* master:
Add tests for edge cases of packages providing names which exist as real packages
Add another test verifying that a package may provide an incompatible version of sth that actually exists
Fix provider coexistence test, needs another requirement to install both
Fix test filename to end with .test extension so it gets run
Update config section to note required scope for GitLab tokens
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes#9079
Also remove credentials from cache dirs in git/svn drivers, fixes#7439, refs #9155
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Sanitize repo URLs to mask HTTP auth passwords from cache directory
Util/Zip: fix strpos args order
When a Composer repository is cached, a directory name is generated created stored package meta information fetched from that repository.
The cache directory can contain HTTP basic auth tokens, or access_token query parameters that end up in the directory name of the cache directory.
Discovered when trying out [GitLab composer repository feature](https://php.watch/articles/composer-gitlab-repositories), and the HTTP password was visible in a `composer update -vvv` command.
Using passwords/tokens in the URL is fundamentally a bad idea, but Composer already has `\Composer\Util\Url::sanitize()` that tries to mitigate such cases, and this same function is applied to the repo URL before deciding the name of the repo cache directory.
1. `Deprecated: Required parameter $name follows optional parameter $constraint in src\Composer\Repository\ComposerRepository.php on line 745`
2. `Deprecated: Required parameter $operation follows optional parameter $operations in src\Composer\Installer\PackageEvent.php on line 73`
Optional parameters with a type declared, and a default value of `null` is excepted from this deprecation. See https://php.watch/versions/8.0/deprecate-required-param-after-optional. This is the case in `ComposerRepository::isVersionAcceptable`, which still has two optional parameters as first two parameters, but this will not raise a deprecation notice.
Simon Berger