-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2025-cac2d9aee6 2025-11-29 16:23:05.676427+00:00 --------------------------------------------------------------------------------
Name : composer Product : Fedora EPEL 10.2 Version : 2.9.2 Release : 1.el10_2 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: Version 2.9.2 - 2025-11-19 Added new --no-security-blocking flag to disable/configure security blocking (#12617) Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612) Fixed config command not being able to set the new audit settings (#12609) Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624) Fixed partial updates failing when another package in the lock file has a known security advisory (#12626) Version 2.9.1 - 2025-11-13 Fixed regression in phpunit binary proxies (#12601) Fixed script handler autoloading issues (#12606) Fixed null call of Command::setDescription in some cases (#12605) Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603) Version 2.9.0 - 2025-11-13 Fixed a couple minor issues with --bump-after-update (#12598) Various docs fixes Version 2.9.0-RC1 - 2025-11-07 Bumped composer-plugin-api to 2.9.0 Added automatic blocking of packages with security advisories from updates (#11956) Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956) Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956) Added audit > ignore-abandoned config setting to ignore some packages (#12572) Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470) Added repository command to add, remove, or update repositories more easily (#12388) Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388) Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349) Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545) Added support for forgejo / codeberg.org repositories (#12307) Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517) Added support for HTTP/3 if libcurl supports it (#12363) Added support for custom header authentication (#12372) Added support for client TLS certificates (#12406) Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595) Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473) Added support for running init without interaction (#12546) Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585) Added support for Windows Sudo to elevate during self-update (#12543) Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456) Fixed display of dist refs for dev versions when source is missing (#12562) Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423) Fixed compatibility issues with Symfony 7 Fixed issues with PHP preloading being hard to debug (#12528) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2025 Remi Collet <[email protected]> - 2.9.2-1 - update to 2.9.2 * Thu Nov 13 2025 Remi Collet <[email protected]> - 2.9.1-1 - update to 2.9.1 * Thu Nov 13 2025 Remi Collet <[email protected]> - 2.9.0-1 - update to 2.9.0 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update composer' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
