php-composer2-2.6.4-150600.3.3.1<>,fl+Gp9|M$$}*nf ܮlm#4;Im"p8ͽ_B(~>y7v@L7@~@s;E"֝u&7!A9SA˯O eӲhti.z{$gѿ3Z((*.t\`x0ZC;=KTR)hyJOİe3BޟmKw0LE6Ic -q|Wߢʘc10ؔ^S8>E?d # A $=CJ " , @  *Th(89|:I>@BFGH,I@XHYXZ[\]^b'cdXe]f`lbutvw`xtyzCphp-composer22.6.4150600.3.3.1Dependency Management for PHPComposer is a dependency manager tracking local dependencies of your projects and libraries.fl+Gh04-ch1d+SUSE Linux Enterprise 15SUSE LLC MIThttps://www.suse.com/Development/Libraries/Otherhttps://getcomposer.org/linuxnoarchupdate-alternatives --install \ /usr/bin/composer composer /usr/bin/composer2 2if [ ! -f /usr/bin/composer2 ] ; then update-alternatives --remove composer /usr/bin/composer2 fi+,A큤fl+Gfl+Gfl+Gfl+Gfl+Gbd2df3dc5375d03fd4d870aa88afa8d03eb0edad89066503ec3a4e2ead151abb7855ac293067aebe7e51afdd23b9dea54b8be24187dbecc9b9142581c37f596c/etc/alternatives/composer@rootrootrootrootrootrootrootrootrootrootphp-composer2-2.6.4-150600.3.3.1.src.rpmcomposerphp-composerphp-composer2php7-composer@     /bin/sh/bin/sh/usr/bin/envphpphp-curlphp-jsonphp-mbstringphp-opensslphp-pharphp-zipphp-zlibrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)update-alternativesupdate-alternatives7.2.53.0.4-14.6.0-14.0-15.2-14.14.3fl0fh<@ed\@d@c@cHc;@c@cgc0BbҨ@b3@bbbs@bI@bbb aaaa@aD@aA@`@`@_hpgajdos@suse.compgajdos@suse.compgajdos@suse.comish@hacklog.ini@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.mei@guoyunhe.merpm@fthiessen.dei@guoyunhe.merpm@fthiessen.dei@guoyunhe.mejweberhofer@weberhofer.atpgajdos@suse.compgajdos@suse.comi@guoyunhe.mei@guoyunhe.mepgajdos@suse.comjweberhofer@weberhofer.atkkaempf@suse.comkkaempf@suse.comi@guoyunhe.me- security update - added patches fix CVE-2024-35241 [bsc#1226181], code execution installing packages in repository with specially crafted branch names + php-composer2-CVE-2024-35241.patch- security update - added patches fix CVE-2024-35242 [bsc#1226182], command injection via specially crafted branch names during repository cloning + php-composer2-CVE-2024-35242.patch- version update to 2.6.4 * 2.6.4 2023-09-29 [bsc#1215859] - Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655) - Fixed json output of abandoned packages in audit command (#11647) - Performance improvement in pool optimization step (#11638) - Performance improvement in show -a (#11659) * 2.6.3 2023-09-15 - Added audit.abandoned config setting. Can be set to ignore, report (current default) or fail (future default in 2.7) to make the audit command report abandoned packages as a security problem (#11639) - Added a warning when duplicates files autoload rules are detected (#11109) - Fixed unhandled promise rejection regression (#11620) - Fixed loading of root aliases on path repo packages when doing partial updates (#11632) - Fixed archive command not producing the correct output if the temp dir is a symlink (#11636) - Fixed some replaced packages being incorrectly missing when unlocked in a partial update (#11629) * 2.6.2 2023-09-03 - Reverted "Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562)" which caused a regression (#11617) - Fixed non-zero exit code on failed audits to only apply to install --audit runs and not implicit audits with require, create-project or update commands (#11616) - Fixed create-project infinite post-install loop in some circumstances (#11613) * 2.6.1 2023-09-01 - Reverted "Fixed executability of non-php binaries which are not marked executable (#11557)" which caused a regression (#11612) * 2.6.0 2023-09-01 - Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605) - Added rm alias to the remove command (#11367) - Added runtime platform check to verify the php-64bit requirement is met (#11334) - Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418) - Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#11608) - Added support for bumping patch level in ~1.2.3 constraints (#11590) - Added prompt in require if the package name is not found but similar ones exist (#11284) - Added support for env vars and ~ in repository paths for vcs and artifact repositories (#11453) - Added support for local directory paths for repositories of type composer (#11526) - Added links to package homepages in why/why-not command output (#11308) - Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#11271) - Added support for gathering security advisories from multiple repositories for a single package (#11436) - Fixed install exit code to be non-zero (5) if a requested security audit failed (#11362) - Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#11562) (Reverted in 2.6.2) - Fixed executability of non-php binaries which are not marked executable (#11557) (Reverted in 2.6.1) - Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593) - Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#11493) - Fixed json editing to preserve indentation when updating json files (#11390) - Fixed handling of broken junctions on windows (#11550) - Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534) - Fixed svn repo parsing in some edge cases (#11350) - Fixed handling of archive URLs without file extension (#11520) - Performance improvement in pool optimization step (#11449, #11450) - modified sources % composer.phar- Update to version 2.5.8 * Fixed regression in edge cases where root package gets added to a repository already during the install process (#11495) * Fixed EventDispatcher on windows picking bat files when using "@php binary" (#11490) * Fixed ICU CLDR version parsing failing the whole process when ICU cannot initialize the resource bundle (#11492) * Fixed type declarations on ClassLoader (#11500) - Update to version 2.5.7 * Fixed regression preventing autoloading the dependencies of metapackages when running --no-dev (#11481) - Update to version 2.5.6 * BC Warning: Installers and InstallationManager::getInstallPath will now return null instead of an empty string for metapackages' paths. This may have adverse effects on plugin code using this expecting always a string but it is unlikely (#11455) * Fixed metapackages showing their install path as the root package's path instead of empty (#11455) * Fixed lock file verification on install to deal better with replace/provide (#11475) * Fixed lock file having a more recent modification time than the vendor dir when require guesses the constraint after resolution (#11405) * Fixed numeric default branches with a v prefix being treated as non-numeric ones and receiving an alias like e.g. dev-main would (e51d755a08) * Fixed binary proxies not being transparent when included by another PHP process and returning a value (#11454) * Fixed support for plugin classes being marked as readonly (#11404) * Fixed getmypid being required as it is not always available (#11401) * Fixed authentication issue when downloading several files from private Bitbucket in parallel (#11464)- Update to version 2.5.5 * Fixed basic auth failures resulting in infinite retry loop (#11320) * Fixed GitHub rate limit reporting (#11366) * Fixed InstalledVersions error in Composer 1 compatibility edge case (#11304) * Fixed issue displaying solver problems with branch names containing `%` signs (#11359) * Fixed race condition in cache validity detection when running Composer highly concurrently (#11375) * Fixed various minor config command issues (#11353, #11302)- Update to version 2.5.4 * Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318) - Update to version 2.5.3 * Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)- Update to version 2.5.2 * Added warning when `require` auto-selects a feature branch as that is probably not desired (#11270) * Fixed `self.version` requirements reporting lock file integrity errors when changing branches (#11283) * Fixed `require` regression which broke the --fixed flag (#11247) * Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281) * Fixed autoloading regression on PHP 5.6 (#11285) * Fixed archive command including an existing archive into itself if run repeatedly (#11239) * Fixed dev package prompt in `require` not appearing in some conditions (#11287)- Update to version 2.5.1 * Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237) * Fixed preg type error in svn version guessing (#11231)- Update to version 2.5.0 * BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015) * Improved version guessing of `require` command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160) * Improved version selection in `archive` command (#11230) * Added autocompletion of config option names in the `config` command (#11130) * Added support for writing [custom commands as Command classes](https://getcomposer.org/doc/articles/scripts.md#writing-custom-commands) (#11151) * Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195) * Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113) * Added support for `bump` command to bump `>=x` to `>=installed-version` (#11179) * Added `--download-only` flag to `install` command to only download and prime the cache with the package archives (#11041) * Added autoconfiguration of `github-domains`/`gitlab-domains` when GitHub/GitLab credentials are configured for a custom domain (#11062) * Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085) * Added interactive prompt to `run-script` and `exec` commands if run without any argument (#11157) * Added interactive prompt where to store credentials when a project-local auth.json exists (#11188) * Fixed full disk warning to be shown when less than 100MiB is available (#11190) * Fixed cache keys to allow `_` to avoid conflicts between package names like `a-b` and `a_b` (#11229) * Fixed docker compatibility by making paths more portable even if the project is installed at `/` (#11169)- Update to version 2.4.4 * Added extra debug output when a zip extraction fails while on GitHub Actions (#11148) * Fixed cache write failures when the cache dir gets removed during a composer run (#11076) * Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077) * Fixed --dry-run flag missing from bump command (#11047) * Fixed status command reporting differences when the source ref is a tag (#11155) * Fixed outdated command outputting legend on stdout instead of stderr * Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137) - Update to version 2.4.3 * BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120) * Fixed json format of audit command which was missing affectedVersions (#11120) * Fixed plugin commands not being loaded during bash completions (#11074) * Fixed parsing of inline aliases within complex constraints with || or , (#11086) * Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091) * Fixed JsonFile reading files without checking if they are readable first (#11077) * Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)- Update to version 2.4.2 * Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024) * Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive * Fixed package filter on bump command (#11053) * Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037) * Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0 * Fixed handling of zero-major versions in outdated command with - -major-only (#11032) * Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046) * Fixed a few strict type errors - Update to version 2.4.1 * Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998) * Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000) * Fixed local git repos being copied to cache unnecessarily (#11001) * Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004) - Update to version 2.4.0 * Added bash completions for Composer commands, package names, etc (see how to setup) (#10320) * Added bump command to bump requirements to the currently installed version (#10829) * Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898) * Added automatic auditing of security vulnerabilities after update is done, can be overridden with --no-audit (#10798, #10898) * Added --audit to install command to also do an audit (#10798, #10898) * Added json format output to the check-platform-reqs command (#10979) * Added GitLab 15+ token refresh support (#10988) * Added r alias to require command (#10953) * Added composer/class-map-generator dependency to replace Composer\Autoload\ClassMapGenerator which is now deprecated (#10885) * Added --locked to depends/prohibits commands (#10834) * Added --strict-psr flag to dump-autoload command to fail the process if PSR violations were detected, useful for CI (#10886) * Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars to turn on --prefer-stable/--prefer-lowest on update and require command, useful for CI (#10919) * Added support for temporary update constraints on all packages (now also including non-root dependencies) (#10773) * Added --major-only flag to the outdated command to show only packages with major version updates (#10827) * Added sections for direct and transitive deps in outdated command output (#10779) * Added ability for cache GC to clean up vcs and repo caches (#10826) * Added --gc flag to clear-cache to only trigger a garbage collection instead of clearing everything (#10826) * Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait for the child process to exit before Composer exits to avoid dropping output (#10958) * Added prompt suggesting using --dev when requiring packages with dev/testing/static analysis keywords present (#10960) * Added warning in require, init and create-project commands when the latest version of a package cannot be used due to platform requirements (#10896) * Fixed COMPOSER_NO_DEV so it also works with require and remove's - -update-no-dev (#10995)- Update to version 2.3.10 * Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935) * Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928) * Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925) * Fixed support for disable_functions containing disk_free_space (#10936) * Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940) - Update to version 2.3.9 * Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#10920) * Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#10920) * Fixed deprecation notice (#10921) * Fixed type errors (#10924)- Update to version 2.3.8 * Fixed support for cache-read-only where the filesystem is not writable (#10906) * Fixed type error when using allow-plugins: true (#10909) * Fixed @putenv scripts receiving arguments passed to the command (#10846) * Fixed support for spaces in paths with binary proxies on Windows (#10836) * Fixed type error in GitDownloader if branches cannot be listed (#10888) * Fixed RootPackageInterface issue on PHP 5.3.3 (#10895) * Fixed type errors (#10904, #10897)- Update to version 2.3.7 * Fixed a few PHPStan ConfigReturnTypeExtension bugs * Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#10814) * Fixed handling of broken symlinks when checking whether a package is still installed (#6708) * Fixed bin proxies to allow a proxy to include another one safely (#10823) * Fixed openssl 3.x version parsing as it is now semver compliant * Fixed type error when a json file cannot be read (#10818) * Fixed parsing of multi-line arrays in funding.yml (#10784)- Update to version 2.3.6 * Added Composer\PHPStan\ConfigReturnTypeExtension to improve return types of Config::get() which you can also use in plugins CI (#10635) * Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811) * Fixed unnecessary HTTP request in BitbucketDriver (#10729) * Fixed invalid credentials loop when setting up GitLab token (#10748) * Fixed PHP 8.2 deprecations (#10766) * Fixed lock file changes being output even when the lock file creation is disabled * Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763) * Fixed quoting of commas on Windows (#10775) * Fixed issue installing path repos with a disabled symlink function (#10786) * Fixed various type errors (#10753, #10739, #10751)- Update to version 2.3.5 * Security: Fixed command injection vulnerability in HgDriver/GitDriver: CVE-2022-24828 * Added warning when downloading a file with verify_peer[_name] disabled * Fixed curl downloader not retrying when a DNS resolution failure occurs * Fixed composer.lock file still being used/read when the lock config option is disabled * Fixed validate command checking the lock file even if the lock option is disabled * Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir - Update to version 2.3.4 * Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions * Fixed run-script --list flag regression * Fixed curl downloader handling of DNS resolution failures to do an automatic retry * Fixed various type errors * [bsc#1198494]- Update to version 2.3.3 * Added --2.2 flag to `self-update` to pin the Composer version to the 2.2 LTS range (#10682) * Added missing config.bitbucket-oauth in composer-schema.json * Fixed type errors in SvnDriver (#10681) * Fixed --version output to match the pre-2.3 one (#10684) * Fixed config/auth.json files not being validated against the composer-schema.json (#10685) * Fixed generation of autoload crashing if a package has a broken path (#10688) * Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687) * Updated semver, jsonlint deps for minor fixes * Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651) - Update to version 2.3.2 * Fixed type error when running `exec` command (#10672) * Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#10648) * Fixed type error in ComposerRepository (#10675) * Fixed issues loading platform packages where the version of a library cannot be established (#10631) - Update to version 2.3.1 * Fixed type error when HOME env var is not set (#10670) - Update to version 2.3.0 * Fixed many strict types errors (#10646, #10642, #10647, #10658, [#10656], #10665, #10660, #10663, #10662) * Fixed invalid return value in ComposerRepository::findPackage (#10622) * Fixed many `show` command issues due to a flipped condition (#10623) * Fixed `phpversion()` handling when it returns false due to an extension defining no version (#10631) * Fixed `remove` command failing when no `allow-plugin` is defined in config (#10629) * Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632) * BC Break: the minimum PHP version is now 7.2.5+, use the [Composer 2.2 LTS](https://github.com/composer/composer/issues/10340) if you are stuck with an older PHP (#10343) * BC Break: added native parameter & return types to many internal APIs, we explicitly left the most extended/implemented symbols untouched but if this causes problems nonetheless please report it ASAP (#10547, #10561) * BC Break: added visibility to all constants, a few internal ones have been made private/protected, if this causes problems please report it ASAP (#10550) * BC Break: the minimum supported Symfony components version is now 5.4, this only affects you if you are requiring composer/ composer directly however, which is generally frowned upon * Bumped `composer-plugin-api` to `2.3.0` * Bumped bundled Symfony components from 2.8 to 5.4 🥳 * Added `declare(strict_types=1)` to all the classes, which for sure could cause regressions in edge cases, please report with stack traces (#10567) * Added `--patch-only` to the `outdated` command to only show updates to patch versions and ignore new major/minor versions (#10589) * Added clickable links to various commands for terminals which support it (#10430) * Added ProcessExecutor ability to receive commands as arrays by (internals/plugin change only) (#10435) * Added abandoned flag to `show`/`outdated` commands JSON-formatted output (#10485) * Added config.reference option to `path` repositories to configure the way the reference is generated, and possibly reduce composer.lock conflicts (#10488) * Added automatic removal of allow-plugins rules when removing a plugin via the `remove` command (#10615) * Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS env vars to configure the equivalent flags (#10616) * Added support for Symfony 6.0 components * Added support for psr/log 3.x (#10454) * Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592) * Performance improvement in pool optimization step (#10585)- Update to version 2.2.7 * Fixed support for packages with no licenses in licenses command output * Fixed handling of allow-plugins: false which kept warning * Fixed enum parsing in classmap generation when the enum keyword is not lowercased * Fixed author parsing in init command requiring an email whereas the schema allows a name only * Fixed issues in require command when requiring packages which do not exist (but are provided by something else you require) * Performance improvement in pool optimization step- Update to version 2.2.6 * BC Break: due to an oversight, the COMPOSER_BIN_DIR env var for binaries added in Composer 2.2.2 had to be renamed to COMPOSER_RUNTIME_BIN_DIR (#10512) * Fixed enum parsing in classmap generation with syntax like enum foo:string without space after : (#10498) * Fixed package search not urlencoding the input (#10500) * Fixed reinstall command not firing pre-install-cmd/post-install-cmd events (#10514) * Fixed edge case in path repositories where a symlink: true option would be ignored on old Windows and old PHP combos (#10482) * Fixed test suite compatibility with latest symfony/console releases (#10499) * Fixed some error reporting edge cases (#10484, #10451, #10493) - Update to version 2.2.5 * Disabled composer/package-versions-deprecated by default as it can function using Composer\InstalledVersions at runtime (#10458) * Fixed artifact repositories crashing if a phar file was present in the directory (#10406) * Fixed binary proxy issue on PHP <8 when fseek is used on the proxied binary path (#10468) * Fixed handling of non-string versions in package repositories metadata (#10470) - Update to version 2.2.4 * Fixed handling of process timeout when running async processes during installation * Fixed GitLab API handling when projects have a repository disabled (#10440) * Fixed reading of environment variables (e.g. APPDATA) containing unicode characters to workaround a PHP bug on Windows (#10434) * Fixed partial update issues with path repos missing if a path repo is required by a path repo (#10431) * Fixed support for sourcing binaries via the new bin proxies (#10389) * Fixed messaging when GitHub tokens need SSO authorization (#10432)- PHP Composer 2 requires PHP 7.2.5 at least- php is not required for build- version update to 2.2.3 2.2.3 2021-12-31 * Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387) * Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#10401) * Fixed binary proxies for shell scripts to work correctly when they are symlinked (jakzal/phpqa#336) * Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#10405) 2.2.2 2021-12-29 * Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402) * Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#10387) * Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#10404) * Fixed UX of plugin warnings (#10381) 2.2.1 2021-12-22 * Fixed plugin autoloading including files autoload rules from the root package (#10382) * Fixed issue parsing php files with unterminated comments found inside backticks (#10385) 2.2.0 2021-12-22 * Added support for using dev-main as the default path repo package version if no VCS info is available (#10372) * Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371) * Fixed self-update failing in some edge cases due to loading plugins (#10371) * Fixed display of conflicts showing the wrong package name in some conditions (#10355) 2.2.0-RC1 2021-12-08 * Bumped composer-runtime-api and composer-plugin-api to 2.2.0 * UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314) * Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, [#9620]) * Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137) * Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083) * Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318) * Added support for setting platform packages to false in config.platform to disable/hide them (#10308) * Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307) * Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313) * Added a --source flag to config command to show where config values are loaded from (#10129) * Added support for files autoloaders in the runtime scripts/plugins contexts (#10065) * Added retry behavior on certain http status and curl error codes (#10162) * Added abandoned flag display in search command output * Added support for --ignore-platform-reqs in outdated command (#10293) * Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336) * Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262) * Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309) * Fixed unlocking of replacers when a replaced package is unlocked (#10280) * Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157) * Fixed handling of recursive package links (e.g. requiring or replacing oneself) * Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218) * Fixed archive command to produce archives with files sorted by name (#10274) * Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319) * Fixed some error reporting issues (#10283, #10339)- Use update-alternatives - Update to 2.1.14 * Fixed invalid release build (2.1.13 was deleted as invalid) * Removed symfony/console ^6 support as we cannot be compatible until Composer 2.3.0 is released. If you have issues with Composer required as a dependency + Symfony make sure you stay on Symfony 5.4 for now. (#10321)- Obsoletes php-composer (version 1.x) - Update to 2.1.12 * Fixed issues in proxied binary files relying on __FILE__ / __DIR__ on php <8 (#10261) * Fixed 9999999-dev being shown in some cases by the show command (#10260) * Fixed GitHub Actions output escaping regression on PHP 8.1 (#10250) - Update to 2.1.11 * Fixed issues in proxied binary files when using declare() on php <8 (#10249) * Fixed GitHub Actions output escaping issues (#10243) - Update to 2.1.10 * Added type annotations to all classes, which may have an effect on CI/static analysis for people using Composer as a dependency (#10159) * Fixed CurlDownloader requesting gzip encoding even when no gzip support is present (#10153) * Fixed regression in 2.1.6 where the help command was not working for plugin commands (#10147) * Fixed warning showing when an invalid cache dir is configured but unused (#10125) * Fixed require command reverting changes even though dependency resolution succeeded when something fails in scripts for example (#10118) * Fixed require not finding the right package version when some newly required extension is missing from the system (#10167) * Fixed proxied binary file issues, now using output buffering (e1dbd65) * Fixed and improved error reporting in several edge cases (#9804, [#10136], #10163, #10224, #10209) * Fixed some more Windows CLI parameter escaping edge cases - Update to 2.1.9 * Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116) * Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107) * Fixed inline git credentials showing up in output in some conditions (#10115) * Fixed support for running updates while offline as long as the cache contains enough information (#10116) * Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095) * Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132) * Fixed CA bundle to remove the expired Let's Encrypt root CA- requires php-mbstring [bnc#1187416]- Update to 2.1.8 Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode (gh#composer/composer#10102) - Update to 2.1.7 * Added many type annotations internally, which may have an effect on CI/static analysis for people using Composer as a dependency. This work will continue in following releases * Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (gh#composer/composer#10067) * Fixed regression in 2.1.6 where list command was not showing plugin commands (gh#composer/composer#10075) * Fixed issue handling package updates where the package type changed (gh#composer/composer#10076) * Fixed docker being detected as WSL when run inside WSL (gh#composer/composer#10094) - Update to 2.1.6 * Updated internal PHAR signatures to be SHA512 instead of SHA1 * Fixed uncaught exception handler regression (gh#composer/composer#10022) * Fixed more PHP 8.1 deprecation warnings (gh#composer/composer#10036, gh#composer/composer#10038, gh#composer/composer#10061) * Fixed corrupted zips in the cache from blocking installs until a cache clear, the bad archives are now deleted automatically on first failure (gh#composer/composer#10028) * Fixed URL sanitizer handling of new github tokens (gh#composer/composer#10048) * Fixed issue finding classes with very long heredocs in classmap autoload (gh#composer/composer#10050) * Fixed proc_open being required for simple installs from zip, as well as diagnose (gh#composer/composer#9253) * Fixed path repository bug causing symlinks to be left behind after a package is uninstalled (gh#composer/composer#10023) * Fixed issue in 7-zip support on windows with certain archives (gh#composer/composer#10058) * Fixed bootstrapping process to avoid loading the composer.json and plugins until necessary, speeding things up slightly (gh#composer/composer#10064) * Fixed lib-openssl detection on FreeBSD (gh#composer/composer#10046) * Fixed support for ircs:// protocol for support.irc composer.json entries- Require php-curl as Composer strongly recommends this.- Update to 2.1.5 Mostly bugfixes. See https://github.com/composer/composer/releases for details.- Version 2.0.2 * Fixed regression handling composer show -s in projects where no version can be guessed from VCS * Fixed regression handling partial updates/require when a lock file was missing * Fixed interop issue with plugins that need to update dist URLs of packages - Version 2.0.1 * Fixed crash on PHP8 - Version 2.0.0 * Breaking: This is a major release and while we tried to keep things compatible for most users, you might want to have a look at the UPGRADE guides * Many CPU and memory performance improvements * The update command is now much more deterministic as it does not take the already installed packages into account * Package installation now performs all network operations first before doing any changes on disk, to reduce the chances of ending up with a partially updated vendor dir * Partial updates and require/remove are now much faster as they only load the metadata required for the updated packages * Added a platform-check step when vendor/autoload.php gets initialized which checks the current PHP version/extensions match what is expected and fails hard otherwise. Can be disabled with the platform-check config option * Added a Composer\InstalledVersions class which is autoloaded in every project and lets you check which packages/versions are present at runtime * Added a composer-runtime-api virtual package which you can require (as e.g. ^2.0) to ensure things like the InstalledVersions class above are present. It will effectively force people to use Composer 2.x to install your project * Added support for parallel downloads of package metadata and zip files, this requires that the curl extension is present and we thus strongly recommend enabling curl * Added parallel installation of packages (requires OSX/Linux/WSL, and that unzip is present in PATH) * Added much clearer dependency resolution error reporting for common error cases * Added support for updating to a specific version with partial updates, as well as a --with flag to pass in temporary constraint overrides * Added automatic removal of packages which are not required anymore whenever an update is done, this will purge packages previously left over by partial updates and require/remove * Added support for TTY mode on Linux/OSX/WSL so that script handlers now run in interactive mode * Added only, exclude and canonical options to all repositories, see repository priorities for details * Added support for many new lib-* packages in the platform repository and improved version detection for some ext-* and lib-* packages * Added pre-operations-exec event to be fired before the packages get installed/upgraded/removed * Added pre-pool-create event to be fired before the package pool for the dependency solver is created, which lets you modify the list of packages going in * Added post-file-download event to be fired after package dist files are downloaded, which lets you do additional checks on the files * Added --locked flag to show command to see the packages from the composer.lock file * Added --unused flag to remove command to make sure any packages which are not needed anymore get removed * Added --dry-run flag to require and remove commands * Added --no-install flag to update, require and remove commands to disable the install step and only do the update step (composer.lock file update) * Added an --ask flag to create-project command to make Composer prompt for the install dir name, useful for project install instructions * Added support for multiple --repository flags being passed into the create-project command, only useful in combination with - -add-repository to persist them to composer.json * Added --with-dependencies and --with-all-dependencies flag aliases to require and remove commands for consistency with update * Added shorthand aliases -w for --with-dependencies and -W for - -with-all-dependencies on update/require/remove commands * Added more info to vendor/composer/installed.json, a dev key stores whether dev requirements were installed, and every package now has an install-path key with its install location * Added COMPOSER_DISABLE_NETWORK which if set makes Composer do its best to run offline. This can be useful when you have poor connectivity or to do benchmarking without network jitter * Added COMPOSER_DEBUG_EVENTS=1 env var support for plugin authors to figure out which events are triggered when * Added setCustomCacheKey to PreFileDownloadEvent and fixed a cache bug for integrations changing the processed url of package archives * Added Composer\Util\SyncHelper for plugin authors to deal with async Promises more easily * Added $composer->getLoop()->getHttpDownloader() to get access to the main HttpDownloader instance in plugins * Added --json and --merge flags to config command to allow editing complex extra.* values by using json as input * Added confirmation prompt when running Composer as superuser in interactive mode * Added --no-check-version to validate command to remove the warning in case the version is defined * Added --ignore-platform-req (without s) to all commands supporting - -ignore-platform-reqs, which accepts a package name so you can ignore only specific platform requirements * Added --no-dev support to show and outdated commands to skip dev requirements * Added --format=summary flag to license command * Added a cache-read-only config option to make the cache usable in read only mode for containers and such * Added support for wildcards (*) in classmap autoloader paths * Added support for configuring GitLab deploy tokens in addition to private tokens, see gitlab-token * Added support for package version guessing for require and init command to take all platform packages into account, not just php version * Added support for tar in artifact repositories * Added a non-zero exit code (2) and warning to remove command when a package to be removed could not be removed * Added --apcu-autoloader-prefix (or --apcu-prefix for dump-autoload command) flag to let people use apcu autoloading in a deterministic output way if that is needed * Fixed package ordering when autoloading and especially when loading plugins, to make sure dependencies are loaded before their dependents * Fixed suggest output being very spammy, it now is only one line long and shows more rarely * Fixed conflict rules like e.g. >=5 from matching dev-master, as it is not normalized to 9999999-dev internally anymore * Fixed solver bug resulting in endless loops in some cases * Lots of minor bug fixes and improvements/bin/sh/bin/shphp-composerh04-ch1d 17183649992.6.42.6.42.6.4-150600.3.3.12.6.42.6.4composercomposercomposer2php-composer2LICENSE/etc/alternatives//usr/bin//usr/share/licenses//usr/share/licenses/php-composer2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34329/SUSE_SLE-15-SP6_Update/aa11c3a5ba70c0fe5b471dd3a0cc67ab-php-composer2.SUSE_SLE-15-SP6_Updatedrpmxz5noarch-suse-linuxcannot open `/home/abuild/rpmbuild/BUILDROOT/php-composer2-2.6.4-150600.3.3.1.x86_64/etc/alternatives/composer' (No such file or directory)a /usr/bin/env php script executable (binary data)directoryASCII textRvfXHrNFUutf-81f1dc5b3a06cea8e4df17a645d269e22bb24de9894f8e1b89e70693e0c933a80?7zXZ !t/\]"k%:>4- zu%TnoS_Ui*ԹNfN<8LrS:9l*{X^ݞݠ.&g_N1nd QW,z=YQ@8wfњkAJۥÈׅˊ1ZL]j-S%A O@.UEbs뜺; Q[f4h ڨSGZn[50ğ!'0HztVB%/{Sf$c^Mr񯂬 m)+>zQ`&Rcv\ց{H% 6,E~B1rxXTg\;;0a2B$r@2ϋ*Õ= U +,Ԩ9П8Bs* Jg`'jX$!HB67,qt\j18"np6lDZVmިiKM o#9j1z6Uj,;~\}*é 4IHһ@Mϳ7 t,JD:!íq#%lNbټ8a_R`"ư)Lj6]Z)E/i&Q*lZiVW(|$o, ゲm F 6EӦnʡFFPBN1BHz>Xs %XxfG؃NnPvs2=igPyvx0+[o1 Y<SC0vϘyA2cPnR͜Ht|O uY89T45c z/7S }VBO=ȡu^)Eo &0 X] %"w%ڃH-L +6pR N[Du f4먞9 (Mn۷^%QZN E?lWȨ@%k8Y{:ՄJg:-.r#|\D?* 1MC?XheƆA0lRK+Fsl6uy('o?1B8.}CїUNJp@!:f,w Fs9yc^@ķmŸWљeER|.TkG EHX(%eÉOg< M:Q ^Ǡmm,;~L/>/O5blb F1vgo.x[Wa]I[kLt«Ǐz,,7c04=Yb'00҉sLeK)PpA`Pv[ ̉M(3Rf i v6֪ѕRmi:T a 9.Z} ;^cő2i7)s^$#`ͳX?K}$ bV@1 f.t *.2'4orA9նS1-t PCl+P_|:Ehm夰>E2?7IY@R!EwLӥu\CNǔl3B@Q&Pb6N6!q doW7їuΩb?y?Gϰu{4xovPT0WOTKv.薬t']nlԭrpb,\joyB#qi v*/^V&՚S^~=6OI϶ YZ