Bump composer/composer from 2.8.4 to 2.8.5

[dependabot]

Bumps composer/composer from 2.8.4 to 2.8.5.

Release notes

Sourced from composer/composer's releases.

2.8.5

• Added build provenance attestation so you can also now download and verify phar files from GitHub releases:

  gh release --repo composer/composer download --pattern composer.phar
  gh attestation verify --repo composer/composer composer.phar
  

• Fixed unsupported funding values causing parse errors in packages (#12247)

• Fixed support for a few newer funding formats (#12257)

• Fixed InstalledVersions regression from 2.8.4 when reload() is used (#12269)

• Fixed psr-0/psr-4 rules having unstable order in vendor/composer/autoload*.php (#12263)

• Fixed a few warnings happening incorrectly in edge cases (#12284, #12268, #12283)

Full Changelog: composer/composer@2.8.4...2.8.5

Changelog

Sourced from composer/composer's changelog.

[2.8.5] 2025-01-21

• Added build provenance attestation so you can also now download and verify phar files from GitHub releases:

  gh release --repo composer/composer download --pattern composer.phar
  gh attestation verify --repo composer/composer composer.phar
  

• Fixed unsupported funding values causing parse errors in packages (#12247)

• Fixed support for a few newer funding formats (#12257)

• Fixed InstalledVersions regression from 2.8.4 when reload() is used (#12269)

• Fixed psr-0/psr-4 rules having unstable order in vendor/composer/autoload*.php (#12263)

• Fixed a few warnings happening incorrectly in edge cases (#12284, #12268, #12283)

Commits

• ae208dc Release 2.8.5
• a0fa616 Update changelog
• 885dd9b Update deps
• 30e5825 Merge pull request #12266 from Seldaek/copy_src_to_dist_ref
• 0626efa Merge pull request #12269 from Seldaek/fix_installed_regr
• d2cd6de Add workaround for InstalledVersion to ensure we always run last version
• f12d2f5 Merge pull request #12284 from Seldaek/init_validate_name
• ee6dc33 Fix regression from #12233 in InstalledVersions when reload is used, fixes #1...
• 8d8f4e8 Sanitize guessed name and vendor name before suggesting it in init command, f...
• d9a158d Merge pull request #12268 from Seldaek/suppress_dev_hint_on_global
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud