Bump composer/composer from 1.9.0 to 2.0.10

[dependabot-preview]

Bumps composer/composer from 1.9.0 to 2.0.10.

Release notes

Sourced from composer/composer's releases.

2.0.10

• Added COMPOSER_MAX_PARALLEL_HTTP env var to let people set a lower amount of parallel requests if needed
• Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
• Fixed exec command suppressing output in some circumstances
• Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
• Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
• Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
• Fixed regression handling some private Bitbucket repository clones
• Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
• Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
• Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
• Fixed support for older lib-sodium versions
• Fixed various minor issues

2.0.9

• Added warning if the curl extension is not enabled as it significantly degrades performance
• Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
• Fixed download speed when downloading large files
• Fixed archive and path repo copies mishandling some .gitignore paths
• Fixed root package classes not being available to the plugins/scripts during the initial install
• Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
• Fixed preg jit issues when config or require modifies large composer.json files
• Fixed compatibility with envs having open_basedir restrictions
• Fixed exclude-from-classmap causing regex issues when having too many paths
• Fixed compatibility issue with Symfony 4/5
• Several small performance and debug output improvements

2.0.8

• Fixed packages with aliases not matching conflicts which match the alias
• Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
• Fixed curl error handling edge cases
• Fixed cached git repositories becoming stale by having a git gc applied to them periodically
• Fixed issue initializing plugins when using dev packages
• Fixed update --lock / mirrors failing to update in some edge cases
• Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

2.0.7

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
• Fixed root aliases not being present in lock file if not required by anything else
• Fixed remove command requiring a lock file to be present
• Fixed Composer\InstalledVersions to always contain up to date data during installation
• Fixed status command breaking on slow networks
• Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

2.0.6

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

2.0.5

• Disabled platform-check verification of extensions by default (now defaulting php-only), set platform-check to true if you want a complete check
• Improved platform-check handling of issue reporting

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.0.10] 2021-02-23

• Added COMPOSER_MAX_PARALLEL_HTTP to let people set a lower amount of parallel requests if needed
• Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
• Fixed exec command suppressing output in some circumstances
• Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
• Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
• Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
• Fixed regression handling some private Bitbucket repository clones
• Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
• Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
• Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
• Fixed support for older lib-sodium versions
• Fixed various minor issues

[2.0.9] 2021-01-27

• Added warning if the curl extension is not enabled as it significantly degrades performance
• Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
• Fixed download speed when downloading large files
• Fixed archive and path repo copies mishandling some .gitignore paths
• Fixed root package classes not being available to the plugins/scripts during the initial install
• Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
• Fixed preg jit issues when config or require modifies large composer.json files
• Fixed compatibility with envs having open_basedir restrictions
• Fixed exclude-from-classmap causing regex issues when having too many paths
• Fixed compatibility issue with Symfony 4/5
• Several small performance and debug output improvements

[2.0.8] 2020-12-03

• Fixed packages with aliases not matching conflicts which match the alias
• Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
• Fixed curl error handling edge cases
• Fixed cached git repositories becoming stale by having a git gc applied to them periodically
• Fixed issue initializing plugins when using dev packages
• Fixed update --lock / mirrors failing to update in some edge cases
• Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

[2.0.7] 2020-11-13

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
• Fixed root aliases not being present in lock file if not required by anything else
• Fixed remove command requiring a lock file to be present
• Fixed Composer\InstalledVersions to always contain up to date data during installation
• Fixed status command breaking on slow networks
• Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

[2.0.6] 2020-11-07

... (truncated)

Commits

• 890c79f Release 2.0.10
• 3bb10f2 Update changelog
• 2597e19 Merge remote-tracking branch 'Sweetchuck/i9703-event-dispatcher-last-winner'
• d855986 Also allow backslashes to work on cmd.exe for plain executable paths, fixes #...
• cf2128a Merge pull request #9713 from Seldaek/fix-unixy-proxy
• 31d9f51 Auto-detect mingw and assume it is interactive, fixes #9690
• b3b0cf6 Generate binary proxy in PHP if the target binary is detected as a PHP script...
• 057006d Make sure @php path/to/bla gets executed as php path\to\bla on windows, fixes...
• 8f7597d Use a different way to suppress output than changing output verbosity in exec...
• 03e8cac Merge pull request #9696 from Seldaek/fix_installed_versions_during_update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #97.