Thanks to visit codestin.com
Credit goes to github.com

Skip to content

2.10.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 28 May 10:53
· 2 commits to main since this release
Immutable release. Only release title and notes can be modified.
2.10.0
This tag was signed with the committer’s verified signature.
Seldaek Jordi Boggiano
SSH Key Fingerprint: KBKTm9TeaI4QxKP/aMyIi9elsYz80JjqRpukTSp9NBc
Verified
Learn about vigilant mode.
c13824d
This commit was signed with the committer’s verified signature.
Seldaek Jordi Boggiano
SSH Key Fingerprint: KBKTm9TeaI4QxKP/aMyIi9elsYz80JjqRpukTSp9NBc
Verified
Learn about vigilant mode.

Read the Composer 2.10 Release Announcement for more details on the release highlights.

Full Changelog

  • BC Break / Security: Disabled automatic fallback to source checkout if dist/zip install fails, we have introduced a new source-fallback config option as a temporary way to restore the old behavior, but if you need this talk to us as we plan to remove it entirely in 2.11 (#12885)
  • BC Break: Minor break for audit consumers, the exit code is now always 0 (success) or 1 if anything failed the audit (#12881)
  • Security: Added dependency policies to block package versions where malware was detected on update/install or report it with audit (#12786)
  • Security: Hardened output filtering of URLs to reduce chances of token leaks (#12882, #12886)
  • Security: Fixed handling of uppercase schemes in URL validation that might have allowed https requirement bypass (#12884)
  • Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed (2bcbfc3)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (5e71d77)
  • Security: Enforce allow-plugins even in non-interactive mode for very old pre-2.2 lock files (#12764)
  • Added support for temporary --with constraints with wildcards in the package name for the update command (#12658)
  • Added --strict-psr-autoloader flag to install and update commands (#12647)
  • Added source-fallback config option to disable or enable source fallback on download failure (#12698)
  • Added --require parameter to create-project to add new packages to the project as it gets installed (#12738)
  • Optimized plugin autoloading by avoiding regenerating classmaps for every package per plugin (#12696)
  • Optimized PoolOptimizer memory usage (#12783)
  • Optimized classmap dumping performance
  • Deprecated most of the audit config in favor of the new policy one (#12804, see #12786 for the RFC and upgrade docs)
  • Fixed update --bump-after-update to only bump packages that actually were updated (#12733)
  • Fixed GitHub API authentication errors not being visible to the user (#12737)
  • Fixed error reporting for clarity when a constraint cannot be parsed (#12743)
  • Fixed warning being shown when lock file is disabled (#12760)
  • Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading (#12758)
  • Fixed some platform package parsing failing when Composer runs in web SAPIs (#12735)
  • Fixed audit command returning a success code when the vendor dir was not present (#12880)

Full Changelog: 2.9.8...2.10.0

Assets 5
Loading