composer (1.2.2-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Add patch to fix CVE-2021-29472.
    - Security: Fixed command injection vulnerability.
      Fix external process calls to avoid user input being
      able to pass extra parameters in HgDriver/HgDownloader
      and hardened other VCS drivers and downloaders.
      (GHSA-h5h8-pc6h-jvvx)

 -- Utkarsh Gupta <utkarsh@debian.org>  Mon, 10 May 2021 03:14:19 +0530

composer (1.2.2-1) unstable; urgency=medium

  [ Calin Marian ]
  * Urlencode Gitlab project names

  [ Jordi Boggiano ]
  * Release 1.2.2

  [ Fabien Potencier ]
  * Fix POST_DEPENDENCIES_SOLVING trigger

 -- David Prévot <taffit@debian.org>  Fri, 11 Nov 2016 13:46:46 -0930

composer (1.2.1-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.2.1

  [ bohwaz ]
  * Add Fossil support to Composer

  [ David Prévot ]
  * Suggest fossil now supported upstream

 -- David Prévot <taffit@debian.org>  Thu, 20 Oct 2016 15:59:09 -1000

composer (1.1.3-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.1.3

 -- David Prévot <taffit@debian.org>  Thu, 30 Jun 2016 13:28:36 -0400

composer (1.1.2-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.1.2

 -- David Prévot <taffit@debian.org>  Wed, 01 Jun 2016 12:38:57 -0400

composer (1.1.1-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.1.1

 -- David Prévot <taffit@debian.org>  Tue, 17 May 2016 19:02:30 -0400

composer (1.1.0-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Use extracted ca-bundle package
  * Release 1.1.0

  [ Jérémy Derussé ]
  * Allow plugins to register commands

  [ Nicolas Grekas ]
  * Speedup autoloading on PHP 5.6 & 7.0+ using static arrays

  [ David Prévot ]
  * Revert "Track stable releases"
  * Adapt to php-composer-ca-bundle split
  * Adapt to php-psr-log dependency

 -- David Prévot <taffit@debian.org>  Wed, 11 May 2016 14:06:31 -0400

composer (1.0.3-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Release 1.0.3

  [ Derek Marcotte ]
  * fix command injection from the environment when run as root

  [ David Prévot ]
  * Track stable releases

 -- David Prévot <taffit@debian.org>  Fri, 29 Apr 2016 21:37:47 -0400

composer (1.0.2-1) unstable; urgency=medium

  [ David Prévot ]
  * Demote mercurial to Suggests, add subversion too (Closes: #820336)
  * Update Standards-Version to 3.9.8

  [ Jordi Boggiano ]
  * Release 1.0.2

 -- David Prévot <taffit@debian.org>  Thu, 21 Apr 2016 20:28:27 -0400

composer (1.0.0-1) unstable; urgency=medium

  [ Paul Wenke ]
  * Developed bitbucket-oauth functionality.

  [ Jordi Boggiano ]
  * Mark failed downloads as failed instead of 100% complete, fixes #5111
  * Release 1.0.0

  [ Niels Keurentjes ]
  * Clobber sudo credentials to prevent careless privilege escalations.

  [ Andrii Vasyliev ]
  * add getter for global composer

  [ Tom Klingenberg ]
  * Skip non-empty directories in zip generation

 -- David Prévot <taffit@debian.org>  Wed, 06 Apr 2016 12:51:49 -0400

composer (1.0.0~beta2-1) unstable; urgency=medium

  [ Barry vd. Heuvel ]
  * Make remove with dependencies default

  [ Haralan Dobrev ]
  * List project suggestions in create-project command

  [ Jordi Boggiano ]
  * Add conflict detection in why-not, fixes #5013
  * Add support for SSL_CERT_DIR and openssl.capath, fixes #5017
  * Update license to 2016
  * Change installs into updates if there is no lock file, fixes #5034
  * Add update channels support to self-update and diagnose, fixes #4960
  * Release 1.0.0-beta2

  [ Steve Langasek ]
  * Add xz-utils as test dependency (Closes: #818644)

  [ David Prévot ]
  * Update copyright (year)

 -- David Prévot <taffit@debian.org>  Mon, 28 Mar 2016 23:00:38 -0400

composer (1.0.0~beta1-1) unstable; urgency=medium

  [ Jan Prieser ]
  * added ZipArchiver to actually compress zip files

  [ hfcorriez ]
  * Support compress tar.gz and tar.bz2 archiver

  [ Henrik Bjørnskov ]
  * Initial GitLab Driver

  [ Pierre Rudloff ]
  * XzDownloader test

  [ Jordi Boggiano ]
  * Only list tree of packages required by root and not every installed
    package individually, refs #2600
  * Disable git, svn, http protocols for VCS downloaders, fixes #4968
  * Release 1.0.0-beta1

  [ Niels Keurentjes ]
  * Implemented Prohibits and Depends correctly now.

  [ Davey Shafik ]
  * Add `composer exec` command

  [ David Prévot ]
  * d/control: Workaround for OR-ed versions
  * Use system cacert.pem instead of embedded one
  * Update copyright
  * Build with recent pkg-php-tools for the PHP 7.0 transition
  * Use now split php-mbstring and php-zip for the tests

 -- David Prévot <taffit@debian.org>  Wed, 09 Mar 2016 21:14:43 -0400

composer (1.0.0~alpha11-3) unstable; urgency=medium

  * Composer Cache Injection vulnerability fix [CVE-2015-8371]

 -- David Prévot <taffit@debian.org>  Sun, 14 Feb 2016 15:24:51 -0400

composer (1.0.0~alpha11-2) unstable; urgency=medium

  * Fix tests for justinrainbow/json-schema 1.6 (Closes: #810771)
  * Update Standards-Version to 3.9.7

 -- David Prévot <taffit@debian.org>  Wed, 03 Feb 2016 16:02:51 -0400

composer (1.0.0~alpha11-1) unstable; urgency=medium

  [ Rob Bast ]
  * remove spdx files, introduce external library
  * add semver, deprecated existing classes

  [ Jordi Boggiano ]
  * Release 1.0.0-alpha11

  [ Remi Collet ]
  * ignore this test with 'jsonc'
  * fix for changes in justinrainbow/json-schema 1.4.4

  [ David Prévot ]
  * Update copyright
  * Update packaging to new dependencies

 -- David Prévot <taffit@debian.org>  Wed, 18 Nov 2015 17:27:46 -0400

composer (1.0.0~alpha10+20150602-2) unstable; urgency=medium

  * Fix for changes in php-json-schema 1.4.4 (Closes: #799765)

 -- David Prévot <taffit@debian.org>  Fri, 23 Oct 2015 19:05:52 -0400

composer (1.0.0~alpha10+20150602-1) unstable; urgency=medium

  [ David Prévot ]
  * Use php-cli-prompt instead of embed seld/cli-prompt copy

 -- David Prévot <taffit@debian.org>  Tue, 02 Jun 2015 15:19:36 -0400

composer (1.0.0~alpha10+20150511-1) unstable; urgency=medium

  [ Jordi Boggiano ]
  * Spaces are now equivalent to comma in constraints and mean AND
  * Add support for capital X in 3.X and || for OR
  * Add support for hyphen ranges
  * Add support for caret (^) operator
  * Use external lib for hidden cli prompting

  [ AQNOUCH Mohammed ]
  * Updated copyright to 2015

  [ David Prévot ]
  * Provide homemade static autoload.php
  * Rely on recent symfony package for the static autoload.php
  * Update homepage
  * Update copyright (year)
  * Embed seld/cli-prompt copy until php-cli-prompt gets processed out of new

 -- David Prévot <taffit@debian.org>  Sun, 24 May 2015 10:05:07 -0400

composer (1.0.0~alpha9+dfsg-1) unstable; urgency=low

  * Initial release (closes: #714118)

 -- David Prévot <taffit@debian.org>  Sun, 15 Feb 2015 18:47:27 -0400
