Skip to content

Releases: composer/composer

1.2.0-RC

04 Jul 16:13
@Seldaek Seldaek
1.2.0-RC
e3c36a7
Compare
Choose a tag to compare
1.2.0-RC

Run composer self-update --preview to try it out!

  • Added caching of git repositories if you have git 2.3+ installed. Repositories will now be cached once and then cloned from local cache so subsequent installs should be faster
  • Added detection of HEAD changes to the status command. If you git checkout X in a vendor directory for example it will tell you that it is not at the version that was installed
  • Added a virtual ext-network-ipv6 extension to require PHP compiled with IPv6 support
  • Added --no-suggest to install and update commands to skip output of suggestions at the end
  • Added --type to the search command to restrict to a given package type
  • Added fossil support as alternative to git/svn/.. for package downloads
  • Improved BitBucket OAuth support
  • Added support for blocking cache operations using COMPOSER_CACHE_DIR=/dev/null (or NUL on windows)
  • Added support for using declare(strict_types=1) in plugins
  • Added --prefer-stable and --prefer-lowest to the require command
  • Added --no-scripts to the require and remove commands
  • Added _comment top level key to the schema to endorse using it as a place to store comments (it can be a string or array of strings)
  • Added support for justinrainbow/json-schema 2.0
  • Fixed binaries not being re-installed if deleted by users or the bin-dir changes. update and install will now re-install them
  • Many minor UX and docs improvements
Loading

1.1.3

02 Jul 16:26
@Seldaek Seldaek
1.1.3
30ab6f1
Compare
Choose a tag to compare
1.1.3
  • Fixed bitbucket oauth instructions
  • Fixed version parsing issue
  • Fixed handling of bad proxies that modify JSON content on the fly
Loading

1.1.2

31 May 18:53
@Seldaek Seldaek
1.1.2
b2cf67b
Compare
Choose a tag to compare
1.1.2
  • Fixed degraded mode issue when accessing packagist.org
  • Fixed GitHub access_token being added on subsequent requests in case of redirections
  • Fixed exclude-from-classmap not working in some circumstances
  • Fixed openssl warning preventing the use of config command for disabling tls
Loading

1.1.1

17 May 11:28
@Seldaek Seldaek
1.1.1
48156b0
Compare
Choose a tag to compare
1.1.1
  • Fixed regression in handling of #reference which made it update every time
  • Fixed dev platform requirements being required even in --no-dev install from a lock file
  • Fixed parsing of extension versions that do not follow valid numbers, we now try to parse x.y.z and ignore the rest
  • Fixed exact constraints warnings appearing for 0.x versions
  • Fixed regression in the remove command
Loading

1.1.0

10 May 14:23
@Seldaek Seldaek
1.1.0
2eab5e8
Compare
Choose a tag to compare
1.1.0
  • Added ability for plugins to register their own composer commands
  • Added BaseCommand::isProxyCommand that can be overriden to mark a command as being a mere proxy, which helps avoid duplicate warnings etc on composer startup
  • Optimized the autoloader initialization using static loading on PHP 5.6 and above, this reduces the load time for large classmaps to almost nothing
  • Added --latest to show command to show the latest version available of your dependencies
  • Added --outdated to show command an composer outdated alias for it, to show only packages in need of update
  • Added --direct to show and outdated commands to show only your direct dependencies in the listing
  • Added support for editing all top-level properties (name, minimum-stability, ...) as well as extra values via the config command
  • Added abandoned state warning to the show and outdated commands when listing latest packages
  • Added support for ~/ and $HOME/ in the path repository paths
  • Added support for wildcards in the show command package filter, e.g. composer show seld/*
  • Added ability to call composer itself from scripts via @composer ...
  • Added untracked files detection to the status command
  • Added warning to validate command when using exact-version requires
  • Added warning once per domain when accessing insecure URLs with secure-http disabled
  • Added a dependency on composer/ca-bundle (extracted CA bundle management to a standalone lib)
  • Added support for empty directories when archiving to tar
  • Added an init event for plugins to react to, which occurs right after a Composer instance is fully initialized
  • Added fallback to SSH for https bitbucket URLs
  • Added many new detections of problems in the why-not/prohibits command to figure out why something does not get installed in the expected version
  • Added a deprecation notice for script event listeners that use legacy script classes
  • Fixed abandoned state not showing up if you had a package installed before it was marked abandoned
  • Fixed --no-dev updates creating an incomplete lock file, everything is now always resolved on update
  • Fixed partial updates in case the vendor dir was not up to date with the lock file
  • Fixed archiving generating long paths in zip files on Windows
Loading

1.1.0-RC

29 Apr 16:36
@Seldaek Seldaek
1.1.0-RC
94c2a21
Compare
Choose a tag to compare
1.1.0-RC
  • Added ability for plugins to register their own composer commands
  • Optimized the autoloader initialization using static loading on PHP 5.6 and above, this reduces the load time for large classmaps to almost nothing
  • Added --latest to show command to show the latest version available of your dependencies
  • Added --outdated to show command an composer outdated alias for it, to show only packages in need of update
  • Added --direct to show and outdated commands to show only your direct dependencies in the listing
  • Added support for editing all top-level properties (name, minimum-stability, ...) as well as extra values via the config command
  • Added abandoned state warning to the show and outdated commands when listing latest packages
  • Added support for ~/ and $HOME/ in the path repository paths
  • Added support for wildcards in the show command package filter, e.g. composer show seld/*
  • Added ability to call composer itself from scripts via @composer ...
  • Added untracked files detection to the status command
  • Added warning to validate command when using exact-version requires
  • Added warning once per domain when accessing insecure URLs with secure-http disabled
  • Added a dependency on composer/ca-bundle (extracted CA bundle management to a standalone lib)
  • Added support for empty directories when archiving to tar
  • Added an init event for plugins to react to, which occurs right after a Composer instance is fully initialized
  • Added many new detections of problems in the why-not/prohibits command to figure out why something does not get installed in the expected version
  • Added a deprecation notice for script event listeners that use legacy script classes
  • Fixed abandoned state not showing up if you had a package installed before it was marked abandoned
  • Fixed --no-dev updates creating an incomplete lock file, everything is now always resolved on update
  • Fixed partial updates in case the vendor dir was not up to date with the lock file
Loading

1.0.3

29 Apr 15:41
@Seldaek Seldaek
1.0.3
a4a0546
Compare
Choose a tag to compare
1.0.3
  • Security: Fixed possible command injection from the env vars into our sudo detection
  • Fixed interactive authentication with gitlab
  • Fixed class name replacement in plugins
  • Fixed classmap generation mistakenly detecting anonymous classes
  • Fixed auto-detection of stability flags in complex constraints like 2.0-dev || ^1.5
  • Fixed content-length handling when redirecting to very small responses
Loading

1.0.2

21 Apr 11:44
@Seldaek Seldaek
1.0.2
a083aa5
Compare
Choose a tag to compare
1.0.2
  • Fixed regression in 1.0.1 on systems with mbstring.func_overload enabled
  • Fixed regression in 1.0.1 that made dev packages update to the latest reference even if not whitelisted in a partial update
  • Fixed init command ignoring the COMPOSER env var for choosing the json file name
  • Fixed error reporting bug when the dependency resolution fails
  • Fixed handling of $ sign in composer config command in some cases it could corrupt the json file
Loading

1.0.1

18 Apr 20:20
@Seldaek Seldaek
1.0.1
de0e25b
Compare
Choose a tag to compare
1.0.1
  • Fixed URL updating when a package's URL changes, composer.lock now contains the right URL including correct reference
  • Fixed URL updating of the origin git remote as well for packages installed as git clone
  • Fixed binary .bat files generated from linux being incompatible with windows cmd
  • Fixed handling of paths with trailing slashes in path repository
  • Fixed create-project not using platform config when selecting a package
  • Fixed self-update not showing the channel it uses to perform the update
  • Fixed file downloads not failing loudly when the content does not match the Content-Length header
  • Fixed secure-http detecting some malformed URLs as insecure
  • Updated CA bundle
Loading

1.0.0

05 Apr 14:18
@Seldaek Seldaek
1.0.0
32df3aa
Compare
Choose a tag to compare
1.0.0
  • Added support for bitbucket-oauth configuration
  • Added warning when running composer as super user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must
  • Added PluginManager::getGlobalComposer getter to retrieve the global instance (which can be null!)
  • Fixed dependency solver error reporting in many cases it now shows you proper errors instead of just saying a package does not exist
  • Fixed output of failed downloads appearing as 100% done instead of Failed
  • Fixed handling of empty directories when archiving, they are not skipped anymore
  • Fixed installation of broken plugins corrupting the vendor state when combined with symlinked path repositories
Loading