{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**Version 2.3.5** - 2022-04-13\n\n  * Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)\n  * Added warning when downloading a file with `verify_peer[_name]` disabled (#10722)\n  * Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)\n  * Fixed composer.lock file still being used/read when the `lock` config option is disabled (#10726)\n  * Fixed `validate` command checking the lock file even if the `lock` option is disabled (#10723)\n  * Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)\n\n\n----\n\n**Version 2.3.4** -  2022-04-07\n\n  * Fixed the generated autoload.php to support running on PHP 5.6+ (down from 7.0+) and warn clearly on older PHP versions (#10714)\n  * Fixed run-script --list flag regression (#10710)\n  * Fixed curl downloader handling of DNS resolution failures to do an automatic retry (#10716)\n  * Fixed script handling of external commands not setting the Path env correctly on windows (#10700)\n  * Fixed various type errors (#10694, #10696, #10702, #10712, #10703)\n\n\n\n----\n\n**Version 2.3.3** -  2022-04-01\n\n  * Added --2.2 flag to `self-update` to pin the Composer version to the 2.2 LTS range (#10682)\n  * Added missing config.bitbucket-oauth in composer-schema.json\n  * Fixed type errors in SvnDriver (#10681)\n  * Fixed --version output to match the pre-2.3 one (#10684)\n  * Fixed config/auth.json files not being validated against the composer-schema.json (#10685)\n  * Fixed generation of autoload crashing if a package has a broken path (#10688)\n  * Fixed GitDriver state issue when reusing old cache dirs and the default branch was renamed (#10687)\n  * Updated semver, jsonlint deps for minor fixes\n  * Removed dev-master=>dev-main alias from #10372 as it does not work when reloading from lock file and extracting dev deps (#10651)\n\n\n\n----\n\n**Version 2.3.2** -  2022-03-30\n\n  * Fixed type error when running `exec` command (#10672)\n  * Fixed endless loop in plugin activation prompt when input is not fully interactive yet appears to be (#10648)\n  * Fixed type error in ComposerRepository (#10675)\n  * Fixed issues loading platform packages where the version of a library cannot be established (#10631)\n\n----\n\n**Version 2.3.1** -  2022-03-30\n\n  * Fixed type error when HOME env var is not set (#10670)\n\n\n\n----\n\n**Version 2.3.0** -  2022-03-30\n\n* Fixed many strict types errors (#10646, #10642, #10647, #10658, #10656, #10665, #10660, #10663, #10662)\n\n----\n\n**Version 2.3.0-RC2** -  2022-03-20\n\n* Fixed invalid return value in ComposerRepository::findPackage (#10622)\n* Fixed many `show` command issues due to a flipped condition (#10623)\n* Fixed `phpversion()` handling when it returns false due to an extension defining no version (#10631)\n* Fixed `remove` command failing when no `allow-plugin` is defined in config (#10629)\n* Performance improvement in Composer bootstrapping (version guessing) when on a feature branch (#10632)\n\n----\n\n**Version 2.3.0-RC1** -  2022-03-16\n\n* BC Break: the minimum PHP version is now 7.2.5+, use the [Composer 2.2 LTS](https://github.com/composer/composer/issues/10340) if you are stuck with an older PHP (#10343)\n* BC Break: added native parameter & return types to many internal APIs, we explicitly left the most extended/implemented symbols untouched but if this causes problems nonetheless please report it ASAP (#10547, #10561)\n* BC Break: added visibility to all constants, a few internal ones have been made private/protected, if this causes problems please report it ASAP (#10550)\n* BC Break: the minimum supported Symfony components version is now 5.4, this only affects you if you are requiring composer/composer directly however, which is generally frowned upon\n* Bumped `composer-plugin-api` to `2.3.0`\n* Bumped bundled Symfony components from 2.8 to 5.4 \ud83e\udd73\n* Added `declare(strict_types=1)` to all the classes, which for sure could cause regressions in edge cases, please report with stack traces (#10567)\n* Added `--patch-only` to the `outdated` command to only show updates to patch versions and ignore new major/minor versions (#10589)\n* Added clickable links to various commands for terminals which support it (#10430)\n* Added ProcessExecutor ability to receive commands as arrays by (internals/plugin change only) (#10435)\n* Added abandoned flag to `show`/`outdated` commands JSON-formatted output (#10485)\n* Added config.reference option to `path` repositories to configure the way the reference is generated, and possibly reduce composer.lock conflicts (#10488)\n* Added automatic removal of allow-plugins rules when removing a plugin via the `remove` command (#10615)\n* Added COMPOSER_IGNORE_PLATFOR_REQ & COMPOSER_IGNORE_PLATFOR_REQS env vars to configure the equivalent flags (#10616)\n* Added support for Symfony 6.0 components\n* Added support for psr/log 3.x (#10454)\n* Fixed symlink creation in linux VM guest filesystems to be recognized by Windows (#10592)\n* Performance improvement in pool optimization step (#10585)\n\n\n----\n\n**Version 2.2.10** -  2022-03-29\n\n* Fixed Bitbucket authorization detection due to API changes (#10657)\n* Fixed validate command warning about dist/source keys if defined (#10655)\n* Fixed deletion/handling of corrupted 0-bytes zip archives (#10666)\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2022-04-14 05:37:31", "date_modified": null, "date_approved": null, "date_testing": "2022-04-14 16:40:10", "date_stable": "2022-04-21 21:21:21", "alias": "FEDORA-2022-47d2e7da46", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2022-04-21 21:21:21", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2022-47d2e7da46", "title": "composer-2.3.5-1.fc35", "version_hash": "72ba8d3732b5794e8826a34f90a21bb89fd75318", "release": {"name": "F35", "long_name": "Fedora 35", "version": "35", "id_prefix": "FEDORA", "branch": "f35", "dist_tag": "f35", "stable_tag": "f35-updates", "testing_tag": "f35-updates-testing", "candidate_tag": "f35-updates-candidate", "pending_signing_tag": "f35-signing-pending", "pending_testing_tag": "f35-updates-testing-pending", "pending_stable_tag": "f35-updates-pending", "override_tag": "f35-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2022-04-14 05:37:32", "update_id": 396124, "user_id": 91, "id": 2489232, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2022-04-14 05:37:32", "update_id": 396124, "user_id": 91, "id": 2489233, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [composer-2.3.4-1.fc35](https://bodhi.fedoraproject.org/updates/FEDORA-2022-f035ff40ca), and has inherited its bugs and notes.", "timestamp": "2022-04-14 05:37:35", "update_id": 396124, "user_id": 91, "id": 2489239, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2022-04-14 16:40:58", "update_id": 396124, "user_id": 91, "id": 2489837, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "There seems to be a minor regression in this version which I've reported [on their Github](https://github.com/composer/composer/issues/10739) but this otherwise is functional in my testing.", "timestamp": "2022-04-15 16:41:24", "update_id": 396124, "user_id": 4571, "id": 2490900, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "dminer", "email": "daltonminer@gmail.com", "id": 4571, "avatar": "https://seccdn.libravatar.org/avatar/e9395477c2052b747857290b61e9bcbb714db48350498f2f49ed1fbcb44d9b45?s=24&d=retro", "openid": "dminer.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-hyperscale"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "ocp-cico-hyperscale"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2022-04-19 13:32:36", "update_id": 396124, "user_id": 2935, "id": 2496661, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2022-04-19 13:34:53", "update_id": 396124, "user_id": 91, "id": 2496668, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2022-04-21 16:42:08", "update_id": 396124, "user_id": 91, "id": 2499374, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2022-04-21 21:22:05", "update_id": 396124, "user_id": 91, "id": 2499734, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "composer-2.3.5-1.fc35", "signed": true, "release_id": 51, "type": "rpm", "epoch": 0}], "bugs": [], "updateid": "FEDORA-2022-47d2e7da46", "karma": 2, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}