From f231a42f97ff9959be8eabfbdf2aac19ac6039e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 15:45:33 +0200 Subject: [PATCH 1/6] chore(deps): bump rack from 3.1.7 to 3.1.8 in /packages/ruby (#1111) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [rack](https://github.com/rack/rack) from 3.1.7 to 3.1.8.
Changelog

Sourced from rack's changelog.

[3.1.8] - 2024-10-14

Fixed

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rack&package-manager=bundler&previous-version=3.1.7&new-version=3.1.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/ruby/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ruby/Gemfile.lock b/packages/ruby/Gemfile.lock index bb0446ccf8..6a15450c98 100644 --- a/packages/ruby/Gemfile.lock +++ b/packages/ruby/Gemfile.lock @@ -35,7 +35,7 @@ GEM racc public_suffix (5.1.1) racc (1.8.1) - rack (3.1.7) + rack (3.1.8) rack-test (2.1.0) rack (>= 1.3) rainbow (3.1.1) From 516d3620e41db0cebdcc5c3bb0d063f2c7fe6091 Mon Sep 17 00:00:00 2001 From: Andrii Andreiev <129078694+AndriiAndreiev@users.noreply.github.com> Date: Fri, 15 Nov 2024 11:58:51 +0200 Subject: [PATCH 2/6] fix(ruby): update bundle version (#1124) fix ruby lint error due to bundle version --- packages/ruby/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ruby/Gemfile.lock b/packages/ruby/Gemfile.lock index 6a15450c98..990626afe4 100644 --- a/packages/ruby/Gemfile.lock +++ b/packages/ruby/Gemfile.lock @@ -94,4 +94,4 @@ DEPENDENCIES webmock BUNDLED WITH - 2.1.4 + 2.5.23 From ea33e6dda71077afa424b5ce825f1112bf748a99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 12:05:49 +0200 Subject: [PATCH 3/6] chore(deps): bump rubocop-rspec from 3.1.0 to 3.2.0 in /packages/ruby (#1113) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [rubocop-rspec](https://github.com/rubocop/rubocop-rspec) from 3.1.0 to 3.2.0.
Release notes

Sourced from rubocop-rspec's releases.

RuboCop RSpec v3.2.0

  • Fix RSpec/VoidExpect to only operate inside an example block. (@​corsonknowles)
  • Change RSpec/ContextWording cop to always report an offense when both Prefixes and AllowedPatterns are empty. (@​ydah)
  • Add support for and and or compound matchers to RSpec/ChangeByZero cop. (@​ydah)
Changelog

Sourced from rubocop-rspec's changelog.

3.2.0 (2024-10-26)

  • Fix RSpec/VoidExpect to only operate inside an example block. ([@​corsonknowles])
  • Change RSpec/ContextWording cop to always report an offense when both Prefixes and AllowedPatterns are empty. ([@​ydah])
  • Add support for and and or compound matchers to RSpec/ChangeByZero cop. ([@​ydah])
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rubocop-rspec&package-manager=bundler&previous-version=3.1.0&new-version=3.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrii Andreiev <129078694+AndriiAndreiev@users.noreply.github.com> --- packages/ruby/Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/ruby/Gemfile.lock b/packages/ruby/Gemfile.lock index 990626afe4..6b81d276e2 100644 --- a/packages/ruby/Gemfile.lock +++ b/packages/ruby/Gemfile.lock @@ -22,7 +22,7 @@ GEM csv mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) - json (2.7.2) + json (2.7.5) json-schema (5.0.0) addressable (~> 2.8) language_server-protocol (3.17.0.3) @@ -30,7 +30,7 @@ GEM multi_xml (0.7.1) bigdecimal (~> 3.1) parallel (1.26.3) - parser (3.3.5.0) + parser (3.3.5.1) ast (~> 2.4.1) racc public_suffix (5.1.1) @@ -65,12 +65,12 @@ GEM rubocop-ast (>= 1.32.2, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.32.3) + rubocop-ast (1.33.0) parser (>= 3.3.1.0) rubocop-performance (1.22.1) rubocop (>= 1.48.1, < 2.0) rubocop-ast (>= 1.31.1, < 2.0) - rubocop-rspec (3.1.0) + rubocop-rspec (3.2.0) rubocop (~> 1.61) ruby-progressbar (1.13.0) unicode-display_width (2.6.0) From 277f8151b971b36d5bc1a90e0e5105599124b9e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 12:10:39 +0200 Subject: [PATCH 4/6] chore(deps): bump json-schema from 5.0.0 to 5.0.1 in /packages/ruby (#1110) Bumps [json-schema](https://github.com/voxpupuli/json-schema) from 5.0.0 to 5.0.1.
Changelog

Sourced from json-schema's changelog.

v5.0.1 (2024-10-03)

Full Changelog

Fixed bugs:

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json-schema&package-manager=bundler&previous-version=5.0.0&new-version=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/ruby/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/ruby/Gemfile.lock b/packages/ruby/Gemfile.lock index 6b81d276e2..b992ec7a4b 100644 --- a/packages/ruby/Gemfile.lock +++ b/packages/ruby/Gemfile.lock @@ -23,7 +23,7 @@ GEM mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) json (2.7.5) - json-schema (5.0.0) + json-schema (5.0.1) addressable (~> 2.8) language_server-protocol (3.17.0.3) mini_mime (1.1.5) From 8aa1fb38febad0136bc66664cac70239d28f6797 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 12:29:48 +0200 Subject: [PATCH 5/6] chore(deps): bump rubocop from 1.66.1 to 1.68.0 in /packages/ruby (#1112) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [rubocop](https://github.com/rubocop/rubocop) from 1.66.1 to 1.68.0.
Release notes

Sourced from rubocop's releases.

RuboCop 1.68

New features

Bug fixes

  • #13401: Fix a false negative for Style/RedundantLineContinuation when there is a line continuation at the EOF. (@​koic)
  • #13368: Fix an incorrect autocorrect for Naming/BlockForwarding with Style/ExplicitBlockArgument. (@​koic)
  • #13391: Fix deserialization of unknown encoding offenses. (@​earlopain)
  • #13348: Ensure Style/BlockDelimiters autocorrection does not move other code between the block and comment. (@​dvandersluis)
  • #13382: Fix an error during error handling for custom ruby extractors when the extractor is a class. (@​earlopain)
  • #13309: Fix a false negative for Lint/UselessAssignment cop when there is a useless assignment followed by a block. (@​pCosta99)
  • #13255: Fix false negatives for Style/MapIntoArray when using non-splatted arguments. (@​vlad-pisanov)
  • #13356: Fix a false positive for Layout/SpaceBeforeBrackets when there is a dot before []=. (@​earlopain)
  • #13365: Fix false positives for Lint/SafeNavigationConsistency when using safe navigation on the LHS with operator method on the RHS of &&. (@​koic)
  • #13390: Fix false positives for Style/GuardClause when using a local variable assigned in a conditional expression in a branch. (@​koic)
  • #13337: Fix false positives for Style/RedundantLineContinuation when required line continuations for && is used with an assignment after a line break. (@​koic)
  • #13387: Fix false positives in Style/RedundantParentheses when parentheses are used around method chain with do...end block in keyword argument. (@​koic)
  • #13341: Fix false positives for Lint/SafeNavigationChain when a safe navigation operator is used with a method call as the RHS operand of && for the same receiver. (@​koic)
  • #13324: Fix --disable-uncorrectable to not insert a comment inside a string continuation. (@​dvandersluis)
  • #13364: Fix incorrect autocorrect with Lint/UselessAssignment a multiple assignment or for contains an inner assignment. (@​dvandersluis)
  • #13353: Fix an incorrect autocorrect for Style/BlockDelimiters when EnforcedStyle: semantic is set and used with Layout/SpaceInsideBlockBraces. (@​koic)
  • #13361: Fix false positives for Style/RedundantInterpolationUnfreeze and Style/RedundantFreeze when strings contain interpolated global, instance, and class variables. (@​vlad-pisanov)
  • #13343: Prevent Layout/LineLength from breaking up a method with arguments chained onto a heredoc delimiter. (@​dvandersluis)
  • #13374: Return exit code 0 with --display-only-correctable and --display-only-safe-correctable when no offenses are displayed. (@​dvandersluis)
  • #13193: Fix false positive in Style/MultipleComparison when ComparisonsThreshold exceeds 2. (@​fatkodima,@​vlad-pisanov)
  • #13325: Fix an incorrect autocorrect for Lint/NonAtomicFileOperation when using a postfix unless for file existence checks before creating a file, in cases with Dir.mkdir. ([@​kotaro0522][])
  • #13397: Update PercentLiteralCorrector to be able to write pairs of delimiters without excessive escaping. (@​dvandersluis)
  • #13336: Update Style/SafeNavigation to not autocorrect if the RHS of an and node is an or node. (@​dvandersluis)
  • #13378: When removing parens in Style/TernaryParentheses with a send node condition, ensure its arguments are parenthesized. (@​dvandersluis)

Changes

  • #13347: When running rubocop -V, show the analysis Ruby version of the current directory. (@​earlopain)

... (truncated)

Changelog

Sourced from rubocop's changelog.

1.68.0 (2024-10-31)

New features

Bug fixes

  • #13401: Fix a false negative for Style/RedundantLineContinuation when there is a line continuation at the EOF. ([@​koic][])
  • #13368: Fix an incorrect autocorrect for Naming/BlockForwarding with Style/ExplicitBlockArgument. ([@​koic][])
  • #13391: Fix deserialization of unknown encoding offenses. ([@​earlopain][])
  • #13348: Ensure Style/BlockDelimiters autocorrection does not move other code between the block and comment. ([@​dvandersluis][])
  • #13382: Fix an error during error handling for custom ruby extractors when the extractor is a class. ([@​earlopain][])
  • #13309: Fix a false negative for Lint/UselessAssignment cop when there is a useless assignment followed by a block. ([@​pCosta99][])
  • #13255: Fix false negatives for Style/MapIntoArray when using non-splatted arguments. ([@​vlad-pisanov][])
  • #13356: Fix a false positive for Layout/SpaceBeforeBrackets when there is a dot before []=. ([@​earlopain][])
  • #13365: Fix false positives for Lint/SafeNavigationConsistency when using safe navigation on the LHS with operator method on the RHS of &&. ([@​koic][])
  • #13390: Fix false positives for Style/GuardClause when using a local variable assigned in a conditional expression in a branch. ([@​koic][])
  • #13337: Fix false positives for Style/RedundantLineContinuation when required line continuations for && is used with an assignment after a line break. ([@​koic][])
  • #13387: Fix false positives in Style/RedundantParentheses when parentheses are used around method chain with do...end block in keyword argument. ([@​koic][])
  • #13341: Fix false positives for Lint/SafeNavigationChain when a safe navigation operator is used with a method call as the RHS operand of && for the same receiver. ([@​koic][])
  • #13324: Fix --disable-uncorrectable to not insert a comment inside a string continuation. ([@​dvandersluis][])
  • #13364: Fix incorrect autocorrect with Lint/UselessAssignment a multiple assignment or for contains an inner assignment. ([@​dvandersluis][])
  • #13353: Fix an incorrect autocorrect for Style/BlockDelimiters when EnforcedStyle: semantic is set and used with Layout/SpaceInsideBlockBraces. ([@​koic][])
  • #13361: Fix false positives for Style/RedundantInterpolationUnfreeze and Style/RedundantFreeze when strings contain interpolated global, instance, and class variables. ([@​vlad-pisanov][])
  • #13343: Prevent Layout/LineLength from breaking up a method with arguments chained onto a heredoc delimiter. ([@​dvandersluis][])
  • #13374: Return exit code 0 with --display-only-correctable and --display-only-safe-correctable when no offenses are displayed. ([@​dvandersluis][])
  • #13193: Fix false positive in Style/MultipleComparison when ComparisonsThreshold exceeds 2. ([@​fatkodima][],[@​vlad-pisanov][])
  • #13325: Fix an incorrect autocorrect for Lint/NonAtomicFileOperation when using a postfix unless for file existence checks before creating a file, in cases with Dir.mkdir. ([@​kotaro0522][])
  • #13397: Update PercentLiteralCorrector to be able to write pairs of delimiters without excessive escaping. ([@​dvandersluis][])
  • #13336: Update Style/SafeNavigation to not autocorrect if the RHS of an and node is an or node. ([@​dvandersluis][])
  • #13378: When removing parens in Style/TernaryParentheses with a send node condition, ensure its arguments are parenthesized. ([@​dvandersluis][])

Changes

  • #13347: When running rubocop -V, show the analysis Ruby version of the current directory. ([@​earlopain][])

1.67.0 (2024-10-15)

New features

  • #13259: Add new Lint/DuplicateSetElement cop. ([@​koic][])
  • #13223: Add AllowRBSInlineAnnotation config option to Layout/LeadingCommentSpace to support RBS::Inline style annotation comments. ([@​tk0miya][])

... (truncated)

Commits
  • 7d35ef7 Cut 1.68
  • 3033deb Update Changelog
  • 37e9e5f [Fix #12140] Add new Style/CombinableDefined cop.
  • f8aa27f Fix a false negative for Style/RedundantLineContinuation
  • d033a5e Merge pull request #13400 from Earlopain/offense-cop-name-docs
  • faaa349 Fix docs for Offense.cop_name
  • 85f9405 Fix deserialization of unknown encoding offenses
  • d499d80 [Fix #13387] Fix false positives for Style/RedundantParentheses
  • 3e855b0 Merge pull request #13399 from dvandersluis/fix-and-offense-typo
  • 1f58513 Fix typos and offense instead of an offense.
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rubocop&package-manager=bundler&previous-version=1.66.1&new-version=1.68.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/ruby/Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/ruby/Gemfile.lock b/packages/ruby/Gemfile.lock index b992ec7a4b..2d4d3c93e2 100644 --- a/packages/ruby/Gemfile.lock +++ b/packages/ruby/Gemfile.lock @@ -22,7 +22,7 @@ GEM csv mini_mime (>= 1.0.0) multi_xml (>= 0.5.2) - json (2.7.5) + json (2.8.2) json-schema (5.0.1) addressable (~> 2.8) language_server-protocol (3.17.0.3) @@ -30,7 +30,7 @@ GEM multi_xml (0.7.1) bigdecimal (~> 3.1) parallel (1.26.3) - parser (3.3.5.1) + parser (3.3.6.0) ast (~> 2.4.1) racc public_suffix (5.1.1) @@ -55,7 +55,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.13.0) rspec-support (3.13.1) - rubocop (1.66.1) + rubocop (1.68.0) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) @@ -65,7 +65,7 @@ GEM rubocop-ast (>= 1.32.2, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.33.0) + rubocop-ast (1.36.1) parser (>= 3.3.1.0) rubocop-performance (1.22.1) rubocop (>= 1.48.1, < 2.0) From b4b2056d5857f3323b00864c23955428020b65b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 12:32:58 +0200 Subject: [PATCH 6/6] chore(deps): bump composer/composer from 2.7.9 to 2.8.2 in /packages/php in the minor-production-deps group (#1115) Bumps the minor-production-deps group in /packages/php with 1 update: [composer/composer](https://github.com/composer/composer). Updates `composer/composer` from 2.7.9 to 2.8.2
Release notes

Sourced from composer/composer's releases.

2.8.2

  • Fixed crash while suggesting providers if they have no description (#12152)
  • Fixed issues creating lock files violating the schema in some circumstances (#12149)
  • Fixed create-project regression in 2.8.1 when using path repos with relative paths (#12150)
  • Fixed ctrl-C aborts not working inside text prompts (#12106)
  • Fixed git failing silently when git cannot read a repo due to ownership violations (#12178)
  • Fixed handling of signals in non-PHP binaries run via proxies (#12176)

Full Changelog: https://github.com/composer/composer/compare/2.8.1...2.8.2

2.8.1

  • Fixed init command regression when no license is provided (#12145)
  • Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#12148)
  • Fixed create-project to inherit the target folder's permissions for installed project files (#12146)
  • Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#8023)

Full Changelog: https://github.com/composer/composer/compare/2.8.0...2.8.1

2.8.0

  • BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
  • Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
  • Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
  • Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
  • Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
  • Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
  • Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
  • Added a JSON schema for the composer.lock file (#12123)
  • Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
  • Added --type flag to filter packages by type(s) in the reinstall command (#12114)
  • Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
  • Added warning in dump-autoload when vendor files have been deleted (#12139)
  • Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
  • Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
  • Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
  • Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
  • Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
  • Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
  • Fixed init command to validate the given license identifier (#12115)
  • Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
  • Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
  • Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
  • Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
  • Fixed handling of platform packages in why-not command and partial updates (#12110)
  • Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken

Full Changelog: https://github.com/composer/composer/compare/2.7.9...2.8.0

Changelog

Sourced from composer/composer's changelog.

[2.8.2] 2024-10-29

  • Fixed crash while suggesting providers if they have no description (#12152)
  • Fixed issues creating lock files violating the schema in some circumstances (#12149)
  • Fixed create-project regression in 2.8.1 when using path repos with relative paths (#12150)
  • Fixed ctrl-C aborts not working inside text prompts (#12106)
  • Fixed git failing silently when git cannot read a repo due to ownership violations (#12178)
  • Fixed handling of signals in non-PHP binaries run via proxies (#12176)

[2.8.1] 2024-10-04

  • Fixed init command regression when no license is provided (#12145)
  • Fixed --strict-ambiguous flag handling whereas it sometimes did not report all issues (#12148)
  • Fixed create-project to inherit the target folder's permissions for installed project files (#12146)
  • Fixed a few cases where the prompt for using a parent dir's composer.json fails to work correctly (#8023)

[2.8.0] 2024-10-02

  • BC Warning: Fixed https_proxy env var falling back to http_proxy's value. The fallback and warning have now been removed per the 2.7.3 release notes (#11938, #11915)
  • Added --patch-only flag to the update command to restrict updates to patch versions and make an update of all deps safer (#12122)
  • Added --abandoned flag to the audit command to configure how abandoned packages should be treated, overriding the audit.abandoned config setting (#12091)
  • Added --ignore-severity flag to the audit command to ignore one or more advisory severities (#12132)
  • Added --bump-after-update flag to the update command to run bump after the update is done (#11942)
  • Added a way to control which scripts receive additional CLI arguments and where they appear in the command, see the docs (#12086)
  • Added allow-missing-requirements config setting to skip the error when the lock file is not fulfilling the composer.json's dependencies (#11966)
  • Added a JSON schema for the composer.lock file (#12123)
  • Added better support for Bitbucket app passwords when cloning repos / installing from source (#12103)
  • Added --type flag to filter packages by type(s) in the reinstall command (#12114)
  • Added --strict-ambiguous flag to the dump-autoload command to make it return with an error code if duplicate classes are found (#12119)
  • Added warning in dump-autoload when vendor files have been deleted (#12139)
  • Added warnings for each missing platform package when running create-project to avoid having to run it again and again (#12120)
  • Added sorting of packages in allow-plugins when sort-packages is enabled (#11348)
  • Added suggestion of provider packages / polyfills when an ext or lib package is missing (#12113)
  • Improved interactive package update selection by first outputting all packages and their possible updates (#11990)
  • Improved dependency resolution failure output by sorting the output in a deterministic and (often) more logical way (#12111)
  • Fixed PHP 8.4 deprecation warnings about E_STRICT (#12116)
  • Fixed init command to validate the given license identifier (#12115)
  • Fixed version guessing to be more deterministic on feature branches if it appears that it could come from either of two mainline branches (#12129)
  • Fixed COMPOSER_ROOT_VERSION env var handling to treat 1.2 the same as 1.2.x-dev and not 1.2.0 (#12109)
  • Fixed require command skipping new stability flags from the lock file, causing invalid lock file diffs (#12112)
  • Fixed php://stdin potentially being open several times when running Composer programmatically (#12107)
  • Fixed handling of platform packages in why-not command and partial updates (#12110)
  • Reverted "Fixed transport-options.ssl for local cert authorization being stored in lock file making them less portable (#12019)" from 2.7.8 as it was broken
Commits
  • 6e543d0 Release 2.8.2
  • f956683 Update changelog
  • e02f7ba Fix parsing of comments in arrays of sponsor info, fixes composer/packagist#1473
  • e0ed22b Warn/throw when we detect git safe.directory errors (#12178)
  • 1f0d012 Add hint how ambiguous class issues can be resolved, refs #6221 (#12179)
  • 5c3f6e0 Remove SignalHandler from Application to fix issues handling ctrl-C inside pr...
  • e12cfa0 Fix create-project regression when using path repos with relative paths, fixe...
  • fa5b361 Fix handling of signals in non-PHP binaries run via proxies (#12176)
  • 0a4c2a9 Update deps
  • 186d78c Add php-ext to array dumper
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=composer/composer&package-manager=composer&previous-version=2.7.9&new-version=2.8.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrii Andreiev <129078694+AndriiAndreiev@users.noreply.github.com> --- packages/php/composer.lock | 122 ++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/packages/php/composer.lock b/packages/php/composer.lock index 421882849f..cd72c92d98 100644 --- a/packages/php/composer.lock +++ b/packages/php/composer.lock @@ -137,16 +137,16 @@ }, { "name": "composer/ca-bundle", - "version": "1.5.1", + "version": "1.5.2", "source": { "type": "git", "url": "https://github.com/composer/ca-bundle.git", - "reference": "063d9aa8696582f5a41dffbbaf3c81024f0a604a" + "reference": "48a792895a2b7a6ee65dd5442c299d7b835b6137" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/ca-bundle/zipball/063d9aa8696582f5a41dffbbaf3c81024f0a604a", - "reference": "063d9aa8696582f5a41dffbbaf3c81024f0a604a", + "url": "https://api.github.com/repos/composer/ca-bundle/zipball/48a792895a2b7a6ee65dd5442c299d7b835b6137", + "reference": "48a792895a2b7a6ee65dd5442c299d7b835b6137", "shasum": "" }, "require": { @@ -156,8 +156,8 @@ }, "require-dev": { "phpstan/phpstan": "^1.10", + "phpunit/phpunit": "^8 || ^9", "psr/log": "^1.0 || ^2.0 || ^3.0", - "symfony/phpunit-bridge": "^4.2 || ^5", "symfony/process": "^4.0 || ^5.0 || ^6.0 || ^7.0" }, "type": "library", @@ -193,7 +193,7 @@ "support": { "irc": "irc://irc.freenode.org/composer", "issues": "https://github.com/composer/ca-bundle/issues", - "source": "https://github.com/composer/ca-bundle/tree/1.5.1" + "source": "https://github.com/composer/ca-bundle/tree/1.5.2" }, "funding": [ { @@ -209,20 +209,20 @@ "type": "tidelift" } ], - "time": "2024-07-08T15:28:20+00:00" + "time": "2024-09-25T07:49:53+00:00" }, { "name": "composer/class-map-generator", - "version": "1.3.4", + "version": "1.4.0", "source": { "type": "git", "url": "https://github.com/composer/class-map-generator.git", - "reference": "b1b3fd0b4eaf3ddf3ee230bc340bf3fff454a1a3" + "reference": "98bbf6780e56e0fd2404fe4b82eb665a0f93b783" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/class-map-generator/zipball/b1b3fd0b4eaf3ddf3ee230bc340bf3fff454a1a3", - "reference": "b1b3fd0b4eaf3ddf3ee230bc340bf3fff454a1a3", + "url": "https://api.github.com/repos/composer/class-map-generator/zipball/98bbf6780e56e0fd2404fe4b82eb665a0f93b783", + "reference": "98bbf6780e56e0fd2404fe4b82eb665a0f93b783", "shasum": "" }, "require": { @@ -235,8 +235,8 @@ "phpstan/phpstan-deprecation-rules": "^1", "phpstan/phpstan-phpunit": "^1", "phpstan/phpstan-strict-rules": "^1.1", - "symfony/filesystem": "^5.4 || ^6", - "symfony/phpunit-bridge": "^5" + "phpunit/phpunit": "^8", + "symfony/filesystem": "^5.4 || ^6" }, "type": "library", "extra": { @@ -266,7 +266,7 @@ ], "support": { "issues": "https://github.com/composer/class-map-generator/issues", - "source": "https://github.com/composer/class-map-generator/tree/1.3.4" + "source": "https://github.com/composer/class-map-generator/tree/1.4.0" }, "funding": [ { @@ -282,25 +282,25 @@ "type": "tidelift" } ], - "time": "2024-06-12T14:13:04+00:00" + "time": "2024-10-03T18:14:00+00:00" }, { "name": "composer/composer", - "version": "2.7.9", + "version": "2.8.2", "source": { "type": "git", "url": "https://github.com/composer/composer.git", - "reference": "e30ccdd665828ae66eb1be78f056e39e1d5f55ab" + "reference": "6e543d03187c882ea1c6ba43add2467754427803" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/composer/zipball/e30ccdd665828ae66eb1be78f056e39e1d5f55ab", - "reference": "e30ccdd665828ae66eb1be78f056e39e1d5f55ab", + "url": "https://api.github.com/repos/composer/composer/zipball/6e543d03187c882ea1c6ba43add2467754427803", + "reference": "6e543d03187c882ea1c6ba43add2467754427803", "shasum": "" }, "require": { "composer/ca-bundle": "^1.5", - "composer/class-map-generator": "^1.3.3", + "composer/class-map-generator": "^1.4.0", "composer/metadata-minifier": "^1.0", "composer/pcre": "^2.2 || ^3.2", "composer/semver": "^3.3", @@ -340,7 +340,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "2.7-dev" + "dev-main": "2.8-dev" }, "phpstan": { "includes": [ @@ -380,7 +380,7 @@ "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/composer/issues", "security": "https://github.com/composer/composer/security/policy", - "source": "https://github.com/composer/composer/tree/2.7.9" + "source": "https://github.com/composer/composer/tree/2.8.2" }, "funding": [ { @@ -396,7 +396,7 @@ "type": "tidelift" } ], - "time": "2024-09-04T12:43:28+00:00" + "time": "2024-10-29T15:12:11+00:00" }, { "name": "composer/metadata-minifier", @@ -548,24 +548,24 @@ }, { "name": "composer/semver", - "version": "3.4.2", + "version": "3.4.3", "source": { "type": "git", "url": "https://github.com/composer/semver.git", - "reference": "c51258e759afdb17f1fd1fe83bc12baaef6309d6" + "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/semver/zipball/c51258e759afdb17f1fd1fe83bc12baaef6309d6", - "reference": "c51258e759afdb17f1fd1fe83bc12baaef6309d6", + "url": "https://api.github.com/repos/composer/semver/zipball/4313d26ada5e0c4edfbd1dc481a92ff7bff91f12", + "reference": "4313d26ada5e0c4edfbd1dc481a92ff7bff91f12", "shasum": "" }, "require": { "php": "^5.3.2 || ^7.0 || ^8.0" }, "require-dev": { - "phpstan/phpstan": "^1.4", - "symfony/phpunit-bridge": "^4.2 || ^5" + "phpstan/phpstan": "^1.11", + "symfony/phpunit-bridge": "^3 || ^7" }, "type": "library", "extra": { @@ -609,7 +609,7 @@ "support": { "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/semver/issues", - "source": "https://github.com/composer/semver/tree/3.4.2" + "source": "https://github.com/composer/semver/tree/3.4.3" }, "funding": [ { @@ -625,7 +625,7 @@ "type": "tidelift" } ], - "time": "2024-07-12T11:35:52+00:00" + "time": "2024-09-19T14:15:21+00:00" }, { "name": "composer/spdx-licenses", @@ -2990,16 +2990,16 @@ }, { "name": "symfony/console", - "version": "v6.4.11", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "42686880adaacdad1835ee8fc2a9ec5b7bd63998" + "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/42686880adaacdad1835ee8fc2a9ec5b7bd63998", - "reference": "42686880adaacdad1835ee8fc2a9ec5b7bd63998", + "url": "https://api.github.com/repos/symfony/console/zipball/f793dd5a7d9ae9923e35d0503d08ba734cec1d79", + "reference": "f793dd5a7d9ae9923e35d0503d08ba734cec1d79", "shasum": "" }, "require": { @@ -3064,7 +3064,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.11" + "source": "https://github.com/symfony/console/tree/v6.4.13" }, "funding": [ { @@ -3080,7 +3080,7 @@ "type": "tidelift" } ], - "time": "2024-08-15T22:48:29+00:00" + "time": "2024-10-09T08:40:40+00:00" }, { "name": "symfony/deprecation-contracts", @@ -3382,16 +3382,16 @@ }, { "name": "symfony/filesystem", - "version": "v6.4.9", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "b51ef8059159330b74a4d52f68e671033c0fe463" + "reference": "4856c9cf585d5a0313d8d35afd681a526f038dd3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/b51ef8059159330b74a4d52f68e671033c0fe463", - "reference": "b51ef8059159330b74a4d52f68e671033c0fe463", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/4856c9cf585d5a0313d8d35afd681a526f038dd3", + "reference": "4856c9cf585d5a0313d8d35afd681a526f038dd3", "shasum": "" }, "require": { @@ -3428,7 +3428,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v6.4.9" + "source": "https://github.com/symfony/filesystem/tree/v6.4.13" }, "funding": [ { @@ -3444,20 +3444,20 @@ "type": "tidelift" } ], - "time": "2024-06-28T09:49:33+00:00" + "time": "2024-10-25T15:07:50+00:00" }, { "name": "symfony/finder", - "version": "v6.4.11", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/finder.git", - "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453" + "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/finder/zipball/d7eb6daf8cd7e9ac4976e9576b32042ef7253453", - "reference": "d7eb6daf8cd7e9ac4976e9576b32042ef7253453", + "url": "https://api.github.com/repos/symfony/finder/zipball/daea9eca0b08d0ed1dc9ab702a46128fd1be4958", + "reference": "daea9eca0b08d0ed1dc9ab702a46128fd1be4958", "shasum": "" }, "require": { @@ -3492,7 +3492,7 @@ "description": "Finds files and directories via an intuitive fluent interface", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/finder/tree/v6.4.11" + "source": "https://github.com/symfony/finder/tree/v6.4.13" }, "funding": [ { @@ -3508,7 +3508,7 @@ "type": "tidelift" } ], - "time": "2024-08-13T14:27:37+00:00" + "time": "2024-10-01T08:30:56+00:00" }, { "name": "symfony/http-foundation", @@ -4571,16 +4571,16 @@ }, { "name": "symfony/process", - "version": "v6.4.8", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/process.git", - "reference": "8d92dd79149f29e89ee0f480254db595f6a6a2c5" + "reference": "1f9f59b46880201629df3bd950fc5ae8c55b960f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/process/zipball/8d92dd79149f29e89ee0f480254db595f6a6a2c5", - "reference": "8d92dd79149f29e89ee0f480254db595f6a6a2c5", + "url": "https://api.github.com/repos/symfony/process/zipball/1f9f59b46880201629df3bd950fc5ae8c55b960f", + "reference": "1f9f59b46880201629df3bd950fc5ae8c55b960f", "shasum": "" }, "require": { @@ -4612,7 +4612,7 @@ "description": "Executes commands in sub-processes", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/process/tree/v6.4.8" + "source": "https://github.com/symfony/process/tree/v6.4.13" }, "funding": [ { @@ -4628,7 +4628,7 @@ "type": "tidelift" } ], - "time": "2024-05-31T14:49:08+00:00" + "time": "2024-09-25T14:18:03+00:00" }, { "name": "symfony/service-contracts", @@ -4715,16 +4715,16 @@ }, { "name": "symfony/string", - "version": "v6.4.11", + "version": "v6.4.13", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "5bc3eb632cf9c8dbfd6529d89be9950d1518883b" + "reference": "38371c60c71c72b3d64d8d76f6b1bb81a2cc3627" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/5bc3eb632cf9c8dbfd6529d89be9950d1518883b", - "reference": "5bc3eb632cf9c8dbfd6529d89be9950d1518883b", + "url": "https://api.github.com/repos/symfony/string/zipball/38371c60c71c72b3d64d8d76f6b1bb81a2cc3627", + "reference": "38371c60c71c72b3d64d8d76f6b1bb81a2cc3627", "shasum": "" }, "require": { @@ -4781,7 +4781,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v6.4.11" + "source": "https://github.com/symfony/string/tree/v6.4.13" }, "funding": [ { @@ -4797,7 +4797,7 @@ "type": "tidelift" } ], - "time": "2024-08-12T09:55:28+00:00" + "time": "2024-09-25T14:18:03+00:00" }, { "name": "symfony/translation",