chore(deps): update dependency composer/composer to v2

[renovate]

This PR contains the following updates:

Package	Update	Change
composer/composer	major	1.10.1 -> 2.0.14

---

Release Notes

composer/composer

v2.0.14

Compare Source

• Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3
  • Fixed handling of inline-update-constraints with references or stability flags (#​9847)
  • Fixed async processes erroring in an unclear way when they failed to start (#​9808)
  • Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library (#​9896)
  • Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present (#​9621)
  • Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages (#​9627)
  • Fixed type annotations for the InstalledVersions class
  • Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData (#​9816)

v2.0.13

Compare Source

• Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)
  • Fixed install step at the end of the init command to take new dependencies into account correctly
  • Fixed update --lock listing updates which were not really happening (#​9812)
  • Fixed support for --no-dev combined with --locked in outdated and show commands (#​9788)

v2.0.12

Compare Source

• Fixed support for new GitHub OAuth token format (#​9757)
  • Fixed support for Vagrant/VirtualBox filesystem slowness by adding short sleeps in some places (#​9627)
  • Fixed unclear error reporting when a package is in the lock file but not in the remote repositories (#​9750)
  • Fixed processes silently ignoring the CWD when it does not exist
  • Fixed new Windows bin handling to avoid proxying phar files (#​9742)
  • Fixed issue extracting archives into paths that already exist, fixing problems with some custom installers (composer/installers#​479)
  • Fixed support for branch names starting with master/trunk/default (#​9739)
  • Fixed self-update to preserve phar file permissions on Windows (#​9733)
  • Fixed detection of hg version when localized (#​9753)
  • Fixed git execution failures to also include the stdout output (#​9720)

v2.0.11

Compare Source

• Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected

v2.0.10

Compare Source

• Added COMPOSER_MAX_PARALLEL_HTTP to let people set a lower amount of parallel requests if needed
  • Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
  • Fixed exec command suppressing output in some circumstances
  • Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
  • Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
  • Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
  • Fixed regression handling some private Bitbucket repository clones
  • Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
  • Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
  • Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
  • Fixed support for older lib-sodium versions
  • Fixed various minor issues

v2.0.9

Compare Source

• Added warning if the curl extension is not enabled as it significantly degrades performance
  • Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
  • Fixed download speed when downloading large files
  • Fixed archive and path repo copies mishandling some .gitignore paths
  • Fixed root package classes not being available to the plugins/scripts during the initial install
  • Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
  • Fixed preg jit issues when config or require modifies large composer.json files
  • Fixed compatibility with envs having open_basedir restrictions
  • Fixed exclude-from-classmap causing regex issues when having too many paths
  • Fixed compatibility issue with Symfony 4/5
  • Several small performance and debug output improvements

v2.0.8

Compare Source

• Fixed packages with aliases not matching conflicts which match the alias
  • Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
  • Fixed curl error handling edge cases
  • Fixed cached git repositories becoming stale by having a git gc applied to them periodically
  • Fixed issue initializing plugins when using dev packages
  • Fixed update --lock / mirrors failing to update in some edge cases
  • Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

v2.0.7

Compare Source

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
  • Fixed root aliases not being present in lock file if not required by anything else
  • Fixed remove command requiring a lock file to be present
  • Fixed Composer\InstalledVersions to always contain up to date data during installation
  • Fixed status command breaking on slow networks
  • Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

v2.0.6

Compare Source

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

v2.0.5

Compare Source

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
  • Improved platform-check handling of issue reporting
  • Fixed platform-check to only check non-dev requires even if require-dev dependencies are installed
  • Fixed issues dealing with custom installers which return trailing slashes in getInstallPath (ideally avoid doing this as there might be other issues left)
  • Fixed issues when curl functions are disabled
  • Fixed gitlab-domains/github-domains to make sure if they are overridden the default value remains present
  • Fixed issues removing/upgrading packages from path repositories on Windows
  • Fixed regression in 2.0.4 when handling of [email protected] URLs in vcs repositories
  • Fixed issue running create-project in current directory on Windows

v2.0.4

Compare Source

• Fixed check-platform-req command not being clear on what packages are checked, and added a --lock flag to explicitly check the locked packages
  • Fixed config & create-project adding of repositories to make sure they are prepended as order is much more important in Composer 2, also added a --append flag to config to restore the old behavior in the unlikely case this is needed
  • Fixed curl downloader failing on old PHP releases or when using self-signed SSL certificates
  • Fixed Bitbucket API authentication issue

v2.0.3

Compare Source

• Fixed bug in outdated command where dev packages with branch-aliases where always shown as being outdated
  • Fixed issue in lock file interoperability with composer 1.x when using dev-master as xxx aliases
  • Fixed new --locked option being missing from outdated command, for checking outdated packages directly from the lock file
  • Fixed a few debug/error reporting strings

v2.0.2

Compare Source

• Fixed regression handling composer show -s in projects where no version can be guessed from VCS
  • Fixed regression handling partial updates/require when a lock file was missing
  • Fixed interop issue with plugins that need to update dist URLs of packages, see docs if you need this

v2.0.1

Compare Source

• Updated composer/xdebug-handler to 2.0 which adds supports for Xdebug 3
  • Fixed handling of inline-update-constraints with references or stability flags (#​9847)
  • Fixed async processes erroring in an unclear way when they failed to start (#​9808)
  • Fixed support for the upcoming Symfony 6.0 release when Composer is installed as a library (#​9896)
  • Fixed progress output missing newlines on PowerShell, and disable progress output by default when CI env var is present (#​9621)
  • Fixed support for Vagrant/VirtualBox filesystem slowness when installing binaries from packages (#​9627)
  • Fixed type annotations for the InstalledVersions class
  • Deprecated InstalledVersions::getRawData in favor of InstalledVersions::getAllRawData (#​9816)

v2.0.0

Compare Source

• Fixed proxy handling issues when combined with our new curl-based downloader
  • Fixed solver bug resulting in endless loops in some cases
  • Fixed solver output being extremely long due to learnt rules
  • Fixed solver bug with multi literals
  • Fixed a couple minor regressions

v1.10.22

Compare Source

• Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

v1.10.21

Compare Source

• Fixed support for new GitHub OAuth token format
  • Fixed processes silently ignoring the CWD when it does not exist

v1.10.20

Compare Source

• Fixed exclude-from-classmap causing regex issues when having too many paths
  • Fixed compatibility issue with Symfony 4/5

v1.10.19

Compare Source

• Fixed regression on PHP 8.0

v1.10.18

Compare Source

• Allow installation on PHP 8.0

v1.10.17

Compare Source

• Fixed Bitbucket API authentication issue
  • Fixed parsing of Composer 2 lock files breaking in some rare conditions

v1.10.16

Compare Source

• Added warning to validate command for cases where packages provide/replace a package that they also require
  • Fixed JSON schema validation issue with PHPStorm
  • Fixed symlink handling in archive command

v1.10.15

Compare Source

• Fixed path repo version guessing issue

v1.10.14

Compare Source

• Fixed version guesser to look at remote branches as well as local ones
  • Fixed path repositories version guessing to handle edge cases where version is different from the VCS-guessed version
  • Fixed COMPOSER env var causing issues when combined with the global command
  • Fixed a few issues dealing with PHP without openssl extension (not recommended at all but sometimes needed for testing)

v1.10.13

Compare Source

• Fixed regressions with old version validation
  • Fixed invalid root aliases not being reported

v1.10.12

Compare Source

• Fixed regressions with old version validation

v1.10.11

Compare Source

• Fixed more PHP 8 compatibility issues
  • Fixed regression in handling of CTRL-C when xdebug is loaded
  • Fixed status handling of broken symlinks

v1.10.10

Compare Source

• Fixed create-project not triggering events while installing the root package
  • Fixed PHP 8 compatibility issue
  • Fixed self-update to avoid automatically upgrading to the next major version once it becomes stable

v1.10.9

Compare Source

• Fixed Bitbucket redirect loop when credentials are outdated
  • Fixed GitLab auth prompt wording
  • Fixed self-update handling of files requiring admin permissions to write to on Windows (it now does a UAC prompt)
  • Fixed parsing issues in funding.yml files

v1.10.8

Compare Source

• Fixed compatibility issue with git being configured to show signatures by default
  • Fixed discarding of local changes when updating packages to include untracked files
  • Several minor fixes

v1.10.7

Compare Source

• Fixed PHP 8 deprecations
  • Fixed detection of pcntl_signal being in disabled_functions when pcntl_async_signal is allowed

v1.10.6

Compare Source

• Fixed version guessing to take composer-runtime-api and composer-plugin-api requirements into account to avoid selecting packages which require Composer 2
  • Fixed package name validation to allow several dashes following each other
  • Fixed post-status-cmd script not firing when there were no changes to be displayed
  • Fixed composer-runtime-api support on Composer 1.x, the package is now present as 1.0.0
  • Fixed support for composer show --name-only --self
  • Fixed detection of GitLab URLs when handling authentication in some cases

v1.10.5

Compare Source

• Fixed self-update on PHP <5.6, seriously please upgrade people, it's time
  • Fixed 1.10.2 regression with PATH resolution in scripts

v1.10.4

Compare Source

• Fixed 1.10.2 regression in path symlinking with absolute path repos

v1.10.3

Compare Source

• Fixed invalid --2 flag warning in self-update when no channel is requested

v1.10.2

Compare Source

• Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.