--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-60ec715192
2022-05-07 04:08:14.314466
--------------------------------------------------------------------------------
Name : composer
Product : Fedora 36
Version : 2.3.5
Release : 1.fc36
URL :
https://getcomposer.org/
Summary : Dependency Manager for PHP
Description :
Composer helps you declare, manage and install dependencies of PHP projects,
ensuring you have the right stack everywhere.
Documentation:
https://getcomposer.org/doc/
--------------------------------------------------------------------------------
Update Information:
**Version 2.3.5** - 2022-04-13 * Security: Fixed command injection
vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828) *
Added warning when downloading a file with `verify_peer[_name]` disabled
(#10722) * Fixed curl downloader not retrying when a DNS resolution failure
occurs (#10716) * Fixed composer.lock file still being used/read when the
`lock` config option is disabled (#10726) * Fixed `validate` command checking
the lock file even if the `lock` option is disabled (#10723) * Fixed detection
of default branch name when it changed since a git repo was mirrored in cache
dir (#10701) ---- **Version 2.3.4** - 2022-04-07 * Fixed the generated
autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on
older PHP versions (#10714) * Fixed run-script --list flag regression (#10710)
* Fixed curl downloader handling of DNS resolution failures to do an automatic
retry (#10716) * Fixed script handling of external commands not setting the
Path env correctly on windows (#10700) * Fixed various type errors (#10694,
#10696, #10702, #10712, #10703) ---- **Version 2.3.3** - 2022-04-01 *
Added --2.2 flag to `self-update` to pin the Composer version to the 2.2 LTS
range (#10682) * Added missing config.bitbucket-oauth in composer-schema.json
* Fixed type errors in SvnDriver (#10681) * Fixed --version output to match
the pre-2.3 one (#10684) * Fixed config/auth.json files not being validated
against the composer-schema.json (#10685) * Fixed generation of autoload
crashing if a package has a broken path (#10688) * Fixed GitDriver state issue
when reusing old cache dirs and the default branch was renamed (#10687) *
Updated semver, jsonlint deps for minor fixes * Removed dev-master=>dev-main
alias from #10372 as it does not work when reloading from lock file and
extracting dev deps (#10651) ---- **Version 2.3.2** - 2022-03-30 * Fixed
type error when running `exec` command (#10672) * Fixed endless loop in plugin
activation prompt when input is not fully interactive yet appears to be (#10648)
* Fixed type error in ComposerRepository (#10675) * Fixed issues loading
platform packages where the version of a library cannot be established (#10631)
---- **Version 2.3.1** - 2022-03-30 * Fixed type error when HOME env var is
not set (#10670) ---- **Version 2.3.0** - 2022-03-30 * Fixed many strict
types errors (#10646, #10642, #10647, #10658, #10656, #10665, #10660, #10663,
#10662) ---- **Version 2.3.0-RC2** - 2022-03-20 * Fixed invalid return value
in ComposerRepository::findPackage (#10622) * Fixed many `show` command issues
due to a flipped condition (#10623) * Fixed `phpversion()` handling when it
returns false due to an extension defining no version (#10631) * Fixed `remove`
command failing when no `allow-plugin` is defined in config (#10629) *
Performance improvement in Composer bootstrapping (version guessing) when on a
feature branch (#10632) ---- **Version 2.3.0-RC1** - 2022-03-16 * BC Break:
the minimum PHP version is now 7.2.5+, use the [Composer 2.2
LTS](https://github.com/composer/composer/issues/10340) if you are stuck with an
older PHP (#10343) * BC Break: added native parameter & return types to many
internal APIs, we explicitly left the most extended/implemented symbols
untouched but if this causes problems nonetheless please report it ASAP (#10547,
#10561) * BC Break: added visibility to all constants, a few internal ones have
been made private/protected, if this causes problems please report it ASAP
(#10550) * BC Break: the minimum supported Symfony components version is now
5.4, this only affects you if you are requiring composer/composer directly
however, which is generally frowned upon * Bumped `composer-plugin-api` to
`2.3.0` * Bumped bundled Symfony components from 2.8 to 5.4 ���� * Added
`declare(strict_types=1)` to all the classes, which for sure could cause
regressions in edge cases, please report with stack traces (#10567) * Added
`--patch-only` to the `outdated` command to only show updates to patch versions
and ignore new major/minor versions (#10589) * Added clickable links to various
commands for terminals which support it (#10430) * Added ProcessExecutor ability
to receive commands as arrays by (internals/plugin change only) (#10435) * Added
abandoned flag to `show`/`outdated` commands JSON-formatted output (#10485) *
Added config.reference option to `path` repositories to configure the way the
reference is generated, and possibly reduce composer.lock conflicts (#10488) *
Added automatic removal of allow-plugins rules when removing a plugin via the
`remove` command (#10615) * Added COMPOSER_IGNORE_PLATFOR_REQ &
COMPOSER_IGNORE_PLATFOR_REQS env vars to configure the equivalent flags (#10616)
* Added support for Symfony 6.0 components * Added support for psr/log 3.x
(#10454) * Fixed symlink creation in linux VM guest filesystems to be recognized
by Windows (#10592) * Performance improvement in pool optimization step (#10585)
---- **Version 2.2.10** - 2022-03-29 * Fixed Bitbucket authorization
detection due to API changes (#10657) * Fixed validate command warning about
dist/source keys if defined (#10655) * Fixed deletion/handling of corrupted
0-bytes zip archives (#10666)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 14 2022 Remi Collet <remi(a)remirepo.net> - 2.3.5-1
- update to 2.3.5
* Fri Apr 8 2022 Remi Collet <remi(a)remirepo.net> - 2.3.4-1
- update to 2.3.4
* Sat Apr 2 2022 Remi Collet <remi(a)remirepo.net> - 2.3.3-1
- update to 2.3.3
* Thu Mar 31 2022 Remi Collet <remi(a)remirepo.net> - 2.3.2-1
- update to 2.3.2
* Wed Mar 30 2022 Remi Collet <remi(a)remirepo.net> - 2.3.0-1
- update to 2.3.0
- always use bundled libraries
as symfony/* 5.4 and composer/pcre 2 are not available
* Wed Mar 30 2022 Remi Collet <remi(a)remirepo.net> - 2.2.10-1
- update to 2.2.10
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-60ec715192' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------