xerc
diff --git a/‎.github/ISSUE_TEMPLATE.md
-33 b/‎.github/ISSUE_TEMPLATE.md
-33
diff --git a/‎.github/ISSUE_TEMPLATE/bug_report.md
+34 b/‎.github/ISSUE_TEMPLATE/bug_report.md
+34
diff --git a/‎.github/ISSUE_TEMPLATE/feature_request.md
+20 b/‎.github/ISSUE_TEMPLATE/feature_request.md
+20
diff --git a/‎.github/ISSUE_TEMPLATE/support-request---question.md
+34 b/‎.github/ISSUE_TEMPLATE/support-request---question.md
+34
diff --git a/‎.github/dependabot.yml
+1 b/‎.github/dependabot.yml
+1
diff --git a/‎.github/workflows/release.yml
+7 b/‎.github/workflows/release.yml
+7
diff --git a/‎CHANGELOG.md
+37 b/‎CHANGELOG.md
+37
diff --git a/‎bin/composer
+6-1 b/‎bin/composer
+6-1
@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+type: Bug
+assignees: ''
+
+---
+
+My `composer.json`:
+
+```json
+...replace me...
+```
+
+Output of `composer diagnose`:
+
+```
+...replace me...
+```
+
+When I run this command: <!-- run it with `-vvv` added to it ideally to get full debug output -->
+
+```
+...replace me...
+```
+
+I get the following output: <!-- FULL OUTPUT please, not just what you think is relevant -->
+
+```
+...replace me...
+```
+
+And I expected this to happen:
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+type: Feature
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
@@ -0,0 +1,34 @@
+---
+name: Support request / question
+about: Confused, looking for assistance, and you don't like GitHub Discussions?
+title: ''
+type: Support
+assignees: ''
+
+---
+
+My `composer.json`:
+
+```json
+...replace me...
+```
+
+Output of `composer diagnose`:
+
+```
+...replace me...
+```
+
+When I run this command: <!-- run it with `-vvv` added to it ideally to get full debug output -->
+
+```
+...replace me...
+```
+
+I get the following output: <!-- FULL OUTPUT please, not just what you think is relevant -->
+
+```
+...replace me...
+```
+
+And I expected this to happen:
@@ -4,3 +4,4 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    labels: []
@@ -15,6 +15,8 @@ jobs:
   build:
     permissions:
       contents: write # for actions/create-release to create a release
+      id-token: write # for actions/attest-build-provenance to create a attestation certificate
+      attestations: write # for actions/attest-build-provenance to upload the attestation
     name: Upload Release Asset
     runs-on: ubuntu-latest
     steps:
@@ -41,6 +43,11 @@ jobs:
       - name: Build phar file
         run: "php -d phar.readonly=0 bin/compile"
 
+      - name: Generate build provenance attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: '${{ github.workspace }}/composer.phar'
+
       - name: Create release
         id: create_release
         uses: actions/create-release@v1
 
@@ -1,3 +1,37 @@
+### [2.8.6] 2025-02-25
+
+  * Added `COMPOSER_WITH_DEPENDENCIES` and `COMPOSER_WITH_ALL_DEPENDENCIES` env vars to enable the `--with[-all]-dependencies` flags (#12289)
+  * Added `COMPOSER_SKIP_SCRIPTS` env var to tell Composer to skip certain script handlers by script names (comma separated) (#12290)
+  * Added error hint when Avast is detected together with curl certificate errors (#9894)
+  * Fixed handling of backslash in folder names when creating archives (#12327)
+  * Fixed detection of containerd for containers to avoid warning about root usage (#12299)
+
+### [2.8.5] 2025-01-21
+
+  * Added build provenance attestation so you can also now download and verify phar files from GitHub releases:
+
+        gh release --repo composer/composer download --pattern composer.phar
+        gh attestation verify --repo composer/composer composer.phar
+
+  * Fixed unsupported `funding` values causing parse errors in packages (#12247)
+  * Fixed support for a few newer funding formats (#12257)
+  * Fixed InstalledVersions regression from 2.8.4 when `reload()` is used (#12269)
+  * Fixed psr-0/psr-4 rules having unstable order in `vendor/composer/autoload*.php` (#12263)
+  * Fixed a few warnings happening incorrectly in edge cases (#12284, #12268, #12283)
+
+### [2.8.4] 2024-12-11
+
+  * Fixed exit code of the `audit` command not being meaningful (now 1 for vulnerabilities and 2 for abandoned, 3 for both) (#12203)
+  * Fixed issue on plugin upgrade when it defines multiple classes (#12226)
+  * Fixed duplicate errors appearing in the output depending on php settings (#12214)
+  * Fixed InstalledVersions returning duplicate data in some instances (#12225)
+  * Fixed installed.php sorting to be deterministic (#12197)
+  * Fixed `bump-after-update` failing when using inline constraints (#12223)
+  * Fixed `create-project` command to now disable symlinking when used with a path repo as argument (#12222)
+  * Fixed `validate --no-check-publish` to hide publish errors entirely as they are irrelevant (#12196)
+  * Fixed `audit` command returning a failing code when composer audit fails as this should not trigger build failures, but running audit as standard part of your build is probably a terrible idea anyway (#12196)
+  * Fixed curl usage to disable multiplexing on broken versions when proxies are in use (#12207)
+
 ### [2.8.3] 2024-11-17
 
   * Fixed windows handling of process discovery (#12180)
@@ -1960,6 +1994,9 @@
 
   * Initial release
 
+[2.8.6]: https://github.com/composer/composer/compare/2.8.5...2.8.6
+[2.8.5]: https://github.com/composer/composer/compare/2.8.4...2.8.5
+[2.8.4]: https://github.com/composer/composer/compare/2.8.3...2.8.4
 [2.8.3]: https://github.com/composer/composer/compare/2.8.2...2.8.3
 [2.8.2]: https://github.com/composer/composer/compare/2.8.1...2.8.2
 [2.8.1]: https://github.com/composer/composer/compare/2.8.0...2.8.1
 
@@ -42,7 +42,12 @@ if (!extension_loaded('iconv') && !extension_loaded('mbstring')) {
 }
 
 if (function_exists('ini_set')) {
-    @ini_set('display_errors', '1');
+    // check if error logging is on, but to an empty destination - for the CLI SAPI, that means stderr
+    $logsToSapiDefault = ('' === ini_get('error_log') && (bool) ini_get('log_errors'));
+    // on the CLI SAPI, ensure errors are displayed on stderr, either via display_errors or via error_log
+    if (PHP_SAPI === 'cli') {
+        @ini_set('display_errors', $logsToSapiDefault ? '0' : 'stderr');
+    }
 
     // Set user defined memory limit
     if ($memoryLimit = getenv('COMPOSER_MEMORY_LIMIT')) {