All Versions
Latest Version
Avg Release Cycle
13 days
Latest Release
580 days ago

Changelog History
Page 2

  • v2.3.6 Changes

    June 01, 2022
    • Added Composer\PHPStan\ConfigReturnTypeExtension to improve return types of Config::get() which you can also use in plugins CI (#10635)
    • Fixed name validation regex in schema causing issues with JS IDEs like VS Code (#10811)
    • Fixed unnecessary HTTP request in BitbucketDriver (#10729)
    • Fixed invalid credentials loop when setting up GitLab token (#10748)
    • Fixed PHP 8.2 deprecations (#10766)
    • Fixed lock file changes being output even when the lock file creation is disabled
    • Fixed race condition when multiple requests asking for auth on the same hostname fired concurrently (#10763)
    • Fixed quoting of commas on Windows (#10775)
    • Fixed issue installing path repos with a disabled symlink function (#10786)
    • Fixed various type errors (#10753, #10739, #10751)
  • v2.3.5 Changes

    April 13, 2022
    • Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
    • Added warning when downloading a file with verify_peer[_name] disabled (#10722)
    • Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
    • Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
    • Fixed validate command checking the lock file even if the lock option is disabled (#10723)
    • Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)
  • v2.3.4 Changes

    April 07, 2022
    • Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions (#10714)
    • Fixed run-script --list flag regression (#10710)
    • Fixed curl downloader handling of DNS resolution failures to do an automatic retry (#10716)
    • Fixed script handling of external commands not setting the Path env correctly on windows (#10700)
    • Fixed various type errors (#10694, #10696, #10702, #10712, #10703)
  • v2.3.3 Changes

    April 01, 2022
    • Added --2.2 flag to self-update to pin the Composer version to the 2.2 LTS range (#10682)
    • Added missing config.bitbucket-oauth in composer-schema.json
    • Fixed type errors in SvnDriver (#10681)
    • Fixed --version output to match the pre-2.3 one (#10684)
    • Fixed config/auth.json files not being validated against the composer-schema.json (#10685)
    • Fixed generation of autoload crashing if a package has a broken path (#10688)
    • Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687)
    • Updated semver, jsonlint deps for minor fixes
    • Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651)
  • v2.3.2 Changes

    March 30, 2022
    • Fixed type error when running exec command (#10672)
    • Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#10648)
    • Fixed type error in ComposerRepository (#10675)
    • Fixed issues loading platform packages where the version of a library cannot be established (#10631)
  • v2.3.1 Changes

    March 30, 2022
    • Fixed type error when HOME env var is not set (#10670)
  • v2.3.0 Changes

    March 30, 2022
    • Fixed many strict types errors (#10646, #10642, #10647, #10658, #10656, #10665, #10660, #10663, #10662)
  • v2.3.0-RC2 Changes

    March 20, 2022
    • Fixed invalid return value in ComposerRepository::findPackage (#10622)
    • Fixed many show command issues due to a flipped condition (#10623)
    • Fixed phpversion() handling when it returns false due to an extension defining no version (#10631)
    • Fixed remove command failing when no allow-plugin is defined in config (#10629)
    • Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632)
  • v2.3.0-RC1 Changes

    March 16, 2022
    • BC Break: the minimum PHP version is now 7.2.5+, use the Composer 2.2 LTS if you are stuck with an older PHP (#10343)
    • BC Break: added native parameter & return types to many internal APIs, we explicitly left the most extended/implemented symbols untouched but if this causes problems nonetheless please report it ASAP (#10547, #10561)
    • BC Break: added visibility to all constants, a few internal ones have been made private/protected, if this causes problems please report it ASAP (#10550)
    • BC Break: the minimum supported Symfony components version is now 5.4, this only affects you if you are requiring composer/composer directly however, which is generally frowned upon
    • Bumped composer-plugin-api to 2.3.0
    • Bumped bundled Symfony components from 2.8 to 5.4 🥳
    • Added declare(strict_types=1) to all the classes, which for sure could cause regressions in edge cases, please report with stack traces (#10567)
    • Added --patch-only to the outdated command to only show updates to patch versions and ignore new major/minor versions (#10589)
    • Added clickable links to various commands for terminals which support it (#10430)
    • Added ProcessExecutor ability to receive commands as arrays by (internals/plugin change only) (#10435)
    • Added abandoned flag to show/outdated commands JSON-formatted output (#10485)
    • Added config.reference option to path repositories to configure the way the reference is generated, and possibly reduce composer.lock conflicts (#10488)
    • Added automatic removal of allow-plugins rules when removing a plugin via the remove command (#10615)
    • Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS env vars to configure the equivalent flags (#10616)
    • Added support for Symfony 6.0 components
    • Added support for psr/log 3.x (#10454)
    • Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)
    • Performance improvement in pool optimization step (#10585)
  • v2.2.17 Changes

    July 13, 2022
    • Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935)
    • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
    • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
    • Fixed support for disable_functions containing disk_free_space (#10936)
    • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940)