2.10.0 - released 2026-05-28

Changelog

BC Break / Security: Disabled automatic fallback to source checkout if dist/zip install fails, we have introduced a new source-fallback config option as a temporary way to restore the old behavior, but if you need this talk to us as we plan to remove it entirely in 2.11 (#12885)
BC Break: Minor break for audit consumers, the exit code is now always 0 (success) or 1 if anything failed the audit (#12881)
Security: Hardened output filtering of URLs to reduce chances of token leaks (#12882, #12886)
Security: Fixed handling of uppercase schemes in URL validation that might have allowed https requirement bypass (#12884)
Fixed audit command returning a success code when the vendor dir was not present (#12880)