-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-f51bfbdb3c 2023-09-13 01:34:55.169265 -------------------------------------------------------------------------------- Name : composer Product : Fedora 37 Version : 2.6.2 Release : 1.fc37 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: **Version 2.6.2** - 2023-09-03 * Reverted "Fixed binary proxies causing scripts inspecting `$_SERVER['SCRIPT_NAME']` to detect them, they are now more transparent (#11562)" which caused a regression (#11617) * Fixed non-zero exit code on failed audits to only apply to `install --audit` runs and not implicit audits with `require`, `create-project` or `update` commands (#11616) * Fixed `create-project` infinite post-install loop in some circumstances (#11613) ---- **Version 2.6.1** - 2023-09-01 * Reverted "Fixed executability of non- php binaries which are not marked executable (#11557)" which caused a regression (#11612) ---- **Version 2.6.0** - 2023-09-01 * Added audit.ignore config setting to ignore security advisories by id or CVE id (#11556, #11605) * Added `rm` alias to the `remove` command (#11367) * Added runtime platform check to verify the php-64bit requirement is met (#11334) * Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418) * Added `--dry- run` to `dump-autoload` command to allow running --strict-psr checks without modifying the filesystem (#11608) * Added support for `bump`ing patch level in `~1.2.3` constraints (#11590) * Added prompt in `require` if the package name is not found but similar ones exist (#11284) * Added support for env vars and `~` in repository paths for vcs and artifact repositories (#11453) * Added support for local directory paths for repositories of type `composer` (#11526) * Added links to package homepages in `why`/`why-not` command output (#11308) * Added a `security` key to the `support` key of composer.json to set the URL to the vulnerability disclosure policy (#11271) * Added support for gathering security advisories from multiple repositories for a single package (#11436) * Fixed `install` and `update` exit code to be non-zero if the post-install security audit failed (#11362) * Fixed binary proxies causing scripts inspecting `$_SERVER['SCRIPT_NAME']` to detect them, they are now more transparent (#11562) * Fixed executability of non-php binaries which are not marked executable (#11557) * Fixed `mtime` modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#11593) * Fixed `create-project` using the wrong composer.json file if one was set via the `COMPOSER` env var (#11493) * Fixed json editing to preserve indentation when updating json files (#11390) * Fixed handling of broken junctions on windows (#11550) * Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#11534) * Fixed svn repo parsing in some edge cases (#11350) * Fixed handling of archive URLs without file extension (#11520) * Performance improvement in pool optimization step (#11449, #11450) -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 4 2023 Remi Collet <remi@xxxxxxxxxxxx> - 2.6.2-1 - update to 2.6.2 * Fri Sep 1 2023 Remi Collet <remi@xxxxxxxxxxxx> - 2.6.1-1 - update to 2.6.1 * Fri Sep 1 2023 Remi Collet <remi@xxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f51bfbdb3c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue