Update dependency composer/composer to v2.6.1 (main)

[renovate]

This PR contains the following updates:

Package	Update	Change
composer/composer	minor	2.5.8 -> 2.6.1

---

Release Notes

composer/composer (composer/composer)

v2.6.1

Compare Source

• Reverted "Fixed executability of non-php binaries which are not marked executable (#​11557)" which caused a regression (#​11612)

v2.6.0

Compare Source

• Added audit.ignore config setting to ignore security advisories by id or CVE id (#​11556, #​11605)
  • Added rm alias to the remove command (#​11367)
  • Added runtime platform check to verify the php-64bit requirement is met (#​11334)
  • Added platform package detection for lib-pq-libpq and lib-rdkafka-librdkafka (#​11418)
  • Added --dry-run to dump-autoload command to allow running --strict-psr checks without modifying the filesystem (#​11608)
  • Added support for bumping patch level in ~1.2.3 constraints (#​11590)
  • Added prompt in require if the package name is not found but similar ones exist (#​11284)
  • Added support for env vars and ~ in repository paths for vcs and artifact repositories (#​11453)
  • Added support for local directory paths for repositories of type composer (#​11526)
  • Added links to package homepages in why/why-not command output (#​11308)
  • Added a security key to the support key of composer.json to set the URL to the vulnerability disclosure policy (#​11271)
  • Added support for gathering security advisories from multiple repositories for a single package (#​11436)
  • Fixed install and update exit code to be non-zero if the post-install security audit failed (#​11362)
  • Fixed binary proxies causing scripts inspecting $_SERVER['SCRIPT_NAME'] to detect them, they are now more transparent (#​11562)
  • Fixed executability of non-php binaries which are not marked executable (#​11557)
  • Fixed mtime modification of the vendor dir to only happen when packages are modified, and not require lock file modification to happen (#​11593)
  • Fixed create-project using the wrong composer.json file if one was set via the COMPOSER env var (#​11493)
  • Fixed json editing to preserve indentation when updating json files (#​11390)
  • Fixed handling of broken junctions on windows (#​11550)
  • Fixed parsing of lib-curl-openssl version with OSX SecureTransport (#​11534)
  • Fixed svn repo parsing in some edge cases (#​11350)
  • Fixed handling of archive URLs without file extension (#​11520)
  • Performance improvement in pool optimization step (#​11449, #​11450)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.