Bump composer/composer from 2.7.7 to 2.8.3

[dependabot]

Bumps composer/composer from 2.7.7 to 2.8.3.

Release notes

Sourced from composer/composer's releases.

2.8.3

• Fixed windows handling of process discovery (#12180)
• Fixed react/promise requirement to allow 2.x installs again (#12188)
• Fixed some issues when lock:false is set in require and bump commands

Full Changelog: composer/composer@2.8.2...2.8.3

2.8.2

• Fixed crash while suggesting providers if they have no description (#12152)
• Fixed issues creating lock files violating the schema in some circumstances (#12149)
• Fixed create-project regression in 2.8.1 when using path repos with relative paths (#12150)
• Fixed ctrl-C aborts not working inside text prompts (#12106)
• Fixed git failing silently when git cannot read a repo due to ownership violations (#12178)
• Fixed handling of signals in non-PHP binaries run via proxies (#12176)

Full Changelog: composer/composer@2.8.1...2.8.2

2.8.1

• Fixed init command regression when no license is provided (#12145)
• Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#12148)
• Fixed create-project to inherit the target folder's permissions for installed project files (#12146)
• Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#8023)

Full Changelog: composer/composer@2.8.0...2.8.1

2.8.0

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
• Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
• Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
• Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
• Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
• Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
• Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
• Added a JSON schema for the composer.lock file (#12123)
• Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
• Added --type flag to filter packages by type(s) in the reinstall command (#12114)
• Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
• Added warning in dump-autoload when vendor files have been deleted (#12139)
• Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
• Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
• Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
• Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
• Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
• Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
• Fixed init command to validate the given license identifier (#12115)
• Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
• Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
• Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
• Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.8.3] 2024-11-17

• Fixed windows handling of process discovery (#12180)
• Fixed react/promise requirement to allow 2.x installs again (#12188)
• Fixed some issues when lock:false is set in require and bump commands

[2.8.2] 2024-10-29

• Fixed crash while suggesting providers if they have no description (#12152)
• Fixed issues creating lock files violating the schema in some circumstances (#12149)
• Fixed create-project regression in 2.8.1 when using path repos with relative paths (#12150)
• Fixed ctrl-C aborts not working inside text prompts (#12106)
• Fixed git failing silently when git cannot read a repo due to ownership violations (#12178)
• Fixed handling of signals in non-PHP binaries run via proxies (#12176)

[2.8.1] 2024-10-04

• Fixed init command regression when no license is provided (#12145)
• Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#12148)
• Fixed create-project to inherit the target folder's permissions for installed project files (#12146)
• Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#8023)

[2.8.0] 2024-10-02

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
• Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
• Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
• Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
• Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
• Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
• Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
• Added a JSON schema for the composer.lock file (#12123)
• Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
• Added --type flag to filter packages by type(s) in the reinstall command (#12114)
• Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
• Added warning in dump-autoload when vendor files have been deleted (#12139)
• Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
• Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
• Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
• Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
• Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
• Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
• Fixed init command to validate the given license identifier (#12115)
• Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
• Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
• Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
• Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
• Fixed handling of platform packages in why-not command and partial updates (#12110)
• Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

... (truncated)

Commits

• 2a7c712 Release 2.8.3
• 8f87ab3 Update changelog
• 580f000 Ensure we run git commands for bin/compile inside the root of the git repo, r...
• 2e83ead Allow react/promise 2.x again, fixes #12188
• 23d1030 phpstan type fixes
• 8f24b67 Try to fix lowest deps tests
• a7a14ea Show root package version in error output for circular dependencies for added...
• f1163bd Avoid updating the lock hash if there is no lock
• a39f57b Update deps
• 1e7857d Update docs with hint for avast disabling
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)