Dependency Manager for PHP
audit
command now has reportedAt
as an RFC3339 string instead of an object which was a mistake (#11120)audit
command which was missing affectedVersions (#11120)||
or ,
(#11086)require
command with --dry-run
failing when requiring a package requiring stability flag extraction (#11112)COMPOSER_ALLOW_SUPERUSER
set (#11024)COMPOSER_ALLOW_SUPERUSER
set so it always happens after prompting, or does not happen if input is non-interactivebump
command (#11053)COMPOSER_DISCARD_CHANGES
when set to 0
outdated
command with --major-only
(#11032)show --platform
regression since 2.4.0 when running in a directory without composer.json (#11046)COMPOSER_NO_AUDIT
env var to easily apply the new --no-audit flag in CI (#10998)show
command showing packages in two sections, this was only meant for the outdated
command (#11000)COMPOSER_NO_DEV
so it also works with require
and remove
's --update-no-dev
(#10995)bump
command to bump requirements to the currently installed version (#10829)audit
command to check for known security vulnerabilities in installed packages (#10798, #10898)update
is done, can be overridden with --no-audit
(#10798, #10898)--audit
to install
command to also do an audit (#10798, #10898)json
format output to the check-platform-reqs
command (#10979)r
alias to require
command (#10953)composer/class-map-generator
dependency to replace Composer\Autoload\ClassMapGenerator
which is now deprecated (#10885)--locked
to depends
/prohibits
commands (#10834)--strict-psr
flag to dump-autoload
command to fail the process if PSR violations were detected, useful for CI (#10886)COMPOSER_PREFER_STABLE
and COMPOSER_PREFER_LOWEST
env vars to turn on --prefer-stable
/--prefer-lowest
on update
and require
command, useful for CI (#10919)--major-only
flag to the outdated
command to show only packages with major version updates (#10827)outdated
command output (#10779)vcs
and repo
caches (#10826)--gc
flag to clear-cache
to only trigger a garbage collection instead of clearing everything (#10826)--dev
when requiring packages with dev
/testing
/static analysis
keywords present (#10960)require
, init
and create-project
commands when the latest version of a package cannot be used due to platform requirements (#10896)COMPOSER_NO_DEV
so it also works with require
and remove
's --update-no-dev
(#10995)Composer 2.4 is ready for a release, and we need your help to test it and report any regression.
composer self-update --preview
will get you the 2.4.0-RC1composer self-update --stable
will get you back on the latest 2.3 stable release if anything broke.bump
command to bump requirements to the currently installed version (#10829)audit
command to check for known security vulnerabilities in installed packages (#10798, #10898)update
is done, can be overridden with --no-audit
(#10798, #10898)--audit
to install
command to also do an audit (#10798, #10898)r
alias to require
command (#10953)composer/class-map-generator
dependency to replace Composer\Autoload\ClassMapGenerator
which is now deprecated (#10885)--locked
to depends
/prohibits
commands (#10834)--strict-psr
flag to dump-autoload
command to fail the process if PSR violations were detected, useful for CI (#10886)COMPOSER_PREFER_STABLE
and COMPOSER_PREFER_LOWEST
env vars to turn on --prefer-stable
/--prefer-lowest
on update
and require
command, useful for CI (#10919)--major-only
flag to the outdated
command to show only packages with major version updates (#10827)outdated
command output (#10779)vcs
and repo
caches (#10826)--gc
flag to clear-cache
to only trigger a garbage collection instead of clearing everything (#10826)--dev
when requiring packages with dev
/testing
/static analysis
keywords present (#10960)require
, init
and create-project
commands when the latest version of a package cannot be used due to platform requirements (#10896)create-project
with a project that does not configure allow-plugins
, see the top post of #10928 for a workaround.create-project
with a project that does not configure allow-plugins
, see the top post of #10928 for a workaround.