chore(deps): bump composer/composer from 2.7.9 to 2.8.2 in /packages/php in the minor-production-deps group

[dependabot]

Bumps the minor-production-deps group in /packages/php with 1 update: composer/composer.

Updates composer/composer from 2.7.9 to 2.8.2

Release notes

Sourced from composer/composer's releases.

2.8.2

• Fixed crash while suggesting providers if they have no description (#12152)
• Fixed issues creating lock files violating the schema in some circumstances (#12149)
• Fixed create-project regression in 2.8.1 when using path repos with relative paths (#12150)
• Fixed ctrl-C aborts not working inside text prompts (#12106)
• Fixed git failing silently when git cannot read a repo due to ownership violations (#12178)
• Fixed handling of signals in non-PHP binaries run via proxies (#12176)

Full Changelog: composer/composer@2.8.1...2.8.2

2.8.1

• Fixed init command regression when no license is provided (#12145)
• Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#12148)
• Fixed create-project to inherit the target folder's permissions for installed project files (#12146)
• Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#8023)

Full Changelog: composer/composer@2.8.0...2.8.1

2.8.0

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
• Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
• Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
• Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
• Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
• Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
• Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
• Added a JSON schema for the composer.lock file (#12123)
• Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
• Added --type flag to filter packages by type(s) in the reinstall command (#12114)
• Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
• Added warning in dump-autoload when vendor files have been deleted (#12139)
• Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
• Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
• Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
• Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
• Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
• Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
• Fixed init command to validate the given license identifier (#12115)
• Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
• Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
• Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
• Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
• Fixed handling of platform packages in why-not command and partial updates (#12110)
• Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

Full Changelog: composer/composer@2.7.9...2.8.0

Changelog

Sourced from composer/composer's changelog.

[2.8.2] 2024-10-29

• Fixed crash while suggesting providers if they have no description (#12152)
• Fixed issues creating lock files violating the schema in some circumstances (#12149)
• Fixed create-project regression in 2.8.1 when using path repos with relative paths (#12150)
• Fixed ctrl-C aborts not working inside text prompts (#12106)
• Fixed git failing silently when git cannot read a repo due to ownership violations (#12178)
• Fixed handling of signals in non-PHP binaries run via proxies (#12176)

[2.8.1] 2024-10-04

• Fixed init command regression when no license is provided (#12145)
• Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#12148)
• Fixed create-project to inherit the target folder's permissions for installed project files (#12146)
• Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#8023)

[2.8.0] 2024-10-02

• BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
• Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
• Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
• Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
• Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
• Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
• Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
• Added a JSON schema for the composer.lock file (#12123)
• Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
• Added --type flag to filter packages by type(s) in the reinstall command (#12114)
• Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
• Added warning in dump-autoload when vendor files have been deleted (#12139)
• Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
• Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
• Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
• Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
• Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
• Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
• Fixed init command to validate the given license identifier (#12115)
• Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
• Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
• Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
• Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
• Fixed handling of platform packages in why-not command and partial updates (#12110)
• Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

Commits

• 6e543d0 Release 2.8.2
• f956683 Update changelog
• e02f7ba Fix parsing of comments in arrays of sponsor info, fixes composer/packagist#1473
• e0ed22b Warn/throw when we detect git safe.directory errors (#12178)
• 1f0d012 Add hint how ambiguous class issues can be resolved, refs #6221 (#12179)
• 5c3f6e0 Remove SignalHandler from Application to fix issues handling ctrl-C inside pr...
• e12cfa0 Fix create-project regression when using path repos with relative paths, fixe...
• fa5b361 Fix handling of signals in non-PHP binaries run via proxies (#12176)
• 0a4c2a9 Update deps
• 186d78c Add php-ext to array dumper
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions