1
0
Fork 0
composer/CHANGELOG.md

31 KiB

1.1.2 - 2016-05-31

  • Fixed degraded mode issue when accessing packagist.org
  • Fixed GitHub access_token being added on subsequent requests in case of redirections
  • Fixed exclude-from-classmap not working in some circumstances
  • Fixed openssl warning preventing the use of config command for disabling tls

1.1.1 - 2016-05-17

  • Fixed regression in handling of #reference which made it update every time
  • Fixed dev platform requirements being required even in --no-dev install from a lock file
  • Fixed parsing of extension versions that do not follow valid numbers, we now try to parse x.y.z and ignore the rest
  • Fixed exact constraints warnings appearing for 0.x versions
  • Fixed regression in the remove command

1.1.0 - 2016-05-10

  • Added fallback to SSH for https bitbucket URLs
  • Added BaseCommand::isProxyCommand that can be overridden to mark a command as being a mere proxy, which helps avoid duplicate warnings etc on composer startup
  • Fixed archiving generating long paths in zip files on Windows

1.1.0-RC - 2016-04-29

  • Added ability for plugins to register their own composer commands
  • Optimized the autoloader initialization using static loading on PHP 5.6 and above, this reduces the load time for large classmaps to almost nothing
  • Added --latest to show command to show the latest version available of your dependencies
  • Added --outdated to show command an composer outdated alias for it, to show only packages in need of update
  • Added --direct to show and outdated commands to show only your direct dependencies in the listing
  • Added support for editing all top-level properties (name, minimum-stability, ...) as well as extra values via the config command
  • Added abandoned state warning to the show and outdated commands when listing latest packages
  • Added support for ~/ and $HOME/ in the path repository paths
  • Added support for wildcards in the show command package filter, e.g. composer show seld/*
  • Added ability to call composer itself from scripts via @composer ...
  • Added untracked files detection to the status command
  • Added warning to validate command when using exact-version requires
  • Added warning once per domain when accessing insecure URLs with secure-http disabled
  • Added a dependency on composer/ca-bundle (extracted CA bundle management to a standalone lib)
  • Added support for empty directories when archiving to tar
  • Added an init event for plugins to react to, which occurs right after a Composer instance is fully initialized
  • Added many new detections of problems in the why-not/prohibits command to figure out why something does not get installed in the expected version
  • Added a deprecation notice for script event listeners that use legacy script classes
  • Fixed abandoned state not showing up if you had a package installed before it was marked abandoned
  • Fixed --no-dev updates creating an incomplete lock file, everything is now always resolved on update
  • Fixed partial updates in case the vendor dir was not up to date with the lock file

1.0.3 - 2016-04-29

  • Security: Fixed possible command injection from the env vars into our sudo detection
  • Fixed interactive authentication with gitlab
  • Fixed class name replacement in plugins
  • Fixed classmap generation mistakenly detecting anonymous classes
  • Fixed auto-detection of stability flags in complex constraints like 2.0-dev || ^1.5
  • Fixed content-length handling when redirecting to very small responses

1.0.2 - 2016-04-21

  • Fixed regression in 1.0.1 on systems with mbstring.func_overload enabled
  • Fixed regression in 1.0.1 that made dev packages update to the latest reference even if not whitelisted in a partial update
  • Fixed init command ignoring the COMPOSER env var for choosing the json file name
  • Fixed error reporting bug when the dependency resolution fails
  • Fixed handling of $ sign in composer config command in some cases it could corrupt the json file

1.0.1 - 2016-04-18

  • Fixed URL updating when a package's URL changes, composer.lock now contains the right URL including correct reference
  • Fixed URL updating of the origin git remote as well for packages installed as git clone
  • Fixed binary .bat files generated from linux being incompatible with windows cmd
  • Fixed handling of paths with trailing slashes in path repository
  • Fixed create-project not using platform config when selecting a package
  • Fixed self-update not showing the channel it uses to perform the update
  • Fixed file downloads not failing loudly when the content does not match the Content-Length header
  • Fixed secure-http detecting some malformed URLs as insecure
  • Updated CA bundle

1.0.0 - 2016-04-05

  • Added support for bitbucket-oauth configuration
  • Added warning when running composer as super user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must
  • Added PluginManager::getGlobalComposer getter to retrieve the global instance (which can be null!)
  • Fixed dependency solver error reporting in many cases it now shows you proper errors instead of just saying a package does not exist
  • Fixed output of failed downloads appearing as 100% done instead of Failed
  • Fixed handling of empty directories when archiving, they are not skipped anymore
  • Fixed installation of broken plugins corrupting the vendor state when combined with symlinked path repositories

1.0.0-beta2 - 2016-03-27

  • Break: The install command now turns into an update command automatically if you have no composer.lock. This was done only half-way before which caused inconsistencies
  • Break: By default the remove command now removes dependencies as well, and --update-with-dependencies is deprecated. Use --no-update-with-dependencies to get old behavior
  • Added support for update channels in self-update. All users will now update to stable builds by default. Run self-update with --snapshot, --preview or --stable to switch between update channels.
  • Added support for SSL_CERT_DIR env var and openssl.capath ini value
  • Added some conflict detection in why-not command
  • Added suggestion of root package's suggests in create-project command
  • Fixed create-project ignoring --ignore-platform-reqs when choosing a version of the package
  • Fixed search command in a directory without composer.json
  • Fixed path repository handling of symlinks on windows
  • Fixed PEAR repo handling to prefer HTTPS mirrors over HTTP ones
  • Fixed handling of Path env var on Windows, only PATH was accepted before
  • Small error reporting and docs improvements

1.0.0-beta1 - 2016-03-03

  • Break: By default we now disable any non-secure protocols (http, git, svn). This may lead to issues if you rely on those. See secure-http config option.
  • Break: show / list command now only show installed packages by default. An --all option is added to show all packages.
  • Added VCS repo support for the GitLab API, see also gitlab-oauth and gitlab-domains config options
  • Added prohibits / why-not command to show what blocks an upgrade to a given package:version pair
  • Added --tree / -t to the show command to see all your installed packages in a tree view
  • Added --interactive / -i to the update command, which lets you pick packages to update interactively
  • Added exec command to run binaries while having bin-dir in the PATH for convenience
  • Added --root-reqs to the update command to update only your direct, first degree dependencies
  • Added cafile and capath config options to control HTTPS certificate authority
  • Added pubkey verification of composer.phar when running self-update
  • Added possibility to configure per-package preferred-install types for more flexibility between prefer-source and prefer-dist
  • Added unpushed-changes detection when updating dependencies and in the status command
  • Added COMPOSER_AUTH env var that lets you pass a json configuration like the auth.json file
  • Added secure-http and disable-tls config options to control HTTPS/HTTP
  • Added warning when Xdebug is enabled as it reduces performance quite a bit, hide it with COMPOSER_DISABLE_XDEBUG_WARN=1 if you must
  • Added duplicate key detection when loading composer.json
  • Added sort-packages config option to force sorting of the requirements when using the require command
  • Added support for the XDG Base Directory spec on linux
  • Added XzDownloader for xz file support
  • Fixed SSL support to fully verify peers in all PHP versions, unsecure HTTP is also disabled by default
  • Fixed stashing and cleaning up of untracked files when updating packages
  • Fixed plugins being enabled after installation even when --no-plugins
  • Many small bug fixes and additions

1.0.0-alpha11 - 2015-11-14

  • Added config.platform to let you specify what your target environment looks like and make sure you do not inadvertently install dependencies that would break it
  • Added exclude-from-classmap in the autoload config that lets you ignore sub-paths of classmapped directories, or psr-0/4 directories when building optimized autoloaders
  • Added path repository type to install/symlink packages from local paths
  • Added possibility to reference script handlers from within other handlers using @script-name to reduce duplication
  • Added suggests command to show what packages are suggested, use -v to see more details
  • Added content-hash inside the composer.lock to restrict the warnings about outdated lock file to some specific changes in the composer.json file
  • Added archive-format and archive-dir config options to specify default values for the archive command
  • Added --classmap-authoritative to install, update, require, remove and dump-autoload commands, forcing the optimized classmap to be authoritative
  • Added -A / --with-dependencies to the validate command to allow validating all your dependencies recursively
  • Added --strict to the validate command to treat any warning as an error that then returns a non-zero exit code
  • Added a dependency on composer/semver, which is the externalized lib for all the version constraints parsing and handling
  • Added support for classmap autoloading to load plugin classes and script handlers
  • Added bin-compat config option that if set to full will create .bat proxy for binaries even if Composer runs in a linux VM
  • Added SPDX 2.0 support, and externalized that in a composer/spdx-licenses lib
  • Added warnings when the classmap autoloader finds duplicate classes
  • Added --file to the archive command to choose the filename
  • Added Ctrl+C handling in create-project to cancel the operation cleanly
  • Fixed version guessing to use ^ always, default to stable versions, and avoid versions that require a higher php version than you have
  • Fixed the lock file switching back and forth between old and new URL when a package URL is changed and many people run updates
  • Fixed partial updates updating things they shouldn't when the current vendor dir was out of date with the lock file
  • Fixed PHAR file creation to be more reproducible and always generate the exact same phar file from a given source
  • Fixed issue when checking out git branches or tags that are also the name of a file in the repo
  • Many minor fixes and documentation additions and UX improvements

1.0.0-alpha10 - 2015-04-14

  • Break: The following event classes are deprecated and you should update your script handlers to use the new ones in type hints:
    • Composer\Script\CommandEvent is deprecated, use Composer\Script\Event
    • Composer\Script\PackageEvent is deprecated, use Composer\Installer\PackageEvent
  • Break: Output is now split between stdout and stderr. Any irrelevant output to each command is on stderr as per unix best practices.
  • Added support for npm-style semver operators (^ and - ranges, = AND, || = OR)
  • Added --prefer-lowest to update command to allow testing a package with the lowest declared dependencies
  • Added support for parsing semver build metadata +anything at the end of versions
  • Added --sort-packages option to require command for sorting dependencies
  • Added --no-autoloader to install and update commands to skip autoload generation
  • Added --list to run-script command to see available scripts
  • Added --absolute to config command to get back absolute paths
  • Added classmap-authoritative config option, if enabled only the classmap info will be used by the composer autoloader
  • Added support for branch-alias on numeric branches
  • Added support for the https_proxy/HTTPS_PROXY env vars used only for https URLs
  • Added support for using real composer repos as local paths in create-project command
  • Added --no-dev to licenses command
  • Added support for PHP 7.0 nightly builds
  • Fixed detection of stability when parsing multiple constraints
  • Fixed installs from lock file containing updated composer.json requirement
  • Fixed the autoloader suffix in vendor/autoload.php changing in every build
  • Many minor fixes, documentation additions and UX improvements

1.0.0-alpha9 - 2014-12-07

  • Added remove command to do the reverse of require
  • Added --ignore-platform-reqs to install/update commands to install even if you are missing a php extension or have an invalid php version
  • Added a warning when abandoned packages are being installed
  • Added auto-selection of the version constraint in the require command, which can now be used simply as composer require foo/bar
  • Added ability to define custom composer commands using scripts
  • Added browse command to open a browser to the given package's repo URL (or homepage with -H)
  • Added an autoload-dev section to declare dev-only autoload rules + a --no-dev flag to dump-autoload
  • Added an auth.json file, with store-auths config option
  • Added a http-basic config option to store login/pwds to hosts
  • Added failover to source/dist and vice-versa in case a download method fails
  • Added --path (-P) flag to the show command to see the install path of packages
  • Added --update-with-dependencies and --update-no-dev flags to the require command
  • Added optimize-autoloader config option to force the -o flag from the config
  • Added clear-cache command
  • Added a GzipDownloader to download single gzipped files
  • Added ssh support in the github-protocols config option
  • Added pre-dependencies-solving and post-dependencies-solving events
  • Added pre-archive-cmd and post-archive-cmd script events to the archive command
  • Added a no-api flag to GitHub VCS repos to skip the API but still get zip downloads
  • Added http-basic auth support for private git repos not on github
  • Added support for autoloading .hh files when running HHVM
  • Added support for PHP 5.6
  • Added support for OTP auth when retrieving a GitHub API key
  • Fixed isolation of files autoloaded scripts to ensure they can not affect anything
  • Improved performance of solving dependencies
  • Improved SVN and Perforce support
  • A boatload of minor fixes, documentation additions and UX improvements

1.0.0-alpha8 - 2014-01-06

  • Break: The install command now has --dev enabled by default. --no-dev can be used to install without dev requirements
  • Added composer-plugin package type to allow extensibility, and deprecated composer-installer
  • Added psr-4 autoloading support and deprecated target-dir since it is a better alternative
  • Added --no-plugins flag to replace --no-custom-installers where available
  • Added global command to operate Composer in a user-global directory
  • Added licenses command to list the license of all your dependencies
  • Added pre-status-cmd and post-status-cmd script events to the status command
  • Added post-root-package-install and post-create-project-cmd script events to the create-project command
  • Added pre-autoload-dump script event
  • Added --rollback flag to self-update
  • Added --no-install flag to create-project to skip installing the dependencies
  • Added a hhvm platform package to require Facebook's HHVM implementation of PHP
  • Added github-domains config option to allow using GitHub Enterprise with Composer's GitHub support
  • Added prepend-autoloader config option to allow appending Composer's autoloader instead of the default prepend behavior
  • Added Perforce support to the VCS repository
  • Added a vendor/composer/autoload_files.php file that lists all files being included by the files autoloader
  • Added support for the no_proxy env var and other proxy support improvements
  • Added many robustness tweaks to make sure zip downloads work more consistently and corrupted caches are invalidated
  • Added the release date to composer -V output
  • Added autoloader-suffix config option to allow overriding the randomly generated autoloader class suffix
  • Fixed BitBucket API usage
  • Fixed parsing of inferred stability flags that are more stable than the minimum stability
  • Fixed installation order of plugins/custom installers
  • Fixed tilde and wildcard version constraints to be more intuitive regarding stabilities
  • Fixed handling of target-dir changes when updating packages
  • Improved performance of the class loader
  • Improved memory usage and performance of solving dependencies
  • Tons of minor bug fixes and improvements

1.0.0-alpha7 - 2013-05-04

  • Break: For forward compatibility, you should change your deployment scripts to run composer install --no-dev. The install command will install dev dependencies by default starting in the next release
  • Break: The update command now has --dev enabled by default. --no-dev can be used to update without dev requirements, but it will create an incomplete lock file and is discouraged
  • Break: Removed support for lock files created before 2012-09-15 due to their outdated unusable format
  • Added prefer-stable flag to pick stable packages over unstable ones when possible
  • Added preferred-install config option to always enable --prefer-source or --prefer-dist
  • Added diagnose command to to system/network checks and find common problems
  • Added wildcard support in the update whitelist, e.g. to update all packages of a vendor do composer update vendor/*
  • Added archive command to archive the current directory or a given package
  • Added run-script command to manually trigger scripts
  • Added proprietary as valid license identifier for non-free code
  • Added a php-64bit platform package that you can require to force a 64bit php
  • Added a lib-ICU platform package
  • Added a new official package type project for project-bootstrapping packages
  • Added zip/dist local cache to speed up repetitive installations
  • Added post-autoload-dump script event
  • Added Event::getDevMode to let script handlers know if dev requirements are being installed
  • Added discard-changes config option to control the default behavior when updating "dirty" dependencies
  • Added use-include-path config option to make the autoloader look for files in the include path too
  • Added cache-ttl, cache-files-ttl and cache-files-maxsize config option
  • Added cache-dir, cache-files-dir, cache-repo-dir and cache-vcs-dir config option
  • Added support for using http(s) authentication to non-github repos
  • Added support for using multiple autoloaders at once (e.g. PHPUnit + application both using Composer autoloader)
  • Added support for .inc files for classmap autoloading (legacy support, do not do this on new projects!)
  • Added support for version constraints in show command, e.g. composer show monolog/monolog 1.4.*
  • Added support for svn repositories containing packages in a deeper path (see package-path option)
  • Added an artifact repository to scan a directory containing zipped packages
  • Added --no-dev flag to install and update commands
  • Added --stability (-s) flag to create-project to lower the required stability
  • Added --no-progress to install and update to hide the progress indicators
  • Added --available (-a) flag to the show command to display only available packages
  • Added --name-only (-N) flag to the show command to show only package names (one per line, no formatting)
  • Added --optimize-autoloader (-o) flag to optimize the autoloader from the install and update commands
  • Added -vv and -vvv flags to get more verbose output, can be useful to debug some issues
  • Added COMPOSER_NO_INTERACTION env var to do the equivalent of --no-interaction (should be set on build boxes, CI, PaaS)
  • Added PHP 5.2 compatibility to the autoloader configuration files so they can be used to configure another autoloader
  • Fixed handling of platform requirements of the root package when installing from lock
  • Fixed handling of require-dev dependencies
  • Fixed handling of unstable packages that should be downgraded to stable packages when updating to new version constraints
  • Fixed parsing of the ~ operator combined with unstable versions
  • Fixed the require command corrupting the json if the new requirement was invalid
  • Fixed support of aliases used together with <version>#<reference> constraints
  • Improved output of dependency solver problems by grouping versions of a package together
  • Improved performance of classmap generation
  • Improved mercurial support in various places
  • Improved lock file format to minimize unnecessary diffs
  • Improved the config command to support all options
  • Improved the coverage of the validate command
  • Tons of minor bug fixes and improvements

1.0.0-alpha6 - 2012-10-23

  • Schema: Added ability to pass additional options to repositories (i.e. ssh keys/client certificates to secure private repos)
  • Schema: Added a new ~ operator that should be preferred over >=, see http://getcomposer.org/doc/01-basic-usage.md#package-versions
  • Schema: Version constraints <x.y are assumed to be <x.y-dev unless specified as <x.y-stable to reduce confusion
  • Added config command to edit/list config values, including --global switch for system config
  • Added OAuth token support for the GitHub API
  • Added ability to specify CLI commands as scripts in addition to PHP callbacks
  • Added --prefer-dist flag to force installs of dev packages from zip archives instead of clones
  • Added --working-dir (-d) flag to change the working directory
  • Added --profile flag to all commands to display execution time and memory usage
  • Added github-protocols config key to define the order of preferred protocols for github.com clones
  • Added ability to interactively reset changes to vendor dirs while updating
  • Added support for hg bookmarks in the hg driver
  • Added support for svn repositories not following the standard trunk/branch/tags scheme
  • Fixed git clones of dev versions so that you end up on a branch and not in detached HEAD
  • Fixed "Package not installed" issues with --dev installs
  • Fixed the lock file format to be a snapshot of all the package info at the time of update
  • Fixed order of autoload requires to follow package dependencies
  • Fixed rename() failures with "Access denied" on windows
  • Improved memory usage to be more reasonable and not grow with the repository size
  • Improved performance and memory usage of installs from composer.lock
  • Improved performance of a few essential code paths
  • Many bug small fixes and docs improvements

1.0.0-alpha5 - 2012-08-18

  • Added dump-autoload command to only regenerate the autoloader
  • Added --optimize to dump-autoload to generate a more performant classmap-based autoloader for production
  • Added status command to show if any source-installed dependency has local changes, use --verbose to see changed files
  • Added --verbose flag to install and update that shows the new commits when updating source-installed dependencies
  • Added --no-update flag to require to only modify the composer.json file but skip the update
  • Added --no-custom-installers and --no-scripts to install, update and create-project to prevent all automatic code execution
  • Added support for installing archives that contain only a single file
  • Fixed APC related issues in the autoload script on high load websites
  • Fixed installation of branches containing capital letters
  • Fixed installation of custom dev versions/branches
  • Improved the coverage of the validate command
  • Improved PEAR scripts/binaries support
  • Improved and fixed the output of various commands
  • Improved error reporting on network failures and some other edge cases
  • Various minor bug fixes and docs improvements

1.0.0-alpha4 - 2012-07-04

  • Break: The default minimum-stability is now stable, read more
  • Break: Custom installers now receive the IO instance and a Composer instance in their constructor
  • Schema: Added references for dev versions, requiring dev-master#abcdef for example will force the abcdef commit
  • Schema: Added support key with some more metadata (email, issues, forum, wiki, irc, source)
  • Schema: Added != operator for version constraints in require/require-dev
  • Added a recommendation for package names to be lower-cased/with-dashes, it will be enforced for new packages on Pacakgist
  • Added require command to add a package to your requirements and install it
  • Added a whitelist to update. Calling composer update foo/bar foo/baz allows you to update only those packages
  • Added support for overriding repositories in the system config (define repositories in ~/.composer/config.json)
  • Added lib-* packages to the platform repository, e.g. lib-pcre contains the pcre version
  • Added caching of GitHub metadata (faster startup time with custom GitHub VCS repos)
  • Added caching of SVN metadata (faster startup time with custom SVN VCS repos)
  • Added support for file:// URLs to GitDriver
  • Added --self flag to the show command to display the infos of the root package
  • Added --dev flag to create-project command
  • Added --no-scripts to install and update commands to avoid triggering the scripts
  • Added COMPOSER_ROOT_VERSION env var to specify the version of the root package (fixes some edge cases)
  • Added support for multiple custom installers in one package
  • Added files autoloading method which requires files on every request, e.g. to load functional code
  • Added automatic recovery for lock files that contain references to rewritten (force pushed) commits
  • Improved PEAR repositories support and package.xml extraction
  • Improved and fixed the output of various commands
  • Fixed the order of installation of requirements (they are always installed before the packages requiring them)
  • Cleaned up / refactored the dependency solver code as well as the output for unsolvable requirements
  • Various bug fixes and docs improvements

1.0.0-alpha3 - 2012-05-13

  • Schema: Added require-dev for development-time requirements (tests, etc), install with --dev
  • Schema: Added author.role to list the author's role in the project
  • Schema: Added minimum-stability + @<stability> flags in require for restricting packages to a certain stability
  • Schema: Removed recommend
  • Schema: suggest is now informational and can use any description for a package, not only a constraint
  • Break: vendor/.composer/autoload.php has been moved to vendor/autoload.php, other files are now in vendor/composer/
  • Added caching of repository metadata (faster startup times & failover if packagist is down)
  • Added removal of packages that are not needed anymore
  • Added include_path support for legacy projects that are full of require_once statements
  • Added installation notifications API to allow better statistics on Composer repositories
  • Added support for proxies that require authentication
  • Added support for private github repositories over https
  • Added autoloading support for root packages that use target-dir
  • Added awareness of the root package presence and support for it's provide/replace/conflict keys
  • Added IOInterface::isDecorated to test for colored output support
  • Added validation of licenses based on the SPDX registry
  • Improved repository protocol to have large cacheable parts
  • Fixed various bugs relating to package aliasing, proxy configuration, binaries
  • Various bug fixes and docs improvements

1.0.0-alpha2 - 2012-04-03

  • Added create-project command to install a project from scratch with composer
  • Added automated classmap autoloading support for non-PSR-0 compliant projects
  • Added human readable error reporting when deps can not be solved
  • Added support for private GitHub and SVN repositories (use --no-interaction for CI)
  • Added "file" downloader type to download plain files
  • Added support for authentication with svn repositories
  • Added autoload support for PEAR repositories
  • Improved clones from GitHub which now automatically select between git/https/http protocols
  • Improved validate command to give more feedback
  • Improved the search & show commands output
  • Removed dependency on filter_var
  • Various robustness & error handling improvements, docs fixes and more bug fixes

1.0.0-alpha1 - 2012-03-01

  • Initial release