* [core] replace everything except bridge name to get a valid whitelist.txt
* [core] do not use hard code repository name to improve working with forks
* [core] trim bridge names from whitelist.txt to reduce chance of failure
The fix in 66568e3a39 prevented an error
when installing phpcompatibility/php-compatibility but there was still
a warning before that when installing dealerdirect/phpcodesniffer-composer-installer.
With Composer 2.3.9, this is now an error too, so we need to move
the config change before that: https://getcomposer.org/changelog/2.3.9
> For additional security you should declare the allow-plugins config with a list of packages names that are allowed to run code. See https://getcomposer.org/allow-plugins
> You have until July 2022 to add the setting. Composer will then switch the default behavior to disallow all plugins.
Oops, it is July now.
Now that we dropped support for deprecated PHP versions,
we can use the same PHPUnit version on all supported PHP version.
Let’s install it as a Composer dependency to have the same
PHPUnit version on the CI as on developers’ computers.
We do not release stable tags often. To avoid using `latest`, for instance in Kubernetes manifests, this change allows to reference a repository commit. This way it is easy to lock image to a specific commit, and try and rollback if a change to a newer commit brings regressions.