All Versions
166
Latest Version
Avg Release Cycle
13 days
Latest Release
992 days ago

Changelog History
Page 1

  • v2.4.4 Changes

    October 27, 2022
    • Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
    • Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
    • Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
    • Fixed --dry-run flag missing from bump command (#11047)
    • Fixed status command reporting differences when the source ref is a tag (#11155)
    • Fixed outdated command outputting legend on stdout instead of stderr
    • Fixed URL sanitizer to handle new GitHub personal access tokens format (#11137)
  • v2.4.3 Changes

    October 14, 2022
    • BC Break: The json format of audit command now has reportedAt as an RFC3339 string instead of an object which was a mistake (#11120)
    • Fixed json format of audit command which was missing affectedVersions (#11120)
    • Fixed plugin commands not being loaded during bash completions (#11074)
    • Fixed parsing of inline aliases within complex constraints with || or , (#11086)
    • Fixed min-php version check in autoload.php to avoid crashing sites running on PHP 5.5 or below silently with a 200 (#11091)
    • Fixed JsonFile reading files without checking if they are readable first (#11077)
    • Fixed require command with --dry-run failing when requiring a package requiring stability flag extraction (#11112)
  • v2.4.2 Changes

    September 14, 2022
    • Fixed bash completion hanging when running as root without COMPOSER_ALLOW_SUPERUSER set (#11024)
    • Fixed handling of plugin activation when running as root without COMPOSER_ALLOW_SUPERUSER set so it always happens after prompting, or does not happen if input is non-interactive
    • Fixed package filter on bump command (#11053)
    • Fixed handling of --ignore-platform-req with upper-bound ignores to not apply to conflict rules (#11037)
    • Fixed handling of COMPOSER_DISCARD_CHANGES when set to 0
    • Fixed handling of zero-major versions in outdated command with --major-only (#11032)
    • Fixed show --platform regression since 2.4.0 when running in a directory without composer.json (#11046)
    • Fixed a few strict type errors
  • v2.4.1 Changes

    August 20, 2022
    • Added a COMPOSER_NO_AUDIT env var to easily apply the new --no-audit flag in CI (#10998)
    • Fixed show command showing packages in two sections, this was only meant for the outdated command (#11000)
    • Fixed local git repos being copied to cache unnecessarily (#11001)
    • Fixed git cache invalidation issue when a git tag gets created after the cache has loaded a given reference (#11004)
  • v2.4.0 Changes

    August 16, 2022
    • Added json format output to the new audit command (#10965)
    • Added json format output to the check-platform-reqs command (#10979)
    • Added GitLab 15+ token refresh support (#10988)
    • Fixed COMPOSER_NO_DEV so it also works with require and remove's --update-no-dev (#10995)
    • Fixed various bash completion issues
  • v2.4.0-RC1 Changes

    July 21, 2022
    • Added bash completions for Composer commands, package names, etc (see how to setup) (#10320)
    • Added bump command to bump requirements to the currently installed version (#10829)
    • Added audit command to check for known security vulnerabilities in installed packages (#10798, #10898)
    • Added automatic auditing of security vulnerabilities after update is done, can be overridden with --no-audit (#10798, #10898)
    • Added --audit to install command to also do an audit (#10798, #10898)
    • Added r alias to require command (#10953)
    • Added composer/class-map-generator dependency to replace Composer\Autoload\ClassMapGenerator which is now deprecated (#10885)
    • Added --locked to depends/prohibits commands (#10834)
    • Added --strict-psr flag to dump-autoload command to fail the process if PSR violations were detected, useful for CI (#10886)
    • Added COMPOSER_PREFER_STABLE and COMPOSER_PREFER_LOWEST env vars to turn on --prefer-stable/--prefer-lowest on update and require command, useful for CI (#10919)
    • Added support for temporary update constraints on all packages (now also including non-root dependencies) (#10773)
    • Added --major-only flag to the outdated command to show only packages with major version updates (#10827)
    • Added sections for direct and transitive deps in outdated command output (#10779)
    • Added ability for cache GC to clean up vcs and repo caches (#10826)
    • Added --gc flag to clear-cache to only trigger a garbage collection instead of clearing everything (#10826)
    • Added signal (SIGINT, SIGTERM, SIGHUP) handling to ensure we wait for the child process to exit before Composer exits to avoid dropping output (#10958)
    • Added prompt suggesting using --dev when requiring packages with dev/testing/static analysis keywords present (#10960)
    • Added warning in require, init and create-project commands when the latest version of a package cannot be used due to platform requirements (#10896)
  • v2.3.10 Changes

    July 13, 2022
    • Fixed plugins from CWD/vendor being loaded in some cases like create-project or validate even though the target directory is outside of CWD (#10935)
    • Fixed support for legacy (Composer 1.x, e.g. hirak/prestissimo) plugins which will not warn/error anymore if not in allow-plugins, as they are anyway not loaded (#10928)
    • Fixed pre-install check for allowed plugins not taking --no-plugins into account (#10925)
    • Fixed support for disable_functions containing disk_free_space (#10936)
    • Fixed RootPackageRepository usages to always clone the root package to avoid interoperability issues with plugins (#10940)
  • v2.3.9 Changes

    July 05, 2022
    • Fixed non-interactive behavior of allow-plugins to throw instead of continue with a warning to avoid broken installs (#10920)
    • Fixed allow-plugins BC mode to ensure old lock files created pre-2.2 can be installed with only a warning but plugins fully loaded (#10920)
    • Fixed deprecation notice (#10921)
    • Fixed type errors (#10924)
  • v2.3.8 Changes

    July 01, 2022
    • Fixed support for cache-read-only where the filesystem is not writable (#10906)
    • Fixed type error when using allow-plugins: true (#10909)
    • Fixed @putenv scripts receiving arguments passed to the command (#10846)
    • Fixed support for spaces in paths with binary proxies on Windows (#10836)
    • Fixed type error in GitDownloader if branches cannot be listed (#10888)
    • Fixed RootPackageInterface issue on PHP 5.3.3 (#10895)
    • Fixed type errors (#10904, #10897)
  • v2.3.7 Changes

    June 06, 2022
    • Fixed a few PHPStan ConfigReturnTypeExtension bugs
    • Fixed Config default for auth configs to be empty arrays instead of null, fixes issues with diagnose command (#10814)
    • Fixed handling of broken symlinks when checking whether a package is still installed (#6708)
    • Fixed bin proxies to allow a proxy to include another one safely (#10823)
    • Fixed openssl 3.x version parsing as it is now semver compliant
    • Fixed type error when a json file cannot be read (#10818)
    • Fixed parsing of multi-line arrays in funding.yml (#10784)