Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php-composer2 for openSUSE:Factory checked in at 2025-12-22 22:52:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php-composer2 (Old) and /work/SRC/openSUSE:Factory/.php-composer2.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php-composer2" Mon Dec 22 22:52:18 2025 rev:32 rq:1324197 version:2.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/php-composer2/php-composer2.changes 2025-10-13 15:36:58.541350862 +0200 +++ /work/SRC/openSUSE:Factory/.php-composer2.new.1928/php-composer2.changes 2025-12-22 22:55:59.109707427 +0100 @@ -1,0 +2,67 @@ +Mon Dec 22 13:40:32 UTC 2025 - Petr Gajdos <[email protected]> + +- version update to 2.9.2 + * Added new --no-security-blocking flag to disable/configure security blocking (#12617) + * Added a way to set audit > ignore to act only on audits or only on security blocking (#12618, #12612) + * Fixed config command not being able to set the new audit settings (#12609) + * Fixed handling audit.ignore to support CVE ids while doing security blocking, but advisory IDs are still preferred for performance reasons (#12624) + * Fixed partial updates failing when another package in the lock file has a known security advisory (#12626) +- version update to 2.9.1 + * Fixed regression in phpunit binary proxies (#12601) + * Fixed script handler autoloading issues (#12606) + * Fixed null call of Command::setDescription in some cases (#12605) + * Fixed --prefer-lowest builds sometimes failing due to the filtering of versions with known vulnerabilities (#12603) +- version update to 2.9.0 + * Bumped composer-plugin-api to 2.9.0 + * Added automatic blocking of packages with security advisories from updates (#11956) + * Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956) + * Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956) + * Added audit > ignore-abandoned config setting to ignore some packages (#12572) + * Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470) + * Added repository command to add, remove, or update repositories more easily (#12388) + * Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388) + * Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349) + * Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545) + * Added support for forgejo / codeberg.org repositories (#12307) + * Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517) + * Added support for HTTP/3 if libcurl supports it (#12363) + * Added support for custom header authentication (#12372) + * Added support for client TLS certificates (#12406) + * Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595) + * Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473) + * Added support for running init without interaction (#12546) + * Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585) + * Added support for Windows Sudo to elevate during self-update (#12543) + * Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456) + * Fixed display of dist refs for dev versions when source is missing (#12562) + * Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423) + * Fixed compatibility issues with Symfony 7 + * Fixed issues with PHP preloading being hard to debug (#12528) +- version update to 2.9.0rc1 + * Bumped composer-plugin-api to 2.9.0 + * Added automatic blocking of packages with security advisories from updates (#11956) + * Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956) + * Added audit > block-abandoned config setting to control blocking of updates to abandoned packages (defaults to false) (#11956) + * Added audit > ignore-abandoned config setting to ignore some packages (#12572) + * Added --ignore-unreachable flag to audit command to allow running audit in environments that do not have access to some repos (#12470) + * Added repository command to add, remove, or update repositories more easily (#12388) + * Updated repositories structure to contain a name attribute and being stored preferably as list instead of object (#12388) + * Added support for --minimal-changes full updates where only packages that need changing to satisfy modified constraints are updated (#12349) + * Added update-with-minimal-changes config setting (and COMPOSER_MINIMAL_CHANGES env var) to default to minimal changes (#12545) + * Added support for forgejo / codeberg.org repositories (#12307) + * Added automatic recovery of simple lock file conflicts when running update with a file that has a content-hash conflict (#11517) + * Added support for HTTP/3 if libcurl supports it (#12363) + * Added support for custom header authentication (#12372) + * Added support for client TLS certificates (#12406) + * Added --locked flag to licenses command to show data from the lock file instead of installed packages (#12595) + * Added SHELL_VERBOSITY env var to control verbosity of shell scripts (#12473) + * Added support for running init without interaction (#12546) + * Added COMPOSER_PREFER_DEV_OVER_PRERELEASE env var for use in development together with --prefer-lowest builds (#12585) + * Added support for Windows Sudo to elevate during self-update (#12543) + * Improved performance of script handlers by reducing ad-hoc autoloader creation (#12456) + * Fixed display of dist refs for dev versions when source is missing (#12562) + * Fixed issue not showing abandoned warnings when a package is abandoned without new release (#12423) + * Fixed compatibility issues with Symfony 7 + * Fixed issues with PHP preloading being hard to debug (#12528) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php-composer2.spec ++++++ --- /var/tmp/diff_new_pack.dKP0EJ/_old 2025-12-22 22:55:59.709732173 +0100 +++ /var/tmp/diff_new_pack.dKP0EJ/_new 2025-12-22 22:55:59.713732338 +0100 @@ -1,6 +1,7 @@ # # spec file for package php-composer2 # +# Copyright (c) 2025 SUSE LLC # Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -17,7 +18,7 @@ Name: php-composer2 -Version: 2.8.12 +Version: 2.9.2 Release: 0 Summary: Dependency Management for PHP License: MIT ++++++ composer.phar ++++++ Binary files /var/tmp/diff_new_pack.dKP0EJ/_old and /var/tmp/diff_new_pack.dKP0EJ/_new differ ++++++ composer.phar.asc ++++++ Binary files /var/tmp/diff_new_pack.dKP0EJ/_old and /var/tmp/diff_new_pack.dKP0EJ/_new differ
