|
| 1 | +### [2.7.0] 2024-02-08 |
| 2 | + |
| 3 | + * Security: Fixed code execution and possible privilege escalation via compromised vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821) |
| 4 | + * Changed the default of the `audit.abandoned` config setting to `fail`, set it to `report` or `ignore` if you do not want this, or set it via `COMPOSER_AUDIT_ABANDONED` env var (#11643) |
| 5 | + * Added --minimal-changes (-m) flag to `update`/`require`/`remove` commands to perform partial update with --with-dependencies while changing only what is absolutely necessary in transitive dependencies (#11665) |
| 6 | + * Added --sort-by-age (-A) flag to `outdated`/`show` commands to allow sorting by and displaying the release date (most outdated first) (#11762) |
| 7 | + * Added support for `--self` combined with `--installed` or `--locked` in `show` command, to add the root package to the package list being output (#11785) |
| 8 | + * Added severity information to `audit` command output (#11702) |
| 9 | + * Added `scripts-aliases` top level key in composer.json to define aliases for custom scripts you defined (#11666) |
| 10 | + * Added IPv4 fallback on connection timeout, as well as a `COMPOSER_IPRESOLVE` env var to force IPv4 or IPv6, set it to `4` or `6` (#11791) |
| 11 | + * Added support for wildcards in `outdated`'s --ignore arg (#11831) |
| 12 | + * Added support for `bump` command bumping `*` to `>=current version` (#11694) |
| 13 | + * Added detection of constraints that cannot possibly match anything to `validate` command (#11829) |
| 14 | + * Added package source information to the output of `install` when running in very verbose (-vv) mode (#11763) |
| 15 | + * Added audit of Composer's own bundled dependencies in `diagnose` command (#11761) |
| 16 | + * Added GitHub token expiration date to `diagnose` command output (#11688) |
| 17 | + * Added non-zero status code to why/why-not commands (#11796) |
| 18 | + * Added error when calling `show --direct <package>` with an indirect/transitive dependency (#11728) |
| 19 | + * Added `COMPOSER_FUND=0` env var to hide calls for funding (#11779) |
| 20 | + * Fixed `bump` command not bumping packages required with a `v` prefix (#11764) |
| 21 | + * Fixed automatic disabling of plugins when running non-interactive as root |
| 22 | + * Fixed `update --lock` not keeping the dist reference/url/checksum pinned (#11787) |
| 23 | + * Fixed `require` command crashing at the end if no lock file is present (#11814) |
| 24 | + * Fixed root aliases causing problems when auditing locked dependencies (#11771) |
| 25 | + * Fixed handling of versions with 4 components in `require` command (#11716) |
| 26 | + * Fixed compatibility issues with Symfony 7 |
| 27 | + * Fixed composer.json remaining behind after a --dry-run of the `require` command (#11747) |
| 28 | + * Fixed warnings being shown incorrectly under some circumstances (#11786, #11760, #11803) |
| 29 | + |
1 | 30 | ### [2.6.6] 2023-12-08 |
2 | 31 |
|
3 | 32 | * Fixed symfony/console requirement to exclude 7.x as Composer 2.6 is not compatible, 2.7 will be (#11741) |
|
1795 | 1824 |
|
1796 | 1825 | * Initial release |
1797 | 1826 |
|
| 1827 | +[2.7.0]: https://github.com/composer/composer/compare/2.6.6...2.7.0 |
1798 | 1828 | [2.6.6]: https://github.com/composer/composer/compare/2.6.5...2.6.6 |
1799 | 1829 | [2.6.5]: https://github.com/composer/composer/compare/2.6.4...2.6.5 |
1800 | 1830 | [2.6.4]: https://github.com/composer/composer/compare/2.6.3...2.6.4 |
|
0 commit comments