Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: composer/composer
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2.9.1
Choose a base ref
...
head repository: composer/composer
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2.9.2
Choose a head ref
  • 18 commits
  • 40 files changed
  • 4 contributors

Commits on Nov 13, 2025

  1. Reverting release version changes

    @Seldaek
    Seldaek committed Nov 13, 2025
    Configuration menu
    Copy the full SHA
    04f7a81 View commit details
    Browse the repository at this point in the history

Commits on Nov 14, 2025

  1. New flags to disable/configure blocking (#12617) 

    * Add --no-security-blocking / COMPOSER_NO_SECURITY_BLOCKING env to disable security blocking
* Add COMPOSER_SECURITY_BLOCKING_ABANDONED to enable/disable audit.block-abandoned
* Move audit/auditFormat Installer configs into AuditConfig object
    @Seldaek
    Seldaek authored Nov 14, 2025
    Configuration menu
    Copy the full SHA
    eb6eaaf View commit details
    Browse the repository at this point in the history

  2. Add config command support for missing audit settings (#12609)

    @Seldaek
    Seldaek authored Nov 14, 2025
    Configuration menu
    Copy the full SHA
    f5854b1 View commit details
    Browse the repository at this point in the history

  3. Add a way to configure block and audit specific ignores 

    Fixes #12612
    @Seldaek
    Seldaek committed Nov 14, 2025
    Configuration menu
    Copy the full SHA
    8c73247 View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2025

  1. Bump actions/checkout from 5.0.0 to 5.0.1 (#12625) 

    Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...93cb6ef)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    b18d73b View commit details
    Browse the repository at this point in the history

  2. feat: allow ignoring cve of packages, fixes #12616 (#12622)

    @shyim
    shyim authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    632d1c3 View commit details
    Browse the repository at this point in the history

  3. Schema: clarify language on version blocking vs audit reports

    @naderman
    naderman committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    64bc9c9 View commit details
    Browse the repository at this point in the history

  4. Reword security audit and blocking config to clarify processes and re… 

    …lationships
    @naderman
    naderman committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    a8c16b6 View commit details
    Browse the repository at this point in the history

  5. Rename AuditConfig::$abandoned to AuditConfig::$auditAbandoned

    @naderman
    naderman committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    e76c43b View commit details
    Browse the repository at this point in the history

  6. Make block-abandoned a config option for insecure version blocking 

    It's no longer possible to filter abandoned packages without also
filtering insecure versions, this matches env handling and docs.
    @naderman
    naderman committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    b5bf0cf View commit details
    Browse the repository at this point in the history

  7. Merge branch 'main' into block_edits

    @Seldaek
    Seldaek authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    e64d1ff View commit details
    Browse the repository at this point in the history

  8. Include the new package names in the audit.ignore schema descriptions

    @Seldaek
    Seldaek authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    5b2692e View commit details
    Browse the repository at this point in the history

  9. Merge pull request #12618 from Seldaek/block_edits 

    Add a way to configure block- and audit-specific ignores in audit.ignore, audit.ignore-abandoned and audit.ignore-severity

Fixes #12612
    @Seldaek
    Seldaek authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    bfc0e31 View commit details
    Browse the repository at this point in the history

  10. Fix ignoring of CVE ids in security blocking 

    Also adds Advisory IDs in output of audit command

Fixes #12624
    @Seldaek
    Seldaek committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    59eb8e7 View commit details
    Browse the repository at this point in the history

  11. Merge pull request #12627 from Seldaek/audit_fix 

    Fix ignoring of CVE ids in security blocking
    @Seldaek
    Seldaek authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    f85f82d View commit details
    Browse the repository at this point in the history

  12. Fix partial updates failing when a locked package has security adviso… 

    …ries (#12626)

Fixes #12620

---------

Co-authored-by: Nils Adermann <[email protected]>
    @Seldaek @naderman
    Seldaek and naderman authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    98861c6 View commit details
    Browse the repository at this point in the history

  13. Update changelog

    @Seldaek
    Seldaek committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    a4fa0b5 View commit details
    Browse the repository at this point in the history

  14. Release 2.9.2

    @Seldaek
    Seldaek committed Nov 19, 2025
    Configuration menu
    Copy the full SHA
    8d5358f View commit details
    Browse the repository at this point in the history
Loading