Bump composer/composer from 1.9.0 to 1.10.8

[dependabot-preview]

Bumps composer/composer from 1.9.0 to 1.10.8.

Release notes

Sourced from composer/composer's releases.

1.10.8

• Fixed compatibility issue with git being configured to show signatures by default
• Fixed discarding of local changes when updating packages to include untracked files
• Several minor fixes

1.10.7

• Fix PHP 8 deprecations
• Fixed detection of pcntl_signal being in disabled_functions when pcntl_async_signal is allowed

1.10.6

• Fixed version guessing to take composer-runtime-api and composer-plugin-api requirements into account to avoid selecting packages which require Composer 2
• Fixed package name validation to allow several dashes following each other
• Fixed post-status-cmd script not firing when there were no changes to be displayed
• Fixed composer-runtime-api support on Composer 1.x, the package is now present as 1.0.0
• Fixed support for composer show --name-only --self
• Fixed detection of GitLab URLs when handling authentication in some cases

1.10.5

• Fixed self-update on PHP <5.6, seriously please upgrade people, it's time
• Fixed 1.10.2 regression with PATH resolution in scripts

1.10.4

• Fixed 1.10.2 regression in path symlinking with absolute path repos

1.10.3

• Fixed invalid --2 flag warning in self-update when no channel is requested

1.10.2

• Added --1 flag to self-update command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released
• Fixed path repository symlinks being made relative when the repo url is defined as absolute paths
• Fixed potential issues when using "composer ..." in scripts and composer/composer was also required in the project
• Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs
• Fixed handling of malformed info in fund command
• Fixed Symfony5 compatibility issues in a few commands

1.10.1

• Fixed path repository warning on empty path when using wildcards
• Fixed superfluous warnings when generating optimized autoloaders

1.10.0

• Breaking: composer global exec ... now executes the process in the current working directory instead of executing it in the global directory.
• Warning: Added a warning when class names are being loaded by a PSR-4 or PSR-0 rule only due to classmap optimization, but would not otherwise be autoloadable. Composer 2.0 will stop autoloading these classes so make sure you fix your autoload configs.
• Added new funding key to composer.json to describe ways your package's maintenance can be funded. This reads info from GitHub's FUNDING.yml by default so better configure it there so it shows on GitHub and Composer/Packagist
• Added composer fund command to show funding info of your dependencies. Read more
• Added bearer auth config to authenticate using Authorization: Bearer <token> headers
• Added plugin-api-version in composer.lock so third-party tools can know which Composer version was used to generate a lock file
• Added support for --format=json output for show command when showing a single package
• Added support for configuring suggestions using config command, e.g. composer config suggest.foo/bar some text
• Added support for configuring fine-grained preferred-install using config command, e.g. composer config preferred-install.foo/* dist
• Added @putenv script handler to set environment variables from composer.json for following scripts

Changelog

Sourced from composer/composer's changelog.

[1.10.8] 2020-06-24

• Fixed compatibility issue with git being configured to show signatures by default
• Fixed discarding of local changes when updating packages to include untracked files
• Several minor fixes

[1.10.7] 2020-06-03

• Fixed PHP 8 deprecations
• Fixed detection of pcntl_signal being in disabled_functions when pcntl_async_signal is allowed

[1.10.6] 2020-05-06

• Fixed version guessing to take composer-runtime-api and composer-plugin-api requirements into account to avoid selecting packages which require Composer 2
• Fixed package name validation to allow several dashes following each other
• Fixed post-status-cmd script not firing when there were no changes to be displayed
• Fixed composer-runtime-api support on Composer 1.x, the package is now present as 1.0.0
• Fixed support for composer show --name-only --self
• Fixed detection of GitLab URLs when handling authentication in some cases

[1.10.5] 2020-04-10

• Fixed self-update on PHP <5.6, seriously please upgrade people, it's time
• Fixed 1.10.2 regression with PATH resolution in scripts

[1.10.4] 2020-04-09

• Fixed 1.10.2 regression in path symlinking with absolute path repos

[1.10.3] 2020-04-09

• Fixed invalid --2 flag warning in self-update when no channel is requested

[1.10.2] 2020-04-09

• Added --1 flag to self-update command which can be added to automated self-update runs to make sure it won't automatically jump to 2.0 once that is released
• Fixed path repository symlinks being made relative when the repo url is defined as absolute paths
• Fixed potential issues when using "composer ..." in scripts and composer/composer was also required in the project
• Fixed 1.10.0 regression when downloading GitHub archives from non-API URLs
• Fixed handling of malformed info in fund command
• Fixed Symfony5 compatibility issues in a few commands

[1.10.1] 2020-03-13

• Fixed path repository warning on empty path when using wildcards
• Fixed superfluous warnings when generating optimized autoloaders

[1.10.0] 2020-03-10

• Added bearer auth config to authenticate using Authorization: Bearer <token> headers

Commits

• 56e0e09 Release 1.10.8
• 95a176c Prepare 1.10.8 release
• 7f808c2 Merge pull request #8993 from glaubinix/t/git-driver-use-auth-support
• 5760153 Merge branch '1.10' into t/git-driver-use-auth-support
• 52332d9 GitDriver: use authentication for supports check
• cbdee53 Merge pull request #8993 from glaubinix/t/git-driver-use-auth-support
• e55a019 replace toran with private packagist
• 5ff1423 GitDriver: use authentication for supports check
• cb1f389 Revert "Store default branch info inside metadata"
• 0278e74 Clean Git repos during discard
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #69.