FEDORA-EPEL-2025-ef1a56ad3d — enhancement update for composer

stable

composer-2.9.2-1.el10_1

FEDORA-EPEL-2025-ef1a56ad3d created by remi 3 months ago for Fedora EPEL 10.1

Version 2.9.2 - 2025-11-19

Added new --no-security-blocking flag to disable/configure security blocking (#12617)
Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612)
Fixed config command not being able to set the new audit settings (#12609)
Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624)
Fixed partial updates failing when another package in the lock file has a known security advisory (#12626)

Version 2.9.1 - 2025-11-13

Fixed regression in phpunit binary proxies (#12601)
Fixed script handler autoloading issues (#12606)
Fixed null call of Command::setDescription in some cases (#12605)
Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603)

Version 2.9.0 - 2025-11-13

Fixed a couple minor issues with --bump-after-update (#12598)
Various docs fixes

Version 2.9.0-RC1 - 2025-11-07

Bumped composer-plugin-api to 2.9.0
Added automatic blocking of packages with security advisories from updates (#11956)
Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956)
Added audit > ignore-abandoned config setting to ignore some packages (#12572)
Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470)
Added repository command to add, remove, or update repositories more easily (#12388)
Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388)
Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349)
Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545)
Added support for forgejo / codeberg.org repositories (#12307)
Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517)
Added support for HTTP/3 if libcurl supports it (#12363)
Added support for custom header authentication (#12372)
Added support for client TLS certificates (#12406)
Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595)
Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473)
Added support for running init without interaction (#12546)
Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585)
Added support for Windows Sudo to elevate during self-update (#12543)
Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456)
Fixed display of dist refs for dev versions when source is missing (#12562)
Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423)
Fixed compatibility issues with Symfony 7
Fixed issues with PHP preloading being hard to debug (#12528)