Bump composer/composer from 1.9.0 to 2.0.11

[dependabot-preview]

Bumps composer/composer from 1.9.0 to 2.0.11.

Release notes

Sourced from composer/composer's releases.

2.0.11

• Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected

2.0.10

• Added COMPOSER_MAX_PARALLEL_HTTP env var to let people set a lower amount of parallel requests if needed
• Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
• Fixed exec command suppressing output in some circumstances
• Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
• Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
• Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
• Fixed regression handling some private Bitbucket repository clones
• Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
• Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
• Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
• Fixed support for older lib-sodium versions
• Fixed various minor issues

2.0.9

• Added warning if the curl extension is not enabled as it significantly degrades performance
• Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
• Fixed download speed when downloading large files
• Fixed archive and path repo copies mishandling some .gitignore paths
• Fixed root package classes not being available to the plugins/scripts during the initial install
• Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
• Fixed preg jit issues when config or require modifies large composer.json files
• Fixed compatibility with envs having open_basedir restrictions
• Fixed exclude-from-classmap causing regex issues when having too many paths
• Fixed compatibility issue with Symfony 4/5
• Several small performance and debug output improvements

2.0.8

• Fixed packages with aliases not matching conflicts which match the alias
• Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
• Fixed curl error handling edge cases
• Fixed cached git repositories becoming stale by having a git gc applied to them periodically
• Fixed issue initializing plugins when using dev packages
• Fixed update --lock / mirrors failing to update in some edge cases
• Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

2.0.7

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
• Fixed root aliases not being present in lock file if not required by anything else
• Fixed remove command requiring a lock file to be present
• Fixed Composer\InstalledVersions to always contain up to date data during installation
• Fixed status command breaking on slow networks
• Fixed order of POST_PACKAGE_* events to occur together once all installations of a package batch are done

2.0.6

• Fixed regression in 2.0.5 dealing with custom installers which do not pass absolute paths

... (truncated)

Changelog

Sourced from composer/composer's changelog.

[2.0.11] 2021-02-24

• Reverted "Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones" as it caused more problems than expected

[2.0.10] 2021-02-23

• Added COMPOSER_MAX_PARALLEL_HTTP to let people set a lower amount of parallel requests if needed
• Fixed autoloader registration when plugins are loaded, which may impact plugins relying on this bug (if you use symfony/flex make sure you upgrade it to 1.12.2+ to fix dump-env issues)
• Fixed exec command suppressing output in some circumstances
• Fixed Windows/cmd.exe support for script handlers defined as path/to/foo, which are now rewritten internally to path\to\foo when needed
• Fixed bin handling on Windows for PHP scripts, to more closely match symlinks and allow @php vendor/bin/foo to work cross-platform
• Fixed Git for Windows/Git Bash not being detected correctly as an interactive shell (regression since 2.0.7)
• Fixed regression handling some private Bitbucket repository clones
• Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as possible
• Fixed runtime autoloader registration (for plugins and script handlers) to prefer the project dependencies over the bundled Composer ones
• Fixed numeric default branches being aliased as 9999999-dev internally. This alias now only applies to default branches being non-numeric (e.g. dev-main)
• Fixed support for older lib-sodium versions
• Fixed various minor issues

[2.0.9] 2021-01-27

• Added warning if the curl extension is not enabled as it significantly degrades performance
• Fixed InstalledVersions to report all packages when several vendor dirs are present in the same runtime
• Fixed download speed when downloading large files
• Fixed archive and path repo copies mishandling some .gitignore paths
• Fixed root package classes not being available to the plugins/scripts during the initial install
• Fixed cache writes to be atomic and better support multiple Composer processes running in parallel
• Fixed preg jit issues when config or require modifies large composer.json files
• Fixed compatibility with envs having open_basedir restrictions
• Fixed exclude-from-classmap causing regex issues when having too many paths
• Fixed compatibility issue with Symfony 4/5
• Several small performance and debug output improvements

[2.0.8] 2020-12-03

• Fixed packages with aliases not matching conflicts which match the alias
• Fixed invalid reports of uncommitted changes when using non-default remotes in vendor dir
• Fixed curl error handling edge cases
• Fixed cached git repositories becoming stale by having a git gc applied to them periodically
• Fixed issue initializing plugins when using dev packages
• Fixed update --lock / mirrors failing to update in some edge cases
• Fixed partial update with --with-dependencies failing in some edge cases with some nonsensical error

[2.0.7] 2020-11-13

• Fixed detection of TTY mode, made input non-interactive automatically if STDIN is not a TTY
• Fixed root aliases not being present in lock file if not required by anything else
• Fixed remove command requiring a lock file to be present
• Fixed Composer\InstalledVersions to always contain up to date data during installation
• Fixed status command breaking on slow networks

... (truncated)

Commits

• a5a5632 Release 2.0.11
• c201dc3 Update changelog
• 7c910e6 Revert autoload order fix, force bundled dependencies to be used over local d...
• d6d4069 Try to fix windows CI again
• 06ef815 Quote caret to avoid issues with cmd.exe
• bbd8793 Make sure we always pass a string to strtoupper
• e157079 Bump CI versions
• 3bb10f2 Update changelog
• 2597e19 Merge remote-tracking branch 'Sweetchuck/i9703-event-dispatcher-last-winner'
• d855986 Also allow backslashes to work on cmd.exe for plain executable paths, fixes #...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

Superseded by #103.