From 6a0238383ccf9d741ff628e20c22fe867b7e18df Mon Sep 17 00:00:00 2001 From: catch Date: Thu, 5 Oct 2023 22:09:12 +0100 Subject: [PATCH] Issue #3391991 by Spokje, longwave, greggles: Security update composer/composer (CVE-2023-43655) --- composer.json | 2 +- composer.lock | 33 ++++++++++--------- .../Metapackage/DevDependencies/composer.json | 2 +- .../PinnedDevDependencies/composer.json | 2 +- 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/composer.json b/composer.json index 4a843880264..3a4d96eff81 100644 --- a/composer.json +++ b/composer.json @@ -19,7 +19,7 @@ "behat/mink-browserkit-driver": "^2.1", "behat/mink-selenium2-driver": "^1.4", "colinodell/psr-testlogger": "^1.2", - "composer/composer": "^2.4", + "composer/composer": "^2.6.4", "drupal/coder": "^8.3.10", "instaclick/php-webdriver": "^1.4.1", "justinrainbow/json-schema": "^5.2", diff --git a/composer.lock b/composer.lock index 43eb39a7513..f1ed6e611c1 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "bfd416e5a3556fed83f84928cf81fa18", + "content-hash": "a30c52b5963c822aaa101826b97c7bab", "packages": [ { "name": "asm89/stack-cors", @@ -4641,16 +4641,16 @@ }, { "name": "composer/composer", - "version": "2.5.7", + "version": "2.6.4", "source": { "type": "git", "url": "https://github.com/composer/composer.git", - "reference": "d477018d3f2ebd76dede3d3988a0b1a7add4d81e" + "reference": "d75d17c16a863438027d1d96401cddcd6aa5bb60" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/composer/composer/zipball/d477018d3f2ebd76dede3d3988a0b1a7add4d81e", - "reference": "d477018d3f2ebd76dede3d3988a0b1a7add4d81e", + "url": "https://api.github.com/repos/composer/composer/zipball/d75d17c16a863438027d1d96401cddcd6aa5bb60", + "reference": "d75d17c16a863438027d1d96401cddcd6aa5bb60", "shasum": "" }, "require": { @@ -4658,23 +4658,23 @@ "composer/class-map-generator": "^1.0", "composer/metadata-minifier": "^1.0", "composer/pcre": "^2.1 || ^3.1", - "composer/semver": "^3.0", + "composer/semver": "^3.2.5", "composer/spdx-licenses": "^1.5.7", "composer/xdebug-handler": "^2.0.2 || ^3.0.3", "justinrainbow/json-schema": "^5.2.11", "php": "^7.2.5 || ^8.0", "psr/log": "^1.0 || ^2.0 || ^3.0", - "react/promise": "^2.8", + "react/promise": "^2.8 || ^3", "seld/jsonlint": "^1.4", "seld/phar-utils": "^1.2", "seld/signal-handler": "^2.0", - "symfony/console": "^5.4.11 || ^6.0.11", - "symfony/filesystem": "^5.4 || ^6.0", - "symfony/finder": "^5.4 || ^6.0", + "symfony/console": "^5.4.11 || ^6.0.11 || ^7", + "symfony/filesystem": "^5.4 || ^6.0 || ^7", + "symfony/finder": "^5.4 || ^6.0 || ^7", "symfony/polyfill-php73": "^1.24", "symfony/polyfill-php80": "^1.24", "symfony/polyfill-php81": "^1.24", - "symfony/process": "^5.4 || ^6.0" + "symfony/process": "^5.4 || ^6.0 || ^7" }, "require-dev": { "phpstan/phpstan": "^1.9.3", @@ -4682,7 +4682,7 @@ "phpstan/phpstan-phpunit": "^1.0", "phpstan/phpstan-strict-rules": "^1", "phpstan/phpstan-symfony": "^1.2.10", - "symfony/phpunit-bridge": "^6.0" + "symfony/phpunit-bridge": "^6.0 || ^7" }, "suggest": { "ext-openssl": "Enabling the openssl extension allows you to access https URLs for repositories and packages", @@ -4695,7 +4695,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "2.5-dev" + "dev-main": "2.6-dev" }, "phpstan": { "includes": [ @@ -4705,7 +4705,7 @@ }, "autoload": { "psr-4": { - "Composer\\": "src/Composer" + "Composer\\": "src/Composer/" } }, "notification-url": "https://packagist.org/downloads/", @@ -4734,7 +4734,8 @@ "support": { "irc": "ircs://irc.libera.chat:6697/composer", "issues": "https://github.com/composer/composer/issues", - "source": "https://github.com/composer/composer/tree/2.5.7" + "security": "https://github.com/composer/composer/security/policy", + "source": "https://github.com/composer/composer/tree/2.6.4" }, "funding": [ { @@ -4750,7 +4751,7 @@ "type": "tidelift" } ], - "time": "2023-05-24T13:00:40+00:00" + "time": "2023-09-29T08:54:47+00:00" }, { "name": "composer/metadata-minifier", diff --git a/composer/Metapackage/DevDependencies/composer.json b/composer/Metapackage/DevDependencies/composer.json index 0efa90a9507..44b215805d6 100644 --- a/composer/Metapackage/DevDependencies/composer.json +++ b/composer/Metapackage/DevDependencies/composer.json @@ -11,7 +11,7 @@ "behat/mink-browserkit-driver": "^2.1", "behat/mink-selenium2-driver": "^1.4", "colinodell/psr-testlogger": "^1.2", - "composer/composer": "^2.4", + "composer/composer": "^2.6.4", "drupal/coder": "^8.3.10", "instaclick/php-webdriver": "^1.4.1", "justinrainbow/json-schema": "^5.2", diff --git a/composer/Metapackage/PinnedDevDependencies/composer.json b/composer/Metapackage/PinnedDevDependencies/composer.json index 08e7a0547a5..cf05e4691c3 100644 --- a/composer/Metapackage/PinnedDevDependencies/composer.json +++ b/composer/Metapackage/PinnedDevDependencies/composer.json @@ -14,7 +14,7 @@ "colinodell/psr-testlogger": "v1.2.0", "composer/ca-bundle": "1.3.6", "composer/class-map-generator": "1.0.0", - "composer/composer": "2.5.7", + "composer/composer": "2.6.4", "composer/metadata-minifier": "1.0.0", "composer/pcre": "3.1.0", "composer/spdx-licenses": "1.5.7",