Update composer/composer requirement from ^1.10.23 || ~2.2.17 to ^2.5.4

[dependabot]

Updates the requirements on composer/composer to permit the latest version.

Release notes

Sourced from composer/composer's releases.

2.5.4

• Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318)

Changelog

Sourced from composer/composer's changelog.

[2.5.4] 2023-02-15

• Fixed extra.plugin-optional support in PluginInstaller when doing pre-install checks (#11318)

[2.5.3] 2023-02-10

• Added extra.plugin-optional support for allow auto-disabling unknown plugins which are not critical when running non-interactive (#11315)

[2.5.2] 2023-02-04

• Added warning when require auto-selects a feature branch as that is probably not desired (#11270)
• Fixed self.version requirements reporting lock file integrity errors when changing branches (#11283)
• Fixed require regression which broke the --fixed flag (#11247)
• Fixed security audit reports loading when exclude/only filter rules are used on a repository (#11281)
• Fixed autoloading regression on PHP 5.6 (#11285)
• Fixed archive command including an existing archive into itself if run repeatedly (#11239)
• Fixed dev package prompt in require not appearing in some conditions (#11287)

[2.5.1] 2022-12-22

• Fixed ClassLoader regression which made it fail if serialized (e.g. within PHPUnit process isolation) (#11237)
• Fixed preg type error in svn version guessing (#11231)

[2.5.0] 2022-12-20

• BC Warning: To prevent abuse of our includeFile() function it is now gone, it was not part of the official API but may still cause issues if some code incorrectly relied on it (#11015)
• Improved version guessing of require command to use the dependency resolution result instead of using the latest available version (except if you run with --no-update) (#11160)
• Improved version selection in archive command (#11230)
• Added autocompletion of config option names in the config command (#11130)
• Added support for writing custom commands as Command classes (#11151)
• Added hard failure when installing from a lock file which does not satisfy the composer.json requirements (#11195)
• Added warning when the outdated command rejects a new package due to unmet platform requirements (#11113)
• Added support for bump command to bump >=x to >=installed-version (#11179)
• Added --download-only flag to install command to only download and prime the cache with the package archives (#11041)
• Added autoconfiguration of github-domains/gitlab-domains when GitHub/GitLab credentials are configured for a custom domain (#11062)
• Added hard failure (throw) if COMPOSER_AUTH is present and malformed JSON (#11085)
• Added interactive prompt to run-script and exec commands if run without any argument (#11157)
• Added interactive prompt where to store credentials when a project-local auth.json exists (#11188)
• Fixed full disk warning to be shown when less than 100MiB is available (#11190)
• Fixed cache keys to allow _ to avoid conflicts between package names like a-b and a_b (#11229)
• Fixed docker compatibility by making paths more portable even if the project is installed at / (#11169)

[2.4.4] 2022-10-27

• Added extra debug output when a zip extraction fails while on GitHub Actions (#11148)
• Fixed cache write failures when the cache dir gets removed during a composer run (#11076)
• Fixed 2.4.3 regression in loading Composer on SMB/network shares (#11077)
• Fixed --dry-run flag missing from bump command (#11047)
• Fixed status command reporting differences when the source ref is a tag (#11155)
• Fixed outdated command outputting legend on stdout instead of stderr

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[stefanfisk]

@danielbachhuber may I ask why you are using ~2.2.17? Not being able to install 2.5.4 is currently blocking me from upgrading a bunch of deps in several projects.

[danielbachhuber]

@stefanfisk We haven't gotten around to making the necessary changes for ~2.5 support.

I created an issue for it, if you'd like to dig in a bit: #172