Skip to content

Bump composer/composer from 2.1.8 to 2.1.9 #49

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 5, 2021
Merged

Bump composer/composer from 2.1.8 to 2.1.9 #49

merged 1 commit into from
Oct 5, 2021

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 5, 2021

Bumps composer/composer from 2.1.8 to 2.1.9.

Release notes

Sourced from composer/composer's releases.

2.1.9

  • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
  • Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107)
  • Fixed inline git credentials showing up in output in some conditions (#10115)
  • Fixed support for running updates while offline as long as the cache contains enough information (#10116)
  • Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095)
  • Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132)
  • Fixed CA bundle to remove the expired Let's Encrypt root CA
Changelog

Sourced from composer/composer's changelog.

[2.1.9] 2021-10-05

  • Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
  • Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107)
  • Fixed inline git credentials showing up in output in some conditions (#10115)
  • Fixed support for running updates while offline as long as the cache contains enough information (#10116)
  • Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095)
  • Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132)
  • Fixed CA bundle to remove the expired Let's Encrypt root CA
Commits
  • e558c88 Release 2.1.9
  • cb1e248 Fix type annotation
  • 2f3273b Fix changelog
  • 18e2497 Merge branch '1.10'
  • b67ceb8 Prepare changelog
  • ca5e2f8 Fix escaping issues on Windows which could lead to command injection, fixes G...
  • b3eebeb Merge pull request from GHSA-frqg-7g38-6gcf
  • 532c6e7 Fix show --all showing only the installed version if the package is installed...
  • a7963b7 Fix ComposerRepository handling of offline state to allow resolution as long ...
  • edccad4 VcsRepository: do not continue when receiving 429 rate limit exception (#10132)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump composer/composer from 2.1.8 to 2.1.9
918186c 
Bumps [composer/composer](https://github.com/composer/composer) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/master/CHANGELOG.md)
- [Commits](composer/composer@2.1.8...2.1.9)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from WyriHaximus as a code owner October 5, 2021 15:15
@dependabot dependabot bot added Dependencies 📦 Pull requests that update a dependency file PHP 🐘 Hypertext Pre Processor labels Oct 5, 2021
@github-actions
Copy link

github-actions bot commented Oct 5, 2021

🏰 Composer Production Dependency changes 🏰

Prod Packages Operation Base Target Link
composer/ca-bundle Upgraded 1.2.10 1.2.11 Compare
composer/composer Upgraded 2.1.8 2.1.9 Compare

@WyriHaximus WyriHaximus added this to the v1.1.0 milestone Oct 5, 2021
@WyriHaximus WyriHaximus merged commit 64d2a29 into main Oct 5, 2021
@dependabot dependabot bot deleted the dependabot/composer/composer/composer-2.1.9 branch October 5, 2021 15:41
github-actions bot pushed a commit that referenced this pull request Apr 8, 2022
@WyriHaximus
v1.1.0
5ea2804 
======

- Total issues resolved: **1**
- Total pull requests resolved: **38**
- Total contributors: **3**

Dependencies 📦
--------------

 - [80: Bump composer/composer from 2.3.2 to 2.3.3](#80) thanks to @dependabot[bot]
 - [79: Bump symfony/console from 5.4.5 to 5.4.7](#79) thanks to @dependabot[bot]
 - [78: Bump composer/composer from 2.2.9 to 2.3.2](#78) thanks to @dependabot[bot]
 - [77: Always use the latest Alpine version](#77) thanks to @WyriHaximus
 - [76: Bump guzzlehttp/psr7 from 2.1.0 to 2.2.1](#76) thanks to @dependabot[bot]
 - [75: Bump guzzlehttp/guzzle from 7.4.1 to 7.4.2](#75) thanks to @dependabot[bot]
 - [74: Post process diffs](#74) thanks to @WyriHaximus and @tannyl
 - [73: Bump composer/composer from 2.2.8 to 2.2.9](#73) thanks to @dependabot[bot]
 - [72: Bump composer/composer from 2.2.7 to 2.2.8](#72) thanks to @dependabot[bot]
 - [70: Bump symfony/console from 5.4.3 to 5.4.5](#70) thanks to @dependabot[bot]
 - [69: Bump composer/composer from 2.2.6 to 2.2.7](#69) thanks to @dependabot[bot]
 - [68: Bump composer/composer from 2.2.1 to 2.2.6](#68) thanks to @dependabot[bot]
 - [67: Bump composer/composer from 2.2.1 to 2.2.5](#67) thanks to @dependabot[bot]
 - [66: Bump ion-bazan/composer-diff from 1.5.0 to 1.6.0](#66) thanks to @dependabot[bot]
 - [65: Bump symfony/console from 5.4.1 to 5.4.3](#65) thanks to @dependabot[bot]
 - [64: Bump symfony/console from 5.4.1 to 5.4.2](#64) thanks to @dependabot[bot]
 - [63: Bump composer/composer from 2.2.0 to 2.2.1](#63) thanks to @dependabot[bot]
 - [62: Bump composer/composer from 2.1.14 to 2.2.0](#62) thanks to @dependabot[bot]
 - [61: Bump symfony/console from 5.4.0 to 5.4.1](#61) thanks to @dependabot[bot]
 - [60: Bump guzzlehttp/guzzle from 7.4.0 to 7.4.1](#60) thanks to @dependabot[bot]
 - [59: Bump ion-bazan/composer-diff from 1.4.0 to 1.5.0](#59) thanks to @dependabot[bot]
 - [58: Bump composer/composer from 2.1.12 to 2.1.14](#58) thanks to @dependabot[bot]
 - [57: Bump symfony/console from 5.3.11 to 5.4.0](#57) thanks to @dependabot[bot]
 - [56: Bump symfony/console from 5.3.10 to 5.3.11](#56) thanks to @dependabot[bot]
 - [55: Bump composer/composer from 2.1.11 to 2.1.12](#55) thanks to @dependabot[bot]
 - [54: Bump ion-bazan/composer-diff from 1.3.1 to 1.4.0](#54) thanks to @dependabot[bot]
 - [53: Bump composer/composer from 2.1.10 to 2.1.11](#53) thanks to @dependabot[bot]
 - [52: Bump composer/composer from 2.1.9 to 2.1.10](#52) thanks to @dependabot[bot]
 - [51: Bump symfony/console from 5.3.7 to 5.3.10](#51) thanks to @dependabot[bot]
 - [50: Bump guzzlehttp/guzzle from 7.3.0 to 7.4.0](#50) thanks to @dependabot[bot]
 - [49: Bump composer/composer from 2.1.8 to 2.1.9](#49) thanks to @dependabot[bot]
 - [48: Bump composer/composer from 2.1.7 to 2.1.8](#48) thanks to @dependabot[bot]
 - [47: Bump composer/composer from 2.1.6 to 2.1.7](#47) thanks to @dependabot[bot]
 - [46: Bump symfony/console from 5.3.6 to 5.3.7](#46) thanks to @dependabot[bot]
 - [45: Bump composer/composer from 2.0.14 to 2.1.6](#45) thanks to @dependabot[bot]
 - [41: Bump ion-bazan/composer-diff from 1.1.1 to 1.3.1](#41) thanks to @dependabot[bot]
 - [39: Bump symfony/console from 5.2.8 to 5.3.2](#39) thanks to @dependabot[bot]
 - [37: Bump composer/composer from 2.0.13 to 2.0.14](#37) thanks to @dependabot[bot]
github-actions bot pushed a commit that referenced this pull request Apr 8, 2022
@WyriHaximus
v1.1.0
4059c18 
======

- Total issues resolved: **1**
- Total pull requests resolved: **38**
- Total contributors: **3**

Dependencies 📦
--------------

 - [80: Bump composer/composer from 2.3.2 to 2.3.3](#80) thanks to @dependabot[bot]
 - [79: Bump symfony/console from 5.4.5 to 5.4.7](#79) thanks to @dependabot[bot]
 - [78: Bump composer/composer from 2.2.9 to 2.3.2](#78) thanks to @dependabot[bot]
 - [77: Always use the latest Alpine version](#77) thanks to @WyriHaximus
 - [76: Bump guzzlehttp/psr7 from 2.1.0 to 2.2.1](#76) thanks to @dependabot[bot]
 - [75: Bump guzzlehttp/guzzle from 7.4.1 to 7.4.2](#75) thanks to @dependabot[bot]
 - [74: Post process diffs](#74) thanks to @WyriHaximus and @tannyl
 - [73: Bump composer/composer from 2.2.8 to 2.2.9](#73) thanks to @dependabot[bot]
 - [72: Bump composer/composer from 2.2.7 to 2.2.8](#72) thanks to @dependabot[bot]
 - [70: Bump symfony/console from 5.4.3 to 5.4.5](#70) thanks to @dependabot[bot]
 - [69: Bump composer/composer from 2.2.6 to 2.2.7](#69) thanks to @dependabot[bot]
 - [68: Bump composer/composer from 2.2.1 to 2.2.6](#68) thanks to @dependabot[bot]
 - [67: Bump composer/composer from 2.2.1 to 2.2.5](#67) thanks to @dependabot[bot]
 - [66: Bump ion-bazan/composer-diff from 1.5.0 to 1.6.0](#66) thanks to @dependabot[bot]
 - [65: Bump symfony/console from 5.4.1 to 5.4.3](#65) thanks to @dependabot[bot]
 - [64: Bump symfony/console from 5.4.1 to 5.4.2](#64) thanks to @dependabot[bot]
 - [63: Bump composer/composer from 2.2.0 to 2.2.1](#63) thanks to @dependabot[bot]
 - [62: Bump composer/composer from 2.1.14 to 2.2.0](#62) thanks to @dependabot[bot]
 - [61: Bump symfony/console from 5.4.0 to 5.4.1](#61) thanks to @dependabot[bot]
 - [60: Bump guzzlehttp/guzzle from 7.4.0 to 7.4.1](#60) thanks to @dependabot[bot]
 - [59: Bump ion-bazan/composer-diff from 1.4.0 to 1.5.0](#59) thanks to @dependabot[bot]
 - [58: Bump composer/composer from 2.1.12 to 2.1.14](#58) thanks to @dependabot[bot]
 - [57: Bump symfony/console from 5.3.11 to 5.4.0](#57) thanks to @dependabot[bot]
 - [56: Bump symfony/console from 5.3.10 to 5.3.11](#56) thanks to @dependabot[bot]
 - [55: Bump composer/composer from 2.1.11 to 2.1.12](#55) thanks to @dependabot[bot]
 - [54: Bump ion-bazan/composer-diff from 1.3.1 to 1.4.0](#54) thanks to @dependabot[bot]
 - [53: Bump composer/composer from 2.1.10 to 2.1.11](#53) thanks to @dependabot[bot]
 - [52: Bump composer/composer from 2.1.9 to 2.1.10](#52) thanks to @dependabot[bot]
 - [51: Bump symfony/console from 5.3.7 to 5.3.10](#51) thanks to @dependabot[bot]
 - [50: Bump guzzlehttp/guzzle from 7.3.0 to 7.4.0](#50) thanks to @dependabot[bot]
 - [49: Bump composer/composer from 2.1.8 to 2.1.9](#49) thanks to @dependabot[bot]
 - [48: Bump composer/composer from 2.1.7 to 2.1.8](#48) thanks to @dependabot[bot]
 - [47: Bump composer/composer from 2.1.6 to 2.1.7](#47) thanks to @dependabot[bot]
 - [46: Bump symfony/console from 5.3.6 to 5.3.7](#46) thanks to @dependabot[bot]
 - [45: Bump composer/composer from 2.0.14 to 2.1.6](#45) thanks to @dependabot[bot]
 - [41: Bump ion-bazan/composer-diff from 1.1.1 to 1.3.1](#41) thanks to @dependabot[bot]
 - [39: Bump symfony/console from 5.2.8 to 5.3.2](#39) thanks to @dependabot[bot]
 - [37: Bump composer/composer from 2.0.13 to 2.0.14](#37) thanks to @dependabot[bot]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WyriHaximus WyriHaximus WyriHaximus approved these changes

Assignees

No one assigned

Labels

Dependencies 📦 Pull requests that update a dependency file PHP 🐘 Hypertext Pre Processor

Projects

None yet

Milestone

v1.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@WyriHaximus