Bump composer/composer from 2.7.2 to 2.7.4

[dependabot]

Bumps composer/composer from 2.7.2 to 2.7.4.

Release notes

Sourced from composer/composer's releases.

2.7.4

• Fixed regression (Call to undefined method ProxyManager::needsTransitionWarning()) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940)

As a side-note, requiring composer/composer is frowned upon and should really only be done in circumstances where it is absolutely necessary, and ideally you should talk to us first to see if we can't help avoid it or help by extracting some code in a smaller library.

2.7.3

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915)
• Fixed show and outdated commands to remove leading v in e.g. v1.2.3 when showing lists of packages (#11925)
• Fixed audit command not showing any id when no CVE is present, the advisory ID is now shown (#11892)
• Fixed the warning about a missing default version showing for packages with project type as those are typically not versioned and do not have cyclic dependencies (#11885)
• Fixed PHP 8.4 deprecation warnings
• Fixed clear-cache command to respect the config.cache-dir setting from the local composer.json (#11921)
• Fixed status command not handling failed download/install promises correctly (#11889)
• Added support for buy_me_a_coffee in GitHub funding files (#11902)
• Added hg support for SSH urls (#11878)
• Fixed some env vars with an integer value causing a crash (#11908)
• Fixed context data not being output when using IOInterface as a PSR-3 logger (#11882)

Changelog

Sourced from composer/composer's changelog.

[2.7.4] 2024-04-22

• Fixed regression (Call to undefined method ProxyManager::needsTransitionWarning()) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940)

[2.7.3] 2024-04-19

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915)
• Fixed show and outdated commands to remove leading v in e.g. v1.2.3 when showing lists of packages (#11925)
• Fixed audit command not showing any id when no CVE is present, the advisory ID is now shown (#11892)
• Fixed the warning about a missing default version showing for packages with project type as those are typically not versioned and do not have cyclic dependencies (#11885)
• Fixed PHP 8.4 deprecation warnings
• Fixed clear-cache command to respect the config.cache-dir setting from the local composer.json (#11921)
• Fixed status command not handling failed download/install promises correctly (#11889)
• Added support for buy_me_a_coffee in GitHub funding files (#11902)
• Added hg support for SSH urls (#11878)
• Fixed some env vars with an integer value causing a crash (#11908)
• Fixed context data not being output when using IOInterface as a PSR-3 logger (#11882)

Commits

• a625e50 Release 2.7.4
• 68b1a12 Update changelog
• b0d98b9 Load ProxyManager before running command to fix autoload order (#11943)
• 9f84f0c Reverting release version changes
• e49be96 Release 2.7.3
• 1dd63ba Update changelog
• 69dc828 Ensure type must be provided in init command
• 3238d7d Upgrade phpstan-strict-rules
• 70927f7 Add FAQ about using a proxy (#11933)
• b0ec0f9 Update phpstan deps and fix a few array_filter issues
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (cc7b218) to head (2673242).
Report is 1 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##                main       #57   +/-   ##
===========================================
  Coverage     100.00%   100.00%           
  Complexity       319       319           
===========================================
  Files             26        26           
  Lines            737       737           
===========================================
  Hits             737       737           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dependabot]

Superseded by #61.