Bump composer/composer from 2.7.9 to 2.8.0

[dependabot]

Bumps composer/composer from 2.7.9 to 2.8.0.

Release notes

Sourced from composer/composer's releases.

2.8.0

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
• Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
• Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
• Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
• Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
• Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
• Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
• Added a JSON schema for the composer.lock file (#12123)
• Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
• Added --type flag to filter packages by type(s) in the reinstall command (#12114)
• Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
• Added warning in dump-autoload when vendor files have been deleted (#12139)
• Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
• Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
• Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
• Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
• Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
• Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
• Fixed init command to validate the given license identifier (#12115)
• Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
• Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
• Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
• Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
• Fixed handling of platform packages in why-not command and partial updates (#12110)
• Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

Full Changelog: composer/composer@2.7.9...2.8.0

Changelog

Sourced from composer/composer's changelog.

[2.8.0] 2024-10-02

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
• Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
• Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
• Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
• Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
• Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
• Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
• Added a JSON schema for the composer.lock file (#12123)
• Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
• Added --type flag to filter packages by type(s) in the reinstall command (#12114)
• Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
• Added warning in dump-autoload when vendor files have been deleted (#12139)
• Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
• Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
• Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
• Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
• Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
• Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
• Fixed init command to validate the given license identifier (#12115)
• Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
• Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
• Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
• Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
• Fixed handling of platform packages in why-not command and partial updates (#12110)
• Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

Commits

• d5e75c2 Release 2.8.0
• 71aa35b Update changelog
• c6271f1 Fix init command to accept proprietary as license
• 57e9795 Fix issue downloading from codeload.github.com when using basic-auth for gith...
• a01ab9b Better app password support for bitbucket (#12103)
• 31d83b2 Add composer audit --ignore-severity option (#12132)
• 5b25607 Tweak output of VcsRepo to be less verbose
• 58e8da7 Update deps
• edb1588 Handle dump-autoload where vendor folder is not installed or not complete (#1...
• 8949f91 Fix deprecated ParametersAcceptorSelector::selectSingle (#12136)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)