Instead of marking locked packages as fixed, we change the pool builder
to load only the locked version and treat it like a fixed package, but
removing the actual request fix, makes the solver treat it as a regular
optional dependency. As a consequence locked packages may be removed on
a partial update of another package, but they cannot be updated.
So far the ordering of alias packages with the same name was undefined
so the actual order was determined by implementation of the sorting
algorithm in PHP. As of PHP8 sort is stable by default which changes the
outcome in some of our test cases.
With the fully defined total order the order can longer change depending
on sorting algorithm used and remains the same across PHP versions.
* master:
Add tests for edge cases of packages providing names which exist as real packages
Add another test verifying that a package may provide an incompatible version of sth that actually exists
Fix provider coexistence test, needs another requirement to install both
Fix test filename to end with .test extension so it gets run
Update config section to note required scope for GitLab tokens
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes#9079
Also remove credentials from cache dirs in git/svn drivers, fixes#7439, refs #9155
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Sanitize repo URLs to mask HTTP auth passwords from cache directory
Util/Zip: fix strpos args order
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
Nils Adermann