---
- branch: MAIN
  date: Wed Oct 27 12:29:27 UTC 2021
  files:
  - new: '1.23'
    old: '1.22'
    path: pkgsrc/devel/php-composer/Makefile
    pathrev: pkgsrc/devel/php-composer/Makefile@1.23
    type: modified
  - new: '1.24'
    old: '1.23'
    path: pkgsrc/devel/php-composer/distinfo
    pathrev: pkgsrc/devel/php-composer/distinfo@1.24
    type: modified
  id: 20211027T122927Z.19dc4ce171b6adc948efba88acf933b9f39b3ec1
  log: |
    php-composer: Update to 2.1.9

    Upstream release notes:

    2.1.9
     - Security: Fixed command injection vulnerability on Windows
       (GHSA-frqg-7g38-6gcf / CVE-2021-41116)
     - Fixed classmap parsing with a new class parser which does not rely on regexes
       anymore (#10107)
     - Fixed inline git credentials showing up in output in some conditions (#10115)
     - Fixed support for running updates while offline as long as the cache contains
       enough information (#10116)
     - Fixed show --all foo/bar which as of 2.0.0 was not showing all versions
       anymore but only the installed one (#10095)
     - Fixed VCS repos ignoring some versions silently when the API rate limit is
       reached (#10132)
     - Fixed CA bundle to remove the expired Let's Encrypt root CA

    2.1.8
     - Fixed regression in 2.1.7 when parsing classmaps in files containing invalid
       Unicode (#10102)

    2.1.7
     - Added many type annotations internally, which may have an effect on CI/static
       analysis for people using Composer as a dependency. This work will continue
       in following releases
     - Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (#10067)
     - Fixed regression in 2.1.6 where list command was not showing plugin commands
       (#10075)
     - Fixed issue handling package updates where the package type changed (#10076)
     - Fixed docker being detected as WSL when run inside WSL (#10094)

    2.1.6
     - Updated internal PHAR signatures to be SHA512 instead of SHA1
     - Fixed uncaught exception handler regression (#10022)
     - Fixed more PHP 8.1 deprecation warnings (#10036, #10038, #10061)
     - Fixed corrupted zips in the cache from blocking installs until a cache clear,
       the bad archives are now deleted automatically on first failure (#10028)
     - Fixed URL sanitizer handling of new github tokens (#10048)
     - Fixed issue finding classes with very long heredocs in classmap autoload
       (#10050)
     - Fixed proc_open being required for simple installs from zip, as well as
       diagnose (#9253)
     - Fixed path repository bug causing symlinks to be left behind after a package
       is uninstalled (#10023)
     - Fixed issue in 7-zip support on windows with certain archives (#10058)
     - Fixed bootstrapping process to avoid loading the composer.json and plugins
       until necessary, speeding things up slightly (#10064)
     - Fixed lib-openssl detection on FreeBSD (#10046)
     - Fixed support for ircs:// protocol for support.irc composer.json entries
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/php-composer'
  unixtime: '1635337767'
  user: tpaul