Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php-composer2 for openSUSE:Factory checked in at 2024-06-11 18:30:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php-composer2 (Old) and /work/SRC/openSUSE:Factory/.php-composer2.new.19518 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php-composer2" Tue Jun 11 18:30:35 2024 rev:27 rq:1179900 version:2.7.7 Changes: -------- --- /work/SRC/openSUSE:Factory/php-composer2/php-composer2.changes 2024-02-22 21:00:12.298868429 +0100 +++ /work/SRC/openSUSE:Factory/.php-composer2.new.19518/php-composer2.changes 2024-06-11 18:32:04.122955096 +0200 @@ -1,0 +2,57 @@ +Tue Jun 11 07:12:44 UTC 2024 - pgaj...@suse.com + +- version update to 2.7.7 + 2.7.7 2024-06-10 + Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241) + Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242) + Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957) + Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000) + Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001) + Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c) + Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c) + Fixed perforce argument escaping (3773f775) + Fixed handling of zip bombs when extracting archives (de5f7e32) + Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a7455, 04a63b324) + Fixed ability for config command to remove autoload keys (#11967) + Fixed empty type support in init command (#11999) + Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969) + Fixed regression showing network errors on PHP <8.1 (#11974) + Fixed some color bleed from a few warnings (#11972) + 2.7.6 2024-05-04 + Fixed regression when script handlers add an autoloader which uses a private callback (#11960) + 2.7.5 2024-05-03 + Added uninstall alias to remove command (#11951) + Added workaround for broken curl versions 8.7.0/8.7.1 causing transport exceptions (#11913) + Fixed root usage warnings showing up within Podman containers (#11946) + Fixed config command not handling objects correctly in some conditions (#11945) + Fixed binary proxies not containing the correct path if the project dir is a symlink (#11947) + Fixed Composer autoloader being overruled by project autoloaders when they are loaded by event handlers (scripts/plugins) (#11955) + Fixed TransportException (http failures) not having a distinct exit code, should now exit with 100 as code (#11954) + 2.7.4 2024-04-22 + Fixed regression (Call to undefined method ProxyManager::needsTransitionWarning()) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940) + 2.7.3 2024-04-19 + BC Warning: Fixed https_proxy env var falling back to http_proxy's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915) + Fixed show and outdated commands to remove leading v in e.g. v1.2.3 when showing lists of packages (#11925) + Fixed audit command not showing any id when no CVE is present, the advisory ID is now shown (#11892) + Fixed the warning about a missing default version showing for packages with project type as those are typically not versioned and do not have cyclic dependencies (#11885) + Fixed PHP 8.4 deprecation warnings + Fixed clear-cache command to respect the config.cache-dir setting from the local composer.json (#11921) + Fixed status command not handling failed download/install promises correctly (#11889) + Added support for buy_me_a_coffee in GitHub funding files (#11902) + Added hg support for SSH urls (#11878) + Fixed some env vars with an integer value causing a crash (#11908) + Fixed context data not being output when using IOInterface as a PSR-3 logger (#11882) + 2.7.2 2024-03-11 + Added info about the PHP version when running composer --version (#11866) + Added warning when the root version cannot be detected (#11858) + Fixed plugins still being enabled in a few contexts when running as root (c3efff91f) + Fixed outdated --ignore ... still attempting to load the latest version of the ignored packages (#11863) + Fixed handling of broken symlinks in the middle of an install path (#11864) + Fixed update --lock still incorrectly updating some metadata (#11850, #11787) + 2.7.1 2024-02-09 + Added several warnings when plugins are disabled to hint at common problems people had with 2.7.0 (#11842) + Fixed diagnose auditing of Composer dependencies failing when running from the phar +- modified sources + % composer.phar + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php-composer2.spec ++++++ --- /var/tmp/diff_new_pack.ZYitQc/_old 2024-06-11 18:32:04.850981718 +0200 +++ /var/tmp/diff_new_pack.ZYitQc/_new 2024-06-11 18:32:04.850981718 +0200 @@ -17,7 +17,7 @@ Name: php-composer2 -Version: 2.7.1 +Version: 2.7.7 Release: 0 Summary: Dependency Management for PHP License: MIT ++++++ composer.phar ++++++ Binary files /var/tmp/diff_new_pack.ZYitQc/_old and /var/tmp/diff_new_pack.ZYitQc/_new differ
