php-composer2-2.2.3-150400.3.12.1<>,^(fl0p9|ʏjcM\ "3 *4^_rxxK$و /jD10*]:cp|KSrX\rJJ̥^{f_k衠^h/[rY18l DK(ԑ(NޑIx A㤡p²133x]| .qdR>V]x[̞ )EU]XOd.ys*]jF(p2w 犒PPśGFdeB!4cDZ>EL?Ld $ B $=CJ " , @  *Th( 8 9H :% >H@HBHFHGHHHIIXIYI,ZIX[I\\Id]Ix^IbIcJdK0eK5fK8lK:uKLvK`wL8xLLyL`zLdLtLxL~LCphp-composer22.2.3150400.3.12.1Dependency Management for PHPComposer is a dependency manager tracking local dependencies of your projects and libraries.fl0h04-ch1c#cSUSE Linux Enterprise 15SUSE LLC MIThttps://www.suse.com/Development/Libraries/Otherhttps://getcomposer.org/linuxnoarchupdate-alternatives --install \ /usr/bin/composer composer /usr/bin/composer2 2if [ ! -f /usr/bin/composer2 ] ; then update-alternatives --remove composer /usr/bin/composer2 fi#5.A큤fl0fl0fl0fl0fl0b625b61ce25619610d5da6879f79adc1a09682908a1a05a04e9587aed9ca641ec8cce4b6b9729f264ffdf9296d505d63432497feeed1f586d1902b942197e024/etc/alternatives/composer@rootrootrootrootrootrootrootrootrootrootphp-composer2-2.2.3-150400.3.12.1.src.rpmcomposerphp-composerphp-composer2php5-composerphp7-composer@     /bin/sh/bin/sh/usr/bin/envphpphp-curlphp-jsonphp-mbstringphp-opensslphp-pharphp-zipphp-zlibrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)update-alternativesupdate-alternatives5.3.23.0.4-14.6.0-14.0-15.2-14.14.3fl0fh<@eYecaaa@aD@aA@`@`@_hpgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.compgajdos@suse.comi@guoyunhe.mei@guoyunhe.mepgajdos@suse.comjweberhofer@weberhofer.atkkaempf@suse.comkkaempf@suse.comi@guoyunhe.me- security update - added patches fix CVE-2024-35241 [bsc#1226181], code execution installing packages in repository with specially crafted branch names + php-composer2-CVE-2024-35241.patch- security update - added patches fix CVE-2024-35242 [bsc#1226182], command injection via specially crafted branch names during repository cloning + php-composer2-CVE-2024-35242.patch- security update - added patches fix CVE-2024-24821 [bsc#1219757], under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution + php-composer2-CVE-2024-24821.patch- security update - modified patches % php-composer2-CVE-2022-24828.patch (refreshed) - added patches fix CVE-2023-43655 [bsc#1215859], Remote Code Execution via web-accessible composer.phar + php-composer2-CVE-2023-43655.patch- security update - added patches fix CVE-2022-24828 [bsc#1198494], Code injection vulnerability + php-composer2-CVE-2022-24828.patch- version update to 2.2.3 2.2.3 2021-12-31 * Fixed issue with PHPUnit and process isolation now including PHPUnit <6.5 (#10387) * Fixed interoperability issue with laminas/laminas-zendframework-bridge and Composer 2.2 (#10401) * Fixed binary proxies for shell scripts to work correctly when they are symlinked (jakzal/phpqa#336) * Fixed overly greedy pool optimization in cases where a locked package is not required by anything anymore in a partial update (#10405) 2.2.2 2021-12-29 * Added COMPOSER_BIN_DIR env var and _composer_bin_dir global containing the path to the bin-dir for binaries. Packages relying on finding the bin dir with $BASH_SOURCES[0] will need to update their binaries (#10402) * Fixed issue when new binary proxies are combined with PHPUnit and process isolation (#10387) * Fixed deprecation warnings when using Symfony 5.4+ and requiring composer/composer itself (#10404) * Fixed UX of plugin warnings (#10381) 2.2.1 2021-12-22 * Fixed plugin autoloading including files autoload rules from the root package (#10382) * Fixed issue parsing php files with unterminated comments found inside backticks (#10385) 2.2.0 2021-12-22 * Added support for using dev-main as the default path repo package version if no VCS info is available (#10372) * Added --no-scripts as a globally supported flag to all Composer commands to disable scripts execution (#10371) * Fixed self-update failing in some edge cases due to loading plugins (#10371) * Fixed display of conflicts showing the wrong package name in some conditions (#10355) 2.2.0-RC1 2021-12-08 * Bumped composer-runtime-api and composer-plugin-api to 2.2.0 * UX Change: Added allow-plugins config value to enhance security against runtime execution, this will prompt you the first time you use a plugin and may hang pipelines if they aren't using --no-interaction (-n) as they should (#10314) * Added an optimization pass to reduce the amount of redundant inspected during resolution, drastically improving memory and CPU usage (#9261, [#9620]) * Added a global $_composer_autoload_path variable containing the path to autoload.php for binaries (#10137) * Added wildcard support to --ignore-platform-req (e.g. ext-*) (#10083) * Added support for ignoring the upper bound of platform requirements using "name+" notation e.g. using --ignore-platform-req=php+ would allow installing a package requiring php: 8.0.* on PHP 8.1, but not on PHP 7.4. Useful for CI builds of upcoming PHP versions (#10318) * Added support for setting platform packages to false in config.platform to disable/hide them (#10308) * Added use-parent-dir option to configure the prompt for using composer.json in upper directory when none is present in current dir (#10307) * Added composer platform package which is always the exact version of Composer running unlike composer-*-api packages (#10313) * Added a --source flag to config command to show where config values are loaded from (#10129) * Added support for files autoloaders in the runtime scripts/plugins contexts (#10065) * Added retry behavior on certain http status and curl error codes (#10162) * Added abandoned flag display in search command output * Added support for --ignore-platform-reqs in outdated command (#10293) * Added --only-vendor (-O) flag to search command to search (and return) vendor names (#10336) * Added COMPOSER_NO_DEV environment variable to set the --no-dev flag (#10262) * Fixed archive command to behave more like git archive, gitignore/hgignore are not taken into account anymore, and gitattributes support was improved (#10309) * Fixed unlocking of replacers when a replaced package is unlocked (#10280) * Fixed auto-unlocked path repo packages also unlocking their transitive deps when -w/-W is used (#10157) * Fixed handling of recursive package links (e.g. requiring or replacing oneself) * Fixed env var reads to check $_SERVER and $_ENV before getenv for broader ecosystem compatibility (#10218) * Fixed archive command to produce archives with files sorted by name (#10274) * Fixed VcsRepository issues where server failure could cause missing tags/branches (#10319) * Fixed some error reporting issues (#10283, #10339)- Use update-alternatives - Update to 2.1.14 * Fixed invalid release build (2.1.13 was deleted as invalid) * Removed symfony/console ^6 support as we cannot be compatible until Composer 2.3.0 is released. If you have issues with Composer required as a dependency + Symfony make sure you stay on Symfony 5.4 for now. (#10321)- Obsoletes php-composer (version 1.x) - Update to 2.1.12 * Fixed issues in proxied binary files relying on __FILE__ / __DIR__ on php <8 (#10261) * Fixed 9999999-dev being shown in some cases by the show command (#10260) * Fixed GitHub Actions output escaping regression on PHP 8.1 (#10250) - Update to 2.1.11 * Fixed issues in proxied binary files when using declare() on php <8 (#10249) * Fixed GitHub Actions output escaping issues (#10243) - Update to 2.1.10 * Added type annotations to all classes, which may have an effect on CI/static analysis for people using Composer as a dependency (#10159) * Fixed CurlDownloader requesting gzip encoding even when no gzip support is present (#10153) * Fixed regression in 2.1.6 where the help command was not working for plugin commands (#10147) * Fixed warning showing when an invalid cache dir is configured but unused (#10125) * Fixed require command reverting changes even though dependency resolution succeeded when something fails in scripts for example (#10118) * Fixed require not finding the right package version when some newly required extension is missing from the system (#10167) * Fixed proxied binary file issues, now using output buffering (e1dbd65) * Fixed and improved error reporting in several edge cases (#9804, [#10136], #10163, #10224, #10209) * Fixed some more Windows CLI parameter escaping edge cases - Update to 2.1.9 * Security: Fixed command injection vulnerability on Windows (GHSA-frqg-7g38-6gcf / CVE-2021-41116) * Fixed classmap parsing with a new class parser which does not rely on regexes anymore (#10107) * Fixed inline git credentials showing up in output in some conditions (#10115) * Fixed support for running updates while offline as long as the cache contains enough information (#10116) * Fixed show --all foo/bar which as of 2.0.0 was not showing all versions anymore but only the installed one (#10095) * Fixed VCS repos ignoring some versions silently when the API rate limit is reached (#10132) * Fixed CA bundle to remove the expired Let's Encrypt root CA- requires php-mbstring [bnc#1187416]- Update to 2.1.8 Fixed regression in 2.1.7 when parsing classmaps in files containing invalid Unicode (gh#composer/composer#10102) - Update to 2.1.7 * Added many type annotations internally, which may have an effect on CI/static analysis for people using Composer as a dependency. This work will continue in following releases * Fixed regression in 2.1.6 when parsing classmaps with empty heredocs (gh#composer/composer#10067) * Fixed regression in 2.1.6 where list command was not showing plugin commands (gh#composer/composer#10075) * Fixed issue handling package updates where the package type changed (gh#composer/composer#10076) * Fixed docker being detected as WSL when run inside WSL (gh#composer/composer#10094) - Update to 2.1.6 * Updated internal PHAR signatures to be SHA512 instead of SHA1 * Fixed uncaught exception handler regression (gh#composer/composer#10022) * Fixed more PHP 8.1 deprecation warnings (gh#composer/composer#10036, gh#composer/composer#10038, gh#composer/composer#10061) * Fixed corrupted zips in the cache from blocking installs until a cache clear, the bad archives are now deleted automatically on first failure (gh#composer/composer#10028) * Fixed URL sanitizer handling of new github tokens (gh#composer/composer#10048) * Fixed issue finding classes with very long heredocs in classmap autoload (gh#composer/composer#10050) * Fixed proc_open being required for simple installs from zip, as well as diagnose (gh#composer/composer#9253) * Fixed path repository bug causing symlinks to be left behind after a package is uninstalled (gh#composer/composer#10023) * Fixed issue in 7-zip support on windows with certain archives (gh#composer/composer#10058) * Fixed bootstrapping process to avoid loading the composer.json and plugins until necessary, speeding things up slightly (gh#composer/composer#10064) * Fixed lib-openssl detection on FreeBSD (gh#composer/composer#10046) * Fixed support for ircs:// protocol for support.irc composer.json entries- Require php-curl as Composer strongly recommends this.- Update to 2.1.5 Mostly bugfixes. See https://github.com/composer/composer/releases for details.- Version 2.0.2 * Fixed regression handling composer show -s in projects where no version can be guessed from VCS * Fixed regression handling partial updates/require when a lock file was missing * Fixed interop issue with plugins that need to update dist URLs of packages - Version 2.0.1 * Fixed crash on PHP8 - Version 2.0.0 * Breaking: This is a major release and while we tried to keep things compatible for most users, you might want to have a look at the UPGRADE guides * Many CPU and memory performance improvements * The update command is now much more deterministic as it does not take the already installed packages into account * Package installation now performs all network operations first before doing any changes on disk, to reduce the chances of ending up with a partially updated vendor dir * Partial updates and require/remove are now much faster as they only load the metadata required for the updated packages * Added a platform-check step when vendor/autoload.php gets initialized which checks the current PHP version/extensions match what is expected and fails hard otherwise. Can be disabled with the platform-check config option * Added a Composer\InstalledVersions class which is autoloaded in every project and lets you check which packages/versions are present at runtime * Added a composer-runtime-api virtual package which you can require (as e.g. ^2.0) to ensure things like the InstalledVersions class above are present. It will effectively force people to use Composer 2.x to install your project * Added support for parallel downloads of package metadata and zip files, this requires that the curl extension is present and we thus strongly recommend enabling curl * Added parallel installation of packages (requires OSX/Linux/WSL, and that unzip is present in PATH) * Added much clearer dependency resolution error reporting for common error cases * Added support for updating to a specific version with partial updates, as well as a --with flag to pass in temporary constraint overrides * Added automatic removal of packages which are not required anymore whenever an update is done, this will purge packages previously left over by partial updates and require/remove * Added support for TTY mode on Linux/OSX/WSL so that script handlers now run in interactive mode * Added only, exclude and canonical options to all repositories, see repository priorities for details * Added support for many new lib-* packages in the platform repository and improved version detection for some ext-* and lib-* packages * Added pre-operations-exec event to be fired before the packages get installed/upgraded/removed * Added pre-pool-create event to be fired before the package pool for the dependency solver is created, which lets you modify the list of packages going in * Added post-file-download event to be fired after package dist files are downloaded, which lets you do additional checks on the files * Added --locked flag to show command to see the packages from the composer.lock file * Added --unused flag to remove command to make sure any packages which are not needed anymore get removed * Added --dry-run flag to require and remove commands * Added --no-install flag to update, require and remove commands to disable the install step and only do the update step (composer.lock file update) * Added an --ask flag to create-project command to make Composer prompt for the install dir name, useful for project install instructions * Added support for multiple --repository flags being passed into the create-project command, only useful in combination with - -add-repository to persist them to composer.json * Added --with-dependencies and --with-all-dependencies flag aliases to require and remove commands for consistency with update * Added shorthand aliases -w for --with-dependencies and -W for - -with-all-dependencies on update/require/remove commands * Added more info to vendor/composer/installed.json, a dev key stores whether dev requirements were installed, and every package now has an install-path key with its install location * Added COMPOSER_DISABLE_NETWORK which if set makes Composer do its best to run offline. This can be useful when you have poor connectivity or to do benchmarking without network jitter * Added COMPOSER_DEBUG_EVENTS=1 env var support for plugin authors to figure out which events are triggered when * Added setCustomCacheKey to PreFileDownloadEvent and fixed a cache bug for integrations changing the processed url of package archives * Added Composer\Util\SyncHelper for plugin authors to deal with async Promises more easily * Added $composer->getLoop()->getHttpDownloader() to get access to the main HttpDownloader instance in plugins * Added --json and --merge flags to config command to allow editing complex extra.* values by using json as input * Added confirmation prompt when running Composer as superuser in interactive mode * Added --no-check-version to validate command to remove the warning in case the version is defined * Added --ignore-platform-req (without s) to all commands supporting - -ignore-platform-reqs, which accepts a package name so you can ignore only specific platform requirements * Added --no-dev support to show and outdated commands to skip dev requirements * Added --format=summary flag to license command * Added a cache-read-only config option to make the cache usable in read only mode for containers and such * Added support for wildcards (*) in classmap autoloader paths * Added support for configuring GitLab deploy tokens in addition to private tokens, see gitlab-token * Added support for package version guessing for require and init command to take all platform packages into account, not just php version * Added support for tar in artifact repositories * Added a non-zero exit code (2) and warning to remove command when a package to be removed could not be removed * Added --apcu-autoloader-prefix (or --apcu-prefix for dump-autoload command) flag to let people use apcu autoloading in a deterministic output way if that is needed * Fixed package ordering when autoloading and especially when loading plugins, to make sure dependencies are loaded before their dependents * Fixed suggest output being very spammy, it now is only one line long and shows more rarely * Fixed conflict rules like e.g. >=5 from matching dev-master, as it is not normalized to 9999999-dev internally anymore * Fixed solver bug resulting in endless loops in some cases * Lots of minor bug fixes and improvements/bin/sh/bin/shphp-composerh04-ch1c 17183664412.2.32.2.32.2.3-150400.3.12.12.2.32.2.32.2.3composercomposercomposer2php-composer2LICENSE/etc/alternatives//usr/bin//usr/share/licenses//usr/share/licenses/php-composer2/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:34331/SUSE_SLE-15-SP4_Update/f2e7be47927dc5c0727ea111f292e133-php-composer2.SUSE_SLE-15-SP4_Updatedrpmxz5noarch-suse-linuxcannot open `/home/abuild/rpmbuild/BUILDROOT/php-composer2-2.2.3-150400.3.12.1.x86_64/etc/alternatives/composer' (No such file or directory)a /usr/bin/env php script executable (binary data)directoryASCII textReu|:utf-82b18b1e5929919ea7a23a276e2bb32f2de9e3db105dda8779b57325431131d9e?7zXZ !t/$ ]"k%:>4- zu:Wrvh~uʓAuۉԤCBŃ3oW,0cx$}'BGhBz7 /N4j]$ L4=KLTAofQ`L8D];{VGiz].+~ n>nDs "L/=4ץNLGk3b`2u^gPcu>GZ3l0h&PQVANJb*{!n#eᖟ|eƧso?ףd3ӴʰdQA}:1= 얷 sh t޶|}CB8ƒ8c`WIX}j(]6"Thň4 繜`XBXs8)|Jr9ϹycL5+;RSҥ+/ixlJUS/ ȱSy/ Vx.y c&;LMJmr7 e(pOت;\@y IQTi~Y=DD@^B\ދꟼ'[ml\ PM$;6$)h!#Jx؞g򜰋 DY85q6֭x?HNV Brކ8oW+ܶ%qa?lyyZ~od\ M%x[[@)d ,C_m6U zpOq]Y cv'\~7^&^CQTuWk-t֍y$.l>:; g)LǞ؝;hU^{XJONF(^} I446b jEMYD]kz9XK7z1mя[źI흜{2,W$,bPe#E#-T2qVF3o? B.B^vys6}kg q5YLD0pF&Fso>&0נ~$J~ Պ|:P@U d\rs1`ht,n ߎվ-עnw$:?dD?Vo"Zc'O ^('S8+TDzΨؾlH4ϧ.4Q?X[تTeg^3OTufc-eT}ҌiLw 9 9'TMImW ZIU ܷyfQ3C+"E p?m {$k{xC߷j. .<2^1}Zg%r˒*ɲn%܁w]/~]pQHeyԪ (},&&q%GZ~vU.9vE41_6M./7dXtnhOΪvېMVR ip߬8@4ǯM,WͰ%?—8 =,8bV~Gj10Փ('ިslv:e4T[T>X#¸听/`jAt}^O='pHʺC$K[ѭ[CwIjL)(^EqH6-A`>k[ E+-nw1>mL]\HjSvЊŬ;y>qJOES޵sTtETPehSŎ P$HHрG?>m[|9-٧0ܭ8o .eBV}">(m?3j:5]g>|#Սێh:q=<ŹXBj!5foA\O@{S?WDcն^BMr9G_A0g/ Q(ZBќ0'G)o>=;P$jdВ'^1gxKxs,\@q*~lj7YSN^P&weoaZE9MdHP?ѤG ?ی&ik,9Əj0\z8f,|%yA<5cmg.,rM9k 9䒵9ƭwV:Xjt6/G;6TbId*W?d(T96],u*c!Ӭ~av-#8U4S0[ű\}κܤw|?%‰IRjI0 YZ