Alessandro LaiNov 14
Jordi Boggiano

Composer 2.9 is here! 🚀 It automatically blocks packages with known vulnerabilities, has a new repository command to manage repos from the CLI, and lots more!

Read the full announcement: https://blog.packagist.com/composer-2-9/
#composerphp #phpc #PHP

Composer 2.9 Release

We are pleased to announce the release of Composer 2.9.0, bringing improvements to security, repository management from the CLI, and lots more. Automatic Security Blocking Composer now automatically blocks updates to packages with known security advisories. This protection is enabled by default and prevents you from accidentally updating

Private Packagist
Nov 13 at 10:22amWeb
Show threadSebastian Bergmann Nov 13
@seldaek Thank you!
Show threadIan.HNov 13

@seldaek This is awesome! Been using roave/security-advisories for ages, but having this built-in and the ability to ignore an issue (temporarily!) is even better.

Case-in-hand.. we have a pinned package due to a breaking change in a patch update(!) for PDF generation, but as we handle all data internally, the actual vuln doesn't affect us.. this gives us the ability to plan the update better.

Great work composer team! 💪🏻😃

Show threadJoseph Leedy Nov 13
@seldaek thank to you and your team for all your hard work! 👏🏽
Show threadLarry GarfieldNov 13

@seldaek Ay carumba! The vulnerability feature is cool, but I'm more impressed by the lockerge conflict support. I have been bitten by that so many times!

Great work, Team Composer!

Show threadAlessandro LaiNov 14
@Crell @seldaek me too! I learned through the years how to come out of that leveraging git, but I lost count of how many times I had to help colleagues do the same... Having Composer handling this automatically feels like magic!
Show threadmarkus staabNov 13
@seldaek thank you 🙏
Show threadAlerta! Alerta!Nov 13
@seldaek Nice! Thanks for the Codeberg-support 😁