Change log for composer package in Debian

composer (2.7.6-2) unstable; urgency=medium

  * Make provider functions static (PHPUnit 11 Fix) (Closes: #1070504)

 -- David Prévot <email address hidden>  Mon, 20 May 2024 11:37:45 +0200

Available diffs

• diff from 2.7.6-1 to 2.7.6-2 (2.4 KiB)

composer (2.7.6-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Workaround curl bug in 8.7.0/8.7.1, fixes #11913
  * Fix config command issue handling objects in some conditions, fixes #11945
  * Add new uninstall alias to docs
  * Fix binary proxies having an absolute path to vendor dir when project dir
    is a symlink, fixes #11947
  * Fix Composer autoloader being hijackable by script/plugin event handlers
    (#11955)
  * Fix transport exception not always using 255 exit code, fixes #11954
  * Tweak exit code for network errors to be 100, refs #11954
  * Fix private autoloader callbacks breaking the new runtime autoloader
    handling code
  * Release 2.7.6

  [ maximilian-walter ]
  * Don't show root warning for Podman containers (#11946)

  [ Buster Neece ]
  * Add "uninstall" as alias to "remove". (#11951)

 -- David Prévot <email address hidden>  Sun, 05 May 2024 09:32:03 +0200

Available diffs

• diff from 2.7.4-1 to 2.7.6-1 (7.1 KiB)

composer (2.7.4-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Fix composer status command handling of failed promises, closes #11889
  * Ensure integer env vars do not cause a crash, fixes #11908
  * Ensure we clear the locally configured cache dir instead of default one,
    fixes #11921
  * Fix show command output to remove v prefixes on versions, making for more
    uniform output, fixes #11925
  * Release 2.7.4

  [ Yanick Witschi ]
  * Only show warning about default version when not "project" type (#11885)

  [ Ayesh Karunaratne ]
  * [PHP 8.4] Fix for implicit nullability deprecation (#11888)

  [ Brad Jones ]
  * Surface the advisory ID when CVE not present. (#11892)

  [ gaxweb ]
  * Allow for SSH URLs when using hg repository type (#11878)

  [ Fabrizio Balliano ]
  * Added support for buy_me_a_coffee (#11902)

  [ John Stevenson ]
  * Refactor proxy handling to require https_proxy (#11915)

  [ Barry vd. Heuvel ]
  * Load ProxyManager before running command to fix autoload order (#11943)

  [ David Prévot ]
  * Update Standards-Version to 4.7.0
  * Drop version from build-dependencies

 -- David Prévot <email address hidden>  Tue, 23 Apr 2024 08:06:18 +0200

Available diffs

• diff from 2.7.1-2 to 2.7.4-1 (44.9 KiB)

composer (2.7.2-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Fix plugins still being available in a few special contexts when running
    as non-interactive root, mainly create-project, refs #11854
  * Optimize outdated --ignore to avoid fetching the latest package info for
    ignored packages, fixes #11863
  * Fix ensureDirectoryExists not working when a broken symlink appears
    somewhere in the path, fixes #11864
  * Release 2.7.2

  [ Pol Dellaiera ]
  * Add a warning message when Composer is not able to guess the root package
    version (#11858)
  * Fix update --lock to avoid updating all metadata except dist/source urls
    and mirrors (#11850)

  [ Michael Newton ]
  * Include PHP information when showing Composer version verbosely (#11866)

  [ Bastien Roucariès ]
  * Add salsa-ci.yml

 -- David Prévot <email address hidden>  Tue, 12 Mar 2024 08:18:18 +0100

composer (2.7.1-2) unstable; urgency=medium

  * Force system dependencies loading

 -- David Prévot <email address hidden>  Sun, 11 Feb 2024 12:08:01 +0100

Available diffs

• diff from 2.6.6-1 to 2.7.1-2 (49.5 KiB)

composer (2.7.1-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Merge pull request from GHSA-7c6p-848j-wh5h [CVE-2024-24821]
    (Closes: #1063603)
  * Release 2.7.1

  [ David Prévot ]
  * Extend recommended packages list (Closes: #1061291)

 -- David Prévot <email address hidden>  Sat, 10 Feb 2024 11:18:19 +0100

composer (2.6.6-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.6.6

  [ Dan Wallis ]
  * Use global constant if available for libpq version (#11684)
  * Display error instead of throwing exception when unable to update
    with temporary constraint (#11692)

 -- David Prévot <email address hidden>  Tue, 12 Dec 2023 07:49:21 +0100

Available diffs

• diff from 2.6.5-1 to 2.6.6-1 (7.3 KiB)

composer (2.6.5-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Fix autoload generator dump() non-BC signature change in 2.6.4
  * Release 2.6.5

  [ Uladzimir Tsykun ]
  * Fix error when vendor dir contains broken symlinks (#11670)

 -- David Prévot <email address hidden>  Sun, 08 Oct 2023 09:17:05 +0200

Available diffs

• diff from 2.5.8-1 to 2.6.5-1 (74.7 KiB)

composer (2.6.4-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Merge pull request from GHSA-jm6m-4632-36hf [CVE-2023-43655]
  * Release 2.6.4

 -- David Prévot <email address hidden>  Tue, 03 Oct 2023 13:21:24 +0200

composer (2.6.3-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Fix loading of root aliases on path repo packages when doing partial
    updates, fixes #11630 (#11632)
  * Add audit.abandoned warnings for abandoned packages, fixes #11623 (#11639)
  * Release 2.6.3

  [ Christophe Coevoet ]
  * Fix the promise resolution for the cleanup logic (#11620)

  [ Jason McCreary ]
  * Get realpath for `ZipArchive` (#11636)

  [ Yanick Witschi ]
  * Fixed replaced packages being incorrectly missing when unlocked by an old
    version (#11629)

  [ wgevaert ]
  * Add warning when duplicate "files" autoload rules are detected (#11109)

 -- David Prévot <email address hidden>  Sat, 16 Sep 2023 17:18:35 +0530

composer (2.6.2-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.6.2

 -- David Prévot <email address hidden>  Tue, 05 Sep 2023 20:05:50 +0530

composer (2.5.8-1) unstable; urgency=medium

  * Upload to unstable now that bookworm has been released

  [ Jordi Boggiano ]
  * Fix regression in edge cases where root package gets added to a repository
    already during the install process, fixes #11495
  * Fix EventDispatcher on windows picking bat files when using "@php binary",
    fixes #11490
  * Ignore ICU CDLR version fetching when ICU cannot initialize the resource
    bundle, fixes #11492
  * Update type declarations on ClassLoader, fixes #11482 (#11500)
  * Release 2.5.8

  [ David Prévot ]
  * Avoid option not compatible with PHPUnit 10

 -- David Prévot <email address hidden>  Tue, 13 Jun 2023 07:21:32 +0200

Available diffs

• diff from 2.5.5-1 to 2.5.8-1 (14.3 KiB)

composer (2.5.7-1) experimental; urgency=medium

  [ Jordi Boggiano ]
  * Fix autoload regression with metapackage dependencies (#11481)
  * Update changelog
  * Release 2.5.7

 -- David Prévot <email address hidden>  Wed, 24 May 2023 20:51:32 +0200

composer (2.5.6-1) experimental; urgency=medium

  * Upload to experimental during the freeze

  [ Jordi Boggiano ]
  * Fix lock file being more recent than vendor dir when require guesses the
    constraint after resolution, fixes #11405
  * Fixed binary proxies to return whatever the original binary returns as
    well, fixes #11416 (#11454)
  * Fix support for readonly classes as plugins, fixes #11404
  * Fix getmypid being required as it is not always available, fixes #11401
  * Return null for install path for metapackages instead of an empty path
    which then resolves to the root package's path (#11455)
  * Fix numeric default-branches with v prefix (e.g. v2.x-dev) being treated
    as non-numeric and receiving an alias like e.g. dev-main
  * Fix lock file verification to take into account root provider/replacers
    and output mismatches there more clearly, fixes #11458 (#11475)
  * Update changelog
  * Release 2.5.6

  [ Stefan Grootscholten ]
  * Fix authentication issues with private bitbucket repos (#11464)

 -- David Prévot <email address hidden>  Wed, 24 May 2023 12:51:13 +0200

composer (2.5.5-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Escape % chars in user input before passing to sprintf, fixes #11359
  * Fix github header handling to be case insensitive, fixes rate limit
    extraction (#11366)
  * Fix return type of InstalledVersions::getInstalled, fixes #11304
  * Update changelog
  * Release 2.5.5

  [ Uladzimir Tsykun ]
  * Fix basic auth infinite loop (#11320)

  [ Wim Leers ]
  * Follow-up for #5205: fix high concurrency race condition

 -- David Prévot <email address hidden>  Fri, 24 Mar 2023 10:41:51 +0100

Available diffs

• diff from 2.5.4-1 to 2.5.5-1 (14.2 KiB)

composer (2.5.4-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.5.4

  [ Marek Nocoń ]
  * Added optional plugin check in PluginInstaller (#11318)

 -- David Prévot <email address hidden>  Wed, 15 Feb 2023 18:24:56 +0100

Available diffs

• diff from 2.5.2-1 to 2.5.4-1 (2.2 KiB)
• diff from 2.5.3-1 to 2.5.4-1 (1.4 KiB)

composer (2.5.3-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.5.3

  [ Nicolas Grekas ]
  * Add extra.plugin-optional to auto-disable plugins in non-interactive mode
    (#11315)

 -- David Prévot <email address hidden>  Sat, 11 Feb 2023 06:53:04 +0100

Available diffs

• diff from 2.5.2-1 to 2.5.3-1 (1.9 KiB)

composer (2.5.2-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Warn when require ends up auto-selecting a feature branch,
    fixes #11264 (#11270)
  * Release 2.5.2

 -- David Prévot <email address hidden>  Mon, 06 Feb 2023 08:26:32 +0100

Available diffs

• diff from 2.5.1-1 to 2.5.2-1 (15.2 KiB)

composer (2.5.1-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Add autoconfiguration of gitlab-domains/github-domains when auth is present
    for custom domains, fixes #11062
  * Add warning when outdated command rejects an existing version due to
    platform requirements, fixes #11016 (#11113)
  * Add hard failure if COMPOSER_AUTH is malformed json, fixes #11085
  * Add support for adding Command classes as scripts (#11151)
  * Add interactive prompt for which script/binary to run if run-script/exec is
    called without arg, fixes #11128 (#11157)
  * Make the require command guess versions more accurately by delegating to the
    solver (except with --no-update) (#11160)
  * Update to composer/pcre 2.1 (#11189)
  * Add support for bumping >=x to >=latest, fixes #11179
  * Improve version selection in archive command, fixes #4794 (#11230)
  * Release 2.5.1

  [ Jellyfrog ]
  * Add download-only mode (#11041)

  [ Stephan Jorek ]
  * Feature: Add support for autocompleting setting-keys in config-command
    (#11130)

  [ PrinsFrank ]
  * Prompt users in interactive mode for where to store the credentials if a
    local auth config file exists (#11188)
  * Check missing-from-lock-file required packages when running install and fail
    when there are any (#11195)

  [ David Prévot ]
  * Update standards version to 4.6.2, no changes needed.

 -- David Prévot <email address hidden>  Sat, 24 Dec 2022 09:18:30 +0100

Available diffs

• diff from 2.4.4-1 to 2.5.1-1 (93.8 KiB)

composer (2.4.4-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Retry cache writes if they fail, refs #11076
  * Fix outdated command outputting some of the legend to stdout
  * Fix regression in loading Composer on SMB/network shares, refs #8231 #11077
  * Fix status command reporting differences when source reference is a tag
    name, fixes #11155
  * Release 2.4.4

  [ Kuba Werłos ]
  * Add "--dry-run" to bump command (#11047)

 -- David Prévot <email address hidden>  Sat, 29 Oct 2022 10:59:15 +0200

Available diffs

• diff from 2.4.1-1 to 2.4.4-1 (43.8 KiB)

composer (2.4.3-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Fix json format of audit command missing affectedVersions, fix reportedAt
    format (BC BREAK!), fixes #11104 (#11120)
  * Fixes plugin commands not being loaded during completion
  * Fix parsing of aliases used within complex OR constraints, fixes #11086
  * Fix min-php version check to avoid crashing sites with a 200, fixes #11091
  * Ensure files are readable before reading in JsonFile, fixes #11077
  * Fix require failing to do a dry-run when requiring a package with a
    stability flag, fixes #11112
  * Release 2.4.3

 -- David Prévot <email address hidden>  Mon, 17 Oct 2022 08:44:15 +0200

composer (2.4.2-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Fix handling of zero-major versions in outdated --major-only flag, fixes #11032
  * Fix show --platform regression failing if no composer.json exists, fixes #11046
  * Fix handling of upper-bound platform req ignores to not act on conflicts (#11037)
  * Fix type error in validating array loader when name is not set
  * Fix handling of plugin activation when running as root
  * Release 2.4.2

 -- David Prévot <email address hidden>  Mon, 19 Sep 2022 08:14:21 +0200

composer (1.8.4-1+deb10u2) buster; urgency=medium

  * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960)
  * Update GitHub token pattern (Closes: #989315)
  * Use Authorization header instead of deprecated access_token query param
    (Closes: #955485)

 -- David Prévot <email address hidden>  Sat, 28 May 2022 18:18:24 +0200

composer (2.4.1-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.4.1

 -- David Prévot <email address hidden>  Sun, 21 Aug 2022 09:54:52 +0200

Available diffs

• diff from 2.3.10-1 to 2.4.1-1 (975.1 KiB)
• diff from 2.4.0-1 to 2.4.1-1 (269.3 KiB)

composer (2.4.0-1) unstable; urgency=medium

  * Upload new minor to unstable

  [ Jordi Boggiano ]
  * Release 2.4.0

  [ Michael Telgmann ]
  * Improve documentation about the new bash completion feature (#10962)

  [ David Prévot ]
  * Add bash completion

 -- David Prévot <email address hidden>  Fri, 19 Aug 2022 07:32:17 +0200

Available diffs

• diff from 2.3.10-1 to 2.4.0-1 (733.1 KiB)

composer (2.4.0~rc1-1) experimental; urgency=medium

  * Upload RC to experimental

  [ Jordi Boggiano ]
  * Make use of new composer/class-map-generator package and build up BC layer
  * Add seld/signal-handler dependency
  * Release 2.4.0-RC1

  [ David Prévot ]
  * Add new build-dependencies
    - php-composer-class-map-generator
    - php-seld-signal-handler

 -- David Prévot <email address hidden>  Tue, 26 Jul 2022 11:46:51 +0200

composer (2.3.10-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.3.10

  [ David Prévot ]
  * Install /u/s/pkg-php-tools/autoloaders file
  * Declare more minimal versions in {,build-}dependencies
  * Drop satisfied minimal versions in test dependencies

 -- David Prévot <email address hidden>  Sat, 16 Jul 2022 09:59:10 +0200

Available diffs

• diff from 2.3.9-1 to 2.3.10-1 (6.6 KiB)

composer (2.0.9-2+deb11u1) bullseye; urgency=medium

  * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960)
  * Update GitHub token pattern (Closes: #989315)
  * Checkout ProcessExecutorMock.php needed for updated tests

 -- David Prévot <email address hidden>  Sun, 29 May 2022 11:55:56 +0200

composer (2.3.9-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.3.9

 -- David Prévot <email address hidden>  Fri, 08 Jul 2022 09:24:04 +0200

Available diffs

• diff from 2.3.8-1 to 2.3.9-1 (5.0 KiB)

composer (2.3.8-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.3.8

  [ David Prévot ]
  * Drop now useless debian/pkg-php-tools-* entries

 -- David Prévot <email address hidden>  Mon, 04 Jul 2022 08:00:29 +0200

Available diffs

• diff from 2.3.7-2 to 2.3.8-1 (9.1 KiB)

composer (2.3.7-2) unstable; urgency=medium

  * Upload to unstable
  * Force recent php-composer-pcre

 -- David Prévot <email address hidden>  Sat, 18 Jun 2022 12:05:52 +0200

Available diffs

• diff from 2.2.14-1ubuntu1 (in Ubuntu) to 2.3.7-2 (365.0 KiB)

composer (2.3.7-1) experimental; urgency=medium

  * Upload new minor to experimental

  [ Jordi Boggiano ]
  * Bump target version, bump PHP and dependency requirements to PHP 7.2+
  * Upgrade to composer/pcre 2.x
  * Release 2.3.7

  [ Simon Podlipsky ]
  * Allow psr/log ^3.0 (#10454)

  [ David Prévot ]
  * Revert "Track 2.2 for now"
  * Update Standards-Version to 4.6.1
  * Build-depend on recent php-composer-pcre
  * Use php-curl for the testsuite

 -- David Prévot <email address hidden>  Fri, 17 Jun 2022 17:30:56 +0200

composer (2.2.14-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.14

 -- David Prévot <email address hidden>  Sat, 11 Jun 2022 10:02:58 +0200

composer (2.2.13-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.13

 -- David Prévot <email address hidden>  Thu, 26 May 2022 20:43:21 +0200

composer (2.2.12-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.12

  [ Stephan ]
  * Merge pull request from GHSA-x7cr-6qr6-2hh6
    [CVE-2022-24828] Closes: #1009960

  [ David Prevot ]
  * Track 2.2 for now

 -- David Prévot <email address hidden>  Thu, 21 Apr 2022 15:15:02 +0200

composer (2.2.11-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.11

  [ David Prévot ]
  * Track 2.2 for now (bookworm?)

 -- David Prévot <email address hidden>  Mon, 04 Apr 2022 08:34:13 +0200

composer (2.2.9-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.9

 -- David Prévot <email address hidden>  Tue, 22 Mar 2022 17:25:49 +0100

composer (2.2.7-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.7

 -- David Prévot <email address hidden>  Mon, 07 Mar 2022 01:32:52 +0100

composer (2.2.6-2) unstable; urgency=medium

  * Force recent symfony/console for CI

 -- David Prévot <email address hidden>  Mon, 07 Feb 2022 05:45:20 -0400

composer (2.2.6-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Minor BC Break! Rename COMPOSER_BIN_DIR available inside binaries to
    COMPOSER_RUNTIME_BIN_DIR (#10512)
  * Release 2.2.6

  [ David Prévot ]
  * Force recent symfony/console output

 -- David Prévot <email address hidden>  Sat, 05 Feb 2022 11:18:18 -0400

composer (2.2.5-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.5

 -- David Prévot <email address hidden>  Sat, 22 Jan 2022 09:45:43 -0400

composer (2.2.4-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.4

 -- David Prévot <email address hidden>  Mon, 10 Jan 2022 08:20:38 -0400

composer (2.2.3-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.3

 -- David Prévot <email address hidden>  Fri, 31 Dec 2021 10:51:57 -0400

composer (2.2.2-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.2.2

 -- David Prévot <email address hidden>  Thu, 30 Dec 2021 10:12:08 -0400

composer (2.2.1-2) unstable; urgency=medium

  * Skip tests failing on 32-bit architectures

 -- David Prévot <email address hidden>  Sat, 25 Dec 2021 18:40:13 -0400

composer (2.2.1-1) unstable; urgency=medium

  * Upload release to unstable

  [ Jordi Boggiano ]
  * Release 2.2.1

  [ David Prévot ]
  * Exclude more files for phpab

 -- David Prévot <email address hidden>  Wed, 22 Dec 2021 18:55:57 -0400

composer (2.2.0~rc1-1) experimental; urgency=medium

  * Upload RC to experimental

  [ Jordi Boggiano ]
  * Add composer/pcre dependency and use it everywhere instead of preg_*
  * Release 2.2.0-RC1

  [ David Prévot ]
  * Build-Depend on php-composer-pcre

 -- David Prévot <email address hidden>  Thu, 09 Dec 2021 07:56:31 -0400

composer (2.1.14-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Remove symfony/console ^6 compat as it is incorrect, fixes #10321
  * Release 2.1.14

  [ David Prévot ]
  * Drop d/pkg-php-tools-autoloaders entry provided by
    /u/s/p/a/php-composer-spdx-licenses

 -- David Prévot <email address hidden>  Tue, 30 Nov 2021 07:08:49 -0400

composer (2.1.12-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.1.12

  [ David Prévot ]
  * Install /u/s/p/overrides file
  * d/README.source: Remove wrong statement about upstream signature

 -- David Prévot <email address hidden>  Sat, 13 Nov 2021 06:55:43 -0400

composer (2.1.11-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.1.11

 -- David Prévot <email address hidden>  Fri, 05 Nov 2021 09:38:14 -0400

composer (2.1.10-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.1.10

  [ Matthew Davis ]
  * Allow psr/log ^2.0 (#10158)

 -- David Prévot <email address hidden>  Mon, 01 Nov 2021 09:15:32 -0400

composer (2.1.9-1) unstable; urgency=medium

  * Upload to unstable now that Bullseye has been released

  [ Jordi Boggiano ]
  * Release 2.1.9

  [ David Prévot ]
  * Update standards version to 4.6.0, no changes needed
  * Drop pkg-php-tools overrides for php-json-schema
  * Exclude another file for phpab

 -- David Prévot <email address hidden>  Thu, 07 Oct 2021 22:01:15 -0400

composer (2.1.3-1) experimental; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.1.3

 -- David Prévot <email address hidden>  Fri, 18 Jun 2021 15:07:35 -0400

composer (1.8.4-1+deb10u1) buster-security; urgency=high

  * Use debian/buster branch
  * Security: Fixed command injection vulnerability.
    Fix external process calls to avoid user input being able to pass extra
    parameters in HgDriver/HgDownloader and hardened other VCS drivers and
    downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]

 -- David Prévot <email address hidden>  Tue, 27 Apr 2021 18:47:26 -0400

composer (2.0.14-1) experimental; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.0.14

  [ Jérémy Derussé ]
  * Allow Symfony 6.0 (#9896)

  [ John Stevenson ]
  * Upgrade to xdebug-handler 2 (#9832)

  [ David Prévot ]
  * Build-depend on recent php-composer-xdebug-handler

 -- David Prévot <email address hidden>  Sat, 22 May 2021 12:10:41 -0400

composer (2.0.9-2) unstable; urgency=medium

  * Use debian/bullseye branch
  * Security: Fixed command injection vulnerability.
    Fix external process calls to avoid user input being able to pass extra
    parameters in HgDriver/HgDownloader and hardened other VCS drivers and
    downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]

 -- David Prévot <email address hidden>  Tue, 27 Apr 2021 18:20:52 -0400

composer (2.0.13-1) experimental; urgency=medium

  [ Jordi Boggiano ]
  * Switch to composer/metadata-minifier, fixes #9727
  * Release 2.0.13
  * Security: Fixed command injection vulnerability in HgDriver/HgDownloader
    and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx)
    [CVE-2021-29472]

  [ David Prévot ]
  * New php-composer-metadata-minifier (build-)dependency

 -- David Prévot <email address hidden>  Tue, 27 Apr 2021 18:00:29 -0400

composer (2.0.12-1) experimental; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.0.12

 -- David Prévot <email address hidden>  Thu, 08 Apr 2021 09:22:12 -0400

composer (2.0.11-1) experimental; urgency=medium

  * Upload to experimental to respect the freeze

  [ Jordi Boggiano ]
  * Release 2.0.11

  [ David Prévot ]
  * Update copyright
  * Extend excluded file list for autoload
  * Generate phpabtpl at build time
  * d/control:
    - Drop versioned dependency satisfied in the upcoming stable
    - Use dh-sequence-phpcomposer instead of pkg-php-tools

 -- David Prévot <email address hidden>  Tue, 09 Mar 2021 11:24:35 -0400

composer (2.0.9-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 2.0.9

  [ David Prévot ]
  * Simplify gbp import-orig workflow

 -- David Prévot <email address hidden>  Thu, 28 Jan 2021 20:05:13 -0400

Available diffs

• diff from 2.0.8-2 to 2.0.9-1 (28.2 KiB)

composer (2.0.8-2) unstable; urgency=medium

  * Upload to unstable in sync with PHPUnit 9

 -- David Prévot <email address hidden>  Sun, 20 Dec 2020 17:04:35 -0400

Available diffs

• diff from 1.10.19-1 to 2.0.8-2 (442.3 KiB)

composer (2.0.8-1) experimental; urgency=medium

  * Upload new major release to experimental

  [ Jordi Boggiano ]
  * Update react/promise requirement
  * Fix php8 build bootstrap
  * Try to workaround react/promise php8 issue
  * Bump to use composer/semver 3.x
  * Release 2.0.8

  [ David Prévot ]
  * Install upgrade documentation
  * Build-Depend on php-react-promise
  * Build-Depend on recent php-composer-semver
  * Ignore Class Redeclarations in test files
  * Use recent PHPUnit to run tests
  * Use php-intl for the testsuite

 -- David Prévot <email address hidden>  Fri, 11 Dec 2020 14:05:54 -0400

composer (1.10.19-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.19

  [ David Prévot ]
  * Update watch file format version to 4.
  * Update Standards-Version to 4.5.1

 -- David Prévot <email address hidden>  Fri, 11 Dec 2020 11:30:40 -0400

Available diffs

• diff from 1.10.13-1 to 1.10.19-1 (16.7 KiB)

composer (1.10.13-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.13

 -- David Prévot <email address hidden>  Sun, 13 Sep 2020 07:51:25 -0400

Available diffs

• diff from 1.10.10-1 to 1.10.13-1 (4.1 KiB)

composer (1.10.12-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.12

 -- David Prévot <email address hidden>  Tue, 08 Sep 2020 21:48:19 -0400

composer (1.10.11-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.11

  [ David Prévot ]
  * Rename main branch to debian/latest (DEP-14)

 -- David Prévot <email address hidden>  Tue, 08 Sep 2020 13:45:31 -0400

composer (1.10.10-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.10

 -- David Prévot <email address hidden>  Sat, 08 Aug 2020 09:43:55 +0200

Available diffs

• diff from 1.10.9-1 to 1.10.10-1 (6.5 KiB)

composer (1.10.9-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.9

 -- David Prévot <email address hidden>  Sun, 02 Aug 2020 09:03:35 +0200

Available diffs

• diff from 1.10.8-1 to 1.10.9-1 (4.7 KiB)

composer (1.10.8-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.8

  [ David Prévot ]
  * Factorise test handling
  * Set Rules-Requires-Root: no.

 -- David Prévot <email address hidden>  Thu, 09 Jul 2020 01:52:38 -0400

Available diffs

• diff from 1.10.7-1 to 1.10.8-1 (17.1 KiB)

composer (1.10.7-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.7

 -- David Prévot <email address hidden>  Fri, 05 Jun 2020 17:29:25 -1000

Available diffs

• diff from 1.10.6-1 to 1.10.7-1 (4.3 KiB)

composer (1.10.6-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.6

  [ David Prévot ]
  * Use debhelper-compat 13
  * Simplify override_dh_auto_test
  * composer.1: Preserve source

 -- David Prévot <email address hidden>  Wed, 27 May 2020 09:33:53 -1000

Available diffs

• diff from 1.10.5-1 to 1.10.6-1 (8.4 KiB)

composer (1.10.5-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.5

 -- David Prévot <email address hidden>  Sun, 12 Apr 2020 23:43:12 -1000

Available diffs

• diff from 1.10.1-1 to 1.10.5-1 (7.1 KiB)

composer (1.10.1-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.10.1

 -- David Prévot <email address hidden>  Sat, 14 Mar 2020 15:17:36 -1000

Available diffs

• diff from 1.10.0-1 to 1.10.1-1 (4.7 KiB)

composer (1.10.0-1) unstable; urgency=medium

  * Upload release version to unstable

  [ Jordi Boggiano ]
  * Release 1.10.0

 -- David Prévot <email address hidden>  Tue, 10 Mar 2020 16:32:41 -1000

Available diffs

• diff from 1.9.3-1 to 1.10.0-1 (72.4 KiB)

composer (1.10.0~rc-1) experimental; urgency=medium

  * Upload RC to experimental (with updated testsuite, closes: #952339)

  [ Jordi Boggiano ]
  * Release 1.10.0-RC

 -- David Prévot <email address hidden>  Sun, 23 Feb 2020 10:56:20 -1000