#47256 Use composer to install and update external PHP libraries

[johnbillion]

This introduces a custom Composer installer plugin in order to facilitate installing some third party libraries via Composer into the wp-includes directory. This is needed because none of the existing Composer installer libraries support features such as ignoring files or installing just a subdirectory of the package, both of which are needed for WordPress.

Once this is implemented, updating one of these dependencies will be a case of:

1. Change the required version number in composer.json
2. Run composer update
3. Check and commit the changed files

Ticket

Trac ticket: https://core.trac.wordpress.org/ticket/47256

Done

• PHPMailer
• sodium_compat

In progress

• Requests
  • Need to address the fact that security hardening was applied in core and never backported to Requests.
• SimplePie
  • Need to deal with the difference in src/IRI.php. This is due to a manual backport of a fix that has not yet been released in SimplePie. See Core-63961 and r60947. Awaiting a release of SimplePie 1.10.0.

N/A

• Text_Diff
  • No matching version on Packagist
• Pomo
  • Pomo in core is heavily customised AFAICT
• random_compat
  • No longer needed
• ID3
  • Cannot address the Composer autoloader error. This is due to WordPress core using the getid3 directory instead of its parent directory which breaks the autloader if attempt to only install the getid3 subdir. Something to revisit another time.

    Could not scan for classes inside "src/wp-includes/ID3/getid3/" which does not appear to be a file nor a folder
    

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

Unlinked Accounts

The following contributors have not linked their GitHub and WordPress.org accounts: @1178653+wordpress-develop-pr-bot[bot]@users.noreply.github.com.

Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases.

Core Committers: Use this line as a base for the props when committing in SVN:

Props johnbillion.

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[github-actions]

Test using WordPress Playground

The changes in this pull request can previewed and tested using a WordPress Playground instance.

WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Some things to be aware of

• The Plugin and Theme Directories cannot be accessed within Playground.
• All changes will be lost when closing a tab with a Playground instance.
• All changes will be lost when refreshing the page.
• A fresh instance is created each time the link below is clicked.
• Every time this pull request is updated, a new ZIP file containing all changes is created. If changes are not reflected in the Playground instance,
  it's possible that the most recent build failed, or has not completed. Check the list of workflow runs to be sure.

For more details about these limitations and more, check out the Limitations page in the WordPress Playground documentation.

Test this pull request with WordPress Playground.