Bump composer/composer from 1.9.0 to 1.10.0

[dependabot-preview]

Bumps composer/composer from 1.9.0 to 1.10.0.

Release notes

Sourced from composer/composer's releases.

1.10.0

• Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
• Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
• Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
• Added composer fund command to show funding info of your dependencies. Read more
• Added bearer auth config to authenticate using Authorization: Bearer <token> headers
• Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file
• Added support for --format=json output for show command when showing a single package
• Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text
• Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist
• Added @putenv script handler to set environment variables from composer.json for following scripts
• Added lock option that can be set to false, in which case no composer.lock file will be generated
• Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed
• Fixed issue where --no-dev autoload generation was excluding some packages which should not have been excluded
• Added support for IPv6 addresses in NO_PROXY
• Added package homepage display in the show command
• Added debug info about HTTP authentications
• Added Symfony 5 compatibility
• Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement
• Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/
• Fixed archive command to persist file permissions inside the zip files
• Fixed init/require command to avoid suggesting packages which are already selected in the search results
• Fixed create-project UX issues
• Fixed filemtime for vendor/composer/* files is now only changing when the files actually change
• Fixed issues detecting docker environment with an active open_basedir

1.10.0-RC

• Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
• Deprecated: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
• Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
• Added composer fund command to show funding info of your dependencies
• Added support for --format=json output for show command when showing a single package
• Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text
• Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist
• Added @putenv script handler to set environment variables from composer.json for following scripts
• Added lock option that can be set to false, in which case no composer.lock file will be generated
• Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed
• Added support for IPv6 addresses in NO_PROXY
• Added package homepage display in the show command
• Added debug info about HTTP authentications
• Added Symfony 5 compatibility
• Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement
• Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/
• Fixed archive command to persist file permissions inside the zip files
• Fixed init/require command to avoid suggesting packages which are already selected in the search results
• Fixed create-project UX issues
• Fixed filemtime for vendor/composer/* files is now only changing when the files actually change
• Fixed issues detecting docker environment with an active open_basedir

1.9.3

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[1.10.0] 2020-03-10

• Added bearer auth config to authenticate using Authorization: Bearer <token> headers
• Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file
• Fixed composer fund command and funding info parsing to be more useful
• Fixed issue where --no-dev autoload generation was excluding some packages which should not have been excluded
• Fixed 1.10-RC regression in create project's handling of absolute paths

[1.10.0-RC] 2020-02-14

• Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
• Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
• Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
• Added composer fund command to show funding info of your dependencies
• Added support for --format=json output for show command when showing a single package
• Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text
• Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist
• Added @putenv script handler to set environment variables from composer.json for following scripts
• Added lock option that can be set to false, in which case no composer.lock file will be generated
• Added --add-repository flag to create-project command which will persist the repo given in --repository into the composer.json of the package being installed
• Added support for IPv6 addresses in NO_PROXY
• Added package homepage display in the show command
• Added debug info about HTTP authentications
• Added Symfony 5 compatibility
• Added --fixed flag to require command to make it use a fixed constraint instead of a ^x.y constraint when adding the requirement
• Fixed exclude-from-classmap matching subsets of directories e.g. foo/ was excluding foobar/
• Fixed archive command to persist file permissions inside the zip files
• Fixed init/require command to avoid suggesting packages which are already selected in the search results
• Fixed create-project UX issues
• Fixed filemtime for vendor/composer/* files is now only changing when the files actually change
• Fixed issues detecting docker environment with an active open_basedir

[1.9.3] 2020-02-04

• Fixed GitHub deprecation of access_token query parameter, now using Authorization header

[1.9.2] 2020-01-14

• Fixed minor git driver bugs
• Fixed schema validation for version field to allow dev-* versions too
• Fixed external processes' output being formatted even though it should not
• Fixed issue with path repositories when trying to install feature branches

[1.9.1] 2019-11-01

• Fixed various credential handling issues with gitlab and github
• Fixed credentials being present in git remotes in Composer cache and vendor directory when not using SSH keys
• Fixed composer why not listing replacers as a reason something is present
• Fixed various PHP 7.4 compatibility issues
• Fixed root warnings always present in Docker containers, setting COMPOSER_ALLOW_SUPERUSER is not necessary anymore

... (truncated)

Commits

• 472c917 Release 1.10.0
• 548505f Update changelog
• 781cf75 Fix schema rules to be more strict
• 414bc18 Update deps
• f964b83 Add bearer support in config command and add to docs/schema, refs #8671
• 0b993ba Merge pull request #8671 from ethanclevenger91/ethanclevenger91/explicit-bear...
• 479414d Move bearer auth to be first to make sure it does not get shadowed by github/...
• 9d72c92 Avoid looping endlessly for invalid GitLab tokens in git config, fixes #8667
• 34fb609 Merge pull request #8652 from clxmstaab/more-ambiguous
• 5765381 Merge pull request #8674 from Rom1deTroyes/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #57.