release Announcement for more details on the release highlights.

Complete Changelog

• Bumped composer-runtime-api and composer-plugin-api to 2.2.0
• UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
• Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
• Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
• Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
• Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
• Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
• Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
• Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
• Added a --source flag to config command to show where config values are loaded from (#10129)
• Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
• Added retry behavior on certain http status and curl error codes (#10162)
• Added abandoned flag display in search command output
• Added support for --ignore-platform-reqs in outdated command (#10293)
• Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336)
• Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262)
• Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
• Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
• Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309)
• Fixed unlocking of replacers when a replaced package is unlocked (#10280)
• Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.2.4] 2022-01-08

• Fixed handling of process timeout when running async processes during installation
• Fixed GitLab API handling when projects have a repository disabled (#10440)
• Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#10434)
• Fixed partial update issues with path repos missing if a path repo is required by a path repo (#10431)
• Fixed support for sourcing binaries via the new bin proxies (#10389)
• Fixed messaging when GitHub tokens need SSO authorization (#10432)

[2.2.3] 2021-12-31

• Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387)
• Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#10401)
• Fixed binary proxies for shell scripts to work correctly when they are symlinked (Fix builds jakzal/phpqa#336)
• Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#10405)

[2.2.2] 2021-12-29

• Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402)
• Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#10387)
• Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#10404)
• Fixed UX of plugin warnings (#10381)

[2.2.1] 2021-12-22

• Fixed plugin autoloading including files autoload rules from the root package (#10382)
• Fixed issue parsing php files with unterminated comments found inside backticks (#10385)

[2.2.0] 2021-12-22

• Added support for using dev-main as the default path repo package version if no VCS info is available (#10372)
• Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371)
• Fixed self-update failing in some edge cases due to loading plugins (#10371)
• Fixed display of conflicts showing the wrong package name in some conditions (#10355)

[2.2.0-RC1] 2021-12-08

• Bumped composer-runtime-api and composer-plugin-api to 2.2.0
• UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314)
• Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, #9620)
• Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137)
• Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083)
• Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318)
• Added support for setting platform packages to false in config.platform to disable/hide them (#10308)
• Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307)
• Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313)
• Added a --source flag to config command to show where config values are loaded from (#10129)
• Added support for files autoloaders in the runtime scripts/plugins contexts (#10065)
• Added retry behavior on certain http status and curl error codes (#10162)
• Added abandoned flag display in search command output

... (truncated)

Commits

• 8a5ad75 Release 2.2.4
• d468815 Update changelog
• 93d4c8e Fix #10366: Improve messaging when GitHub tokens need SSO authorization (#10432)
• 24b62a1 Add support for sourcing binaries despite the bin proxy being present, take 2
• 6dea58c Add support for sourcing binaries despite the bin proxy being present
• d961998 Workaround PHP bug properly as getenv() without arg also returns mangled valu...
• 9305dea Only run getenv workaround on PHP 7.1.13+
• 641ad10 Fix partial update where path repos are being auto-unlocked two levels deep n...
• 64d39a9 Fix phpstan error
• 0b436de Fix last bit phpstan error
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #485.