[SECURITY] Update composer/composer from 2.6.4 to 2.7.0

[violinist-bot]

If you have a high test coverage index, and your tests for this pull request are passing, it should be both safe and recommended to merge this update.

Updated packages

Some times an update also needs new or updated dependencies to be installed. Even if this branch is for updating one dependency, it might contain other installs or updates. All of the updates in this branch can be found here:

• composer/semver: 3.4.0 (updated from 3.3.2)
• symfony/console: v6.4.3 (updated from v6.3.0)
• symfony/deprecation-contracts: v3.4.0 (updated from v3.3.0)
• symfony/polyfill-ctype: v1.29.0 (updated from v1.27.0)
• symfony/polyfill-intl-grapheme: v1.29.0 (updated from v1.27.0)
• symfony/polyfill-intl-normalizer: v1.29.0 (updated from v1.27.0)
• symfony/polyfill-mbstring: v1.29.0 (updated from v1.27.0)
• symfony/process: v6.4.3 (updated from v6.3.0)
• symfony/service-contracts: v3.4.1 (updated from v3.3.0)
• symfony/string: v6.4.3 (updated from v6.3.0)
• composer/ca-bundle: 1.4.0 (updated from 1.3.6)
• composer/class-map-generator: 1.1.0 (updated from 1.0.0)
• composer/composer: 2.7.0 (updated from 2.6.4)
• composer/pcre: 3.1.1 (updated from 3.1.0)
• composer/spdx-licenses: 1.5.8 (updated from 1.5.7)
• react/promise: v3.1.0 (updated from v2.10.0)
• seld/jsonlint: 1.10.2 (updated from 1.10.0)
• seld/signal-handler: 2.0.2 (updated from 2.0.1)

Release notes

Here are the release notes for all versions released between your current running version, and the version this PR updates the package to.

List of release notes

• Release notes for tag 2.7.0
• Release notes for tag 2.6.6
• Release notes for tag 2.6.5

Changed files

Here is a list of changed files between the version you use, and the version this pull request updates to:

List of changed files

  .gitattributes
  .github/workflows/close-stale-support.yml
  .github/workflows/continuous-integration.yml
  .github/workflows/phpstan.yml
  .github/workflows/release.yml
  CHANGELOG.md
  composer.json
  composer.lock
  doc/01-basic-usage.md
  doc/03-cli.md
  doc/04-schema.md
  doc/05-repositories.md
  doc/06-config.md
  doc/articles/authentication-for-private-packages.md
  doc/articles/composer-platform-dependencies.md
  doc/articles/plugins.md
  doc/articles/scripts.md
  doc/articles/troubleshooting.md
  phpstan/baseline-8.1.neon
  phpstan/baseline.neon
  res/composer-schema.json
  src/Composer/Advisory/Auditor.php
  src/Composer/Advisory/IgnoredSecurityAdvisory.php
  src/Composer/Advisory/PartialSecurityAdvisory.php
  src/Composer/Advisory/SecurityAdvisory.php
  src/Composer/Autoload/AutoloadGenerator.php
  src/Composer/Command/AuditCommand.php
  src/Composer/Command/BaseCommand.php
  src/Composer/Command/BaseDependencyCommand.php
  src/Composer/Command/BumpCommand.php
  src/Composer/Command/DiagnoseCommand.php
  src/Composer/Command/DumpAutoloadCommand.php
  src/Composer/Command/ExecCommand.php
  src/Composer/Command/InitCommand.php
  src/Composer/Command/InstallCommand.php
  src/Composer/Command/OutdatedCommand.php
  src/Composer/Command/ReinstallCommand.php
  src/Composer/Command/RemoveCommand.php
  src/Composer/Command/RequireCommand.php
  src/Composer/Command/ScriptAliasCommand.php
  src/Composer/Command/SelfUpdateCommand.php
  src/Composer/Command/ShowCommand.php
  src/Composer/Command/UpdateCommand.php
  src/Composer/Composer.php
  src/Composer/Config.php
  src/Composer/Config/JsonConfigSource.php
  src/Composer/Console/Application.php
  src/Composer/DependencyResolver/DefaultPolicy.php
  src/Composer/DependencyResolver/LockTransaction.php
  src/Composer/Downloader/DvcsDownloaderInterface.php
  src/Composer/Downloader/FileDownloader.php
  src/Composer/Downloader/VcsCapableDownloaderInterface.php
  src/Composer/EventDispatcher/EventDispatcher.php
  src/Composer/Factory.php
  src/Composer/Filter/PlatformRequirementFilter/IgnoreAllPlatformRequirementFilter.php
  src/Composer/Filter/PlatformRequirementFilter/IgnoreListPlatformRequirementFilter.php
  src/Composer/Filter/PlatformRequirementFilter/IgnoreNothingPlatformRequirementFilter.php
  src/Composer/Filter/PlatformRequirementFilter/PlatformRequirementFilterInterface.php
  src/Composer/Installer.php
  src/Composer/Package/Loader/ValidatingArrayLoader.php
  src/Composer/Package/Version/VersionBumper.php
  src/Composer/Package/Version/VersionSelector.php
  src/Composer/Repository/ComposerRepository.php
  src/Composer/Repository/FilesystemRepository.php
  src/Composer/Repository/PlatformRepository.php
  src/Composer/Repository/RepositorySet.php
  src/Composer/Repository/Vcs/GitLabDriver.php
  src/Composer/Repository/VcsRepository.php
  src/Composer/Util/Bitbucket.php
  src/Composer/Util/ConfigValidator.php
  src/Composer/Util/Filesystem.php
  src/Composer/Util/GitHub.php
  src/Composer/Util/GitLab.php
  src/Composer/Util/Http/CurlDownloader.php
  tests/Composer/Test/Advisory/AuditorTest.php
  tests/Composer/Test/Autoload/AutoloadGeneratorTest.php
  tests/Composer/Test/Command/AuditCommandTest.php
  tests/Composer/Test/Command/BaseDependencyCommandTest.php
  tests/Composer/Test/Command/BumpCommandTest.php
  tests/Composer/Test/Command/ConfigCommandTest.php
  tests/Composer/Test/Command/RunScriptCommandTest.php
  tests/Composer/Test/Command/ShowCommandTest.php
  tests/Composer/Test/Command/UpdateCommandTest.php
  tests/Composer/Test/ConfigTest.php
  tests/Composer/Test/DependencyResolver/DefaultPolicyTest.php
  tests/Composer/Test/Filter/PlatformRequirementFilter/IgnoreAllPlatformRequirementFilterTest.php
  tests/Composer/Test/Filter/PlatformRequirementFilter/IgnoreListPlatformRequirementFilterTest.php
  tests/Composer/Test/Filter/PlatformRequirementFilter/IgnoreNothingPlatformRequirementFilterTest.php
  tests/Composer/Test/Fixtures/installer/install-funding-notice-env.test
  tests/Composer/Test/Fixtures/installer/install-funding-notice-not-displayed-env.test
  tests/Composer/Test/Fixtures/installer/update-allow-list-minimal-changes.test
  tests/Composer/Test/InstalledVersionsTest.php
  tests/Composer/Test/InstallerTest.php
  tests/Composer/Test/Package/Loader/ValidatingArrayLoaderTest.php
  tests/Composer/Test/Package/Version/VersionBumperTest.php
  tests/Composer/Test/Package/Version/VersionSelectorTest.php
  tests/Composer/Test/Repository/FilesystemRepositoryTest.php
  tests/Composer/Test/Repository/Fixtures/installed.php
  tests/Composer/Test/Repository/Fixtures/installed_complex.php
  tests/Composer/Test/Repository/Fixtures/installed_relative.php
  tests/Composer/Test/Repository/PlatformRepositoryTest.php
  tests/Composer/Test/TestCase.php
  tests/Composer/Test/Util/ConfigValidatorTest.php
  tests/Composer/Test/Util/Fixtures/composer_scripts-aliases.json

Changelog

Here is a list of changes between the version you use, and the version this pull request updates to:

• 96d107e2b Release 2.7.0
• eea73daea Update changelog
• 64e4eb356 Merge pull request from GHSA-7c6p-848j-wh5h
• 744298136 Add flag alias to docs
• 7a6bb18e2 Adds a test for no dev (#11833)
• 67d80e1c9 Fix php7.2
• df8f9f05a Update tests
• 754f2868f Add non-zero return codes when why-not finds a reason a package is not installable, or when why finds no reason it is there, fixes #11796
• 7cb92a90c Introduce COMPOSER_AUDIT_ABANDONED env var (#11794)
• e0807d381 Diagnose command: Add GitHub OAuth token expiration date information (#11688)
• 18cd8a01a Update jsonlint
• 338bc16a1 test: Covers audit of pkg with no sec advisories (#11789)
• 0c99bfc8f Fix root aliases causing problems when auditing locked dependencies, fixes #11771
• fa040131b Add more details to event debug output, refs #11818
• fd2338139 Add arguments to command call output (#11826)
• 654da6f57 Update deps, fixes #11801
• 158df56cc Bump actions/cache from 3 to 4 (#11807)
• d0b465ffd chore(doc): add _commentdocumentation insidecomposer.json schema (#11825)
• 7745d56c1 Do not show error that plugins have been disabled when they are already disabled (#11803)
• 9a656854a ValidatingArrayLoader: fix link validation with missing name (#11830)
• e88c7a898 Add support for wildcards in outdated's --ignore arg, fixes #11831
• ebb6a8209 issue #11811 auth token links on separate lines (#11812)
• ef6c224ec Fix require command crashing at the end if no lock file is present, fixes #11814
• bff129f4f Update require docs, fixes #11823
• 0f70c0a9c Add detection of constraints which do not match anything in validate command, fixes #11802 (#11829)
• 8a69c0555 Update plugin documentation (#11813)
• d3aeb1357 Merge branch '2.6'
• 7048ff380 Fix automatic disabling of plugins when running non-interactive as root
• f402517af Merge branch '2.6'
• b1bd22f37 Fix type error
• 2ec8feb82 Merge branch '2.6'
• 952256247 Only include installed versions class when plugins and scripts are allowed, as it is not needed otherwise
• 4e5be9ee7 Emit warning instead of crashing on invalid security advisory API response, fixes #11767
• a29acbdd2 Ensure repos declaring security-advisories have at least an API or a restricted set of packages to avoid too many wasteful requests
• 3491986ad Add IPv4 fallback on connection timeout, and adds COMPOSER_IPRESOLVE env var (#11791)
• c069174ac Merge remote-tracking branch 'origin/2.6'
• 75fd2bbeb Ensure we respect available-package-patterns and available-packages directives when fetching security advisories, fixes #11704 (#11773)
• 55db88f51 Add error when composer show --direct <transient-dependency> is used to show a dependency which is not direct, fixes #11728
• 3427bee1f :facepalm:
• 10667db1b Only override ist url if it is not handled gracefully already
• 547a63528 Fix build
• 042a8c212 Ensure dist url/type/checksum remain the same when doing lock hash updates, refs #11787
• ca433076b Sync up docs from command, fixes #11787
• 5bc5c174a Update 01-basic-usage.md (#11788)
• 284821543 Merge branch '2.6'
• 3ed4e16de Update deps
• 44f02a5c8 Add COMPOSER_FUND=0 env var to disable calls for funding (#11779)
• be71bf056 Fix support for versions with 4 components in VersionSelector, fixes #11716
• 071fbcf34 Fix warnings incorrectly being shown when using require with upper bound ignored on platform requirements, fixes #11722 (#11786)
• 534bc20be Add support for combining show --self with --installed or --locked (#11785)
• 3be0ca846 Adds a test for invalid arg combo (#11783)
• d00e38a03 [11744] handle missing hyphen when attempting to run self-update… (#11775)
• 8246892d4 Fix PackageInterface parameter comments (#11777)
• efe6e4488 Perform audit on Composer and its dependencies during diagnose, fixes #11216 (#11761)
• 12ed21705 Check for non-platform requirements before warning that no deps are installed on show command, fixes #11760
• 8e62977cb Exposing GitLab's project metadata (#11734)
• 6198fc105 Fix typo in composer-platform-dependencies.md (#11757)
• 53a1f3206 Add --sort-by-age to show/outdated commands, and also release date for latest package in --latest mode (#11762)
• c8f1028ef Fix minor error msg issue
• 86cd36490 Audit: add severity to plain and table output (#11702)
• 9b0f9b40a Show package source in very verbose updates, fixes #11733 (#11763)
• 4a209b7d3 Fix bump command not bumping versions with a v prefix e.g. ^v2.4, fixes #11723 (#11764)
• 8941a00d1 Update baseline
• 3cfd9bf51 Ensure composer.json gets deleted after a dry run require, fixes #11747
• 83f831b01 Make wildcard path repos more visible in docs, fixes #11732
• 8410643e6 Bump actions/stale from 8 to 9 (#11753)
• e0f75276a Switch default audit.abandoned to fail for 2.7 release
• 8f190fc09 Update baseline (1681, 92)
• bf6c7f8ea Merge branch '2.6'
• e14d28bae Update deps
• 50f7c1d5b Merge branch '2.6'
• eaa7dd46f Reverting release version changes
• 683557bd2 Release 2.6.6
• 86c63b011 Update changelog
• aaff0ae4d Adds a test for UpdateCommand (#11724)
• d463df102 Bump actions/github-script from 6 to 7 (#11718)
• 638507969 GH Actions: update the CI workflow for the release of PHP 8.3 (#11726)
• cc2568216 Update 01-basic-usage.md (#11729)
• da83d29d8 "URL" in caps (#11706)
• aefa46dfb Add support for "scripts-aliases" in composer.json (#11666)
• cc653161c Merge branch '2.6'
• 3d6a6c282 Update lock hash
• 8c0f1e10d Display error instead of throwing exception when unable to update with temporary constraint (#11692)
• 23be508ea Fix build on 2.6
• 81b662d38 Suggest running 'require' not 'update' if a root req fails to update (#11691)
• 03085c818 Fix Git Driver to use supported Git VCS driver URL
• 899dcedf6 Add --minimal-changes mode to perform partial updates --with-dependencies while changing only what is necessary in other dependencies (#11665)
• 7a09e0556 Bump wildcard constraints to >=current (#11694)
• c2414c1d1 Fix lock file
• c66894278 Bump dev version to 2.7, fix issues with symfony 7
• 708b07a2f Update deps
• c827c93b6 Use global constant if available for libpq version (#11684)
• 9a407b5ad 10796 Increase coverage of ShowCommand (#11677)
• d2bd9836a Reverting release version changes
• 4b0fe89db Release 2.6.5
• 7889d2e0a Update changelog
• 40cb97870 chore: remove composer.lockfrom.gitattributes (#11674)
• 3e22e1ced Fix error when vendor dir contains broken symlinks (#11670)
• cb363b0e8 Fix autoload generator dump() non-BC signature change in 2.6.4
• 64c5bdd55 Reverting release version changes

---

This is an automated pull request from Violinist: Continuously and automatically monitor and update your composer dependencies. Have ideas on how to improve this message? All violinist messages are open-source, and can be improved here.

[truls1502]

This will now be closed, since it has been superseded by #470.