* AutoloadGenerator: add `Locker` parameter to the `dump` method
* AutoloadGenerator: do not create a random hash, re-use the one from the lock file if it exists
* FileSystem: make sure `safeCopy` copy also the file time metadata
Make `diagnose` checks aware of COMPOSER_DISABLE_NETWORK (true) and skip
Composer network operations that would otherwise spill stack traces into
diagnostic messages and taint the result as error while the check itself
is not applicable/useful within the environment.
`COMPOSER_DISABLE_NETWORK` was released with [2.0.0-alpha1] and intro-
duced in fc03ab9bb (Add COMPOSER_DISABLE_NETWORK env var for debugging,
2019-01-14).
The previous behaviour was to exit with a status of two (2), denoting an
error.
The new behaviour is to exit with a status of zero (0), showing the
successful skipping of diagnostics that can only be run when Composer
network is enabled - not disabled.
SKIP output is updated and streamlined.
NOTE: The "prime" Value
It is irrelevant for diagnose checks, as all diagnostic checks that
spilled were with the HTTP Downloader and the check is aligned (both
"1" or "prime" values disable):
(bool) Platform::getEnv('COMPOSER_DISABLE_NETWORK')
NOTE: Not Affected
* The `allow_url_fopen` diagnostic check, platform related
* The `disable-tls` setting related HTTP Downloader creation warning
[2.0.0-alpha1]: <https://getcomposer.org/changelog/2.0.0-alpha1> "released 2020-06-03"
When splitting the logic between the lock file management and the vendor
folder management in composer 2.0, the logic playing nice with make was
broken by running the logic based on operations performed in the lock
file instead of operations performed in the vendor folder.
* Audit: ignores configured repository options
* ComposerRepository: add test case to assert that repo http options are used to make security advisory POST request
The name column was always padded to maximum width, even if no other columns were printed.
This makes it difficult to use the output e.g. in pipelines.
Fixed for all possible columns, and with tests for two cases (regular show and show outdated).
On macOS, if libcurl is built against SecureTransport, the platform repository will contain an invalid package name:
% composer show --platform | grep curl
ext-curl 8.2.7 The curl PHP extension
lib-curl 8.1.2 The curl library
lib-curl-(securetransport) openssl 3.1.1 curl (securetransport) openss...
lib-curl-libssh2 1.11.0 curl libssh2 version
lib-curl-zlib 1.2.11 curl zlib version
This change fixes it:
% bin/composer show --platform | grep curl
lib-curl 8.1.2 The curl library
lib-curl-libssh2 1.11.0 curl libssh2 version
lib-curl-securetransport 3.1.1 curl (securetransport) openssl ...
lib-curl-zlib 1.2.11 curl zlib version
(second column width difference comes from the Composer dev version number)