Dependency Manager for PHP
Call to undefined method ProxyManager::needsTransitionWarning()
) with projects requiring composer/composer in an pre-2.7.3 version (#11943, #11940)As a side-note, requiring composer/composer
is frowned upon and should really only be done in circumstances where it is absolutely necessary, and ideally you should talk to us first to see if we can't help avoid it or help by extracting some code in a smaller library.
https_proxy
env var falling back to http_proxy
's value, this is still in place but with a warning for now, and https_proxy can now be set empty to remove the fallback. Composer 2.8.0 will remove the fallback so make sure you heed the warnings (#11915)show
and outdated
commands to remove leading v
in e.g. v1.2.3
when showing lists of packages (#11925)audit
command not showing any id when no CVE is present, the advisory ID is now shown (#11892)project
type as those are typically not versioned and do not have cyclic dependencies (#11885)clear-cache
command to respect the config.cache-dir setting from the local composer.json (#11921)status
command not handling failed download/install promises correctly (#11889)buy_me_a_coffee
in GitHub funding files (#11902)hg
support for SSH urls (#11878)composer --version
(#11866)outdated --ignore ...
still attempting to load the latest version of the ignored packages (#11863)update --lock
still incorrectly updating some metadata (#11850, #11787)Full Changelog: https://github.com/composer/composer/compare/2.7.1...2.7.2
diagnose
auditing of Composer dependencies failing when running from the pharsymfony-cmd: command not found
) or other failures and you are relying on plugins and running Composer as root (for example when you use AWS ElasticBeanstalk), read https://github.com/composer/composer/issues/11839
Fatal error: Declaration of {some-class}::execute(...) must be compatible with Composer\Command\SomeCommand::execute(): int
then whatever code is extending a Composer command needs to be updated to also add the int return type, see https://github.com/composer/composer/issues/11843 for more details.audit.abandoned
config setting to fail
, set it to report
or ignore
if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED
env var (#11643)update
/require
/remove
commands to perform partial update with --with-dependencies while changing only what is absolutely necessary in transitive dependencies (#11665)outdated
/show
commands to allow sorting by and displaying the release date (most outdated first) (#11762)--self
combined with --installed
or --locked
in show
command, to add the root package to the package list being output (#11785)audit
command output (#11702)scripts-aliases
top level key in composer.json to define aliases for custom scripts you defined (#11666)COMPOSER_IPRESOLVE
env var to force IPv4 or IPv6, set it to 4
or 6
(#11791)outdated
's --ignore arg (#11831)bump
command bumping *
to >=current version
(#11694)validate
command (#11829)install
when running in very verbose (-vv) mode (#11763)diagnose
command (#11761)diagnose
command output (#11688)show --direct <package>
with an indirect/transitive dependency (#11728)COMPOSER_FUND=0
env var to hide calls for funding (#11779)bump
command not bumping packages required with a v
prefix (#11764)update --lock
not keeping the dist reference/url/checksum pinned (#11787)require
command crashing at the end if no lock file is present (#11814)require
command (#11716)require
command (#11747)show -a <packagename>
(#11659)%
signs (#11359)