From 4cbc8e207f76e8aecbbe1ec77f8c63c3e3632ab0 Mon Sep 17 00:00:00 2001
From: Dave Long <dave@longwaveconsulting.com>
Date: Wed, 14 Feb 2024 18:06:36 +0000
Subject: [PATCH] Issue #3421371 by Spokje: Security update composer/composer
(CVE-2023-43655)
---
composer.json | 2 +-
composer.lock | 20 +++++++++----------
.../Metapackage/DevDependencies/composer.json | 2 +-
.../PinnedDevDependencies/composer.json | 2 +-
4 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/composer.json b/composer.json
index 9f70375403d2..78a8fa159d4b 100644
--- a/composer.json
+++ b/composer.json
@@ -19,7 +19,7 @@
"behat/mink-browserkit-driver": "^2.2",
"behat/mink-selenium2-driver": "^1.7",
"colinodell/psr-testlogger": "^1.2",
- "composer/composer": "^2.6.4",
+ "composer/composer": "^2.7",
"drupal/coder": "^8.3.10",
"instaclick/php-webdriver": "^1.4.1",
"justinrainbow/json-schema": "^5.2",
diff --git a/composer.lock b/composer.lock
index ce6897da5954..ca6011e482f6 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "a4fad5d4f1355f96a953849799e211f4",
+ "content-hash": "9103791a18c3a090bfd3335ff65a404a",
"packages": [
{
"name": "asm89/stack-cors",
@@ -4876,16 +4876,16 @@
},
{
"name": "composer/composer",
- "version": "2.6.6",
+ "version": "2.7.1",
"source": {
"type": "git",
"url": "https://github.com/composer/composer.git",
- "reference": "683557bd2466072777309d039534bb1332d0dda5"
+ "reference": "aaf6ed5ccd27c23f79a545e351b4d7842a99d0bc"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/composer/composer/zipball/683557bd2466072777309d039534bb1332d0dda5",
- "reference": "683557bd2466072777309d039534bb1332d0dda5",
+ "url": "https://api.github.com/repos/composer/composer/zipball/aaf6ed5ccd27c23f79a545e351b4d7842a99d0bc",
+ "reference": "aaf6ed5ccd27c23f79a545e351b4d7842a99d0bc",
"shasum": ""
},
"require": {
@@ -4903,7 +4903,7 @@
"seld/jsonlint": "^1.4",
"seld/phar-utils": "^1.2",
"seld/signal-handler": "^2.0",
- "symfony/console": "^5.4.11 || ^6.0.11",
+ "symfony/console": "^5.4.11 || ^6.0.11 || ^7",
"symfony/filesystem": "^5.4 || ^6.0 || ^7",
"symfony/finder": "^5.4 || ^6.0 || ^7",
"symfony/polyfill-php73": "^1.24",
@@ -4917,7 +4917,7 @@
"phpstan/phpstan-phpunit": "^1.0",
"phpstan/phpstan-strict-rules": "^1",
"phpstan/phpstan-symfony": "^1.2.10",
- "symfony/phpunit-bridge": "^6.0 || ^7"
+ "symfony/phpunit-bridge": "^6.4.1 || ^7.0.1"
},
"suggest": {
"ext-openssl": "Enabling the openssl extension allows you to access https URLs for repositories and packages",
@@ -4930,7 +4930,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "2.6-dev"
+ "dev-main": "2.7-dev"
},
"phpstan": {
"includes": [
@@ -4970,7 +4970,7 @@
"irc": "ircs://irc.libera.chat:6697/composer",
"issues": "https://github.com/composer/composer/issues",
"security": "https://github.com/composer/composer/security/policy",
- "source": "https://github.com/composer/composer/tree/2.6.6"
+ "source": "https://github.com/composer/composer/tree/2.7.1"
},
"funding": [
{
@@ -4986,7 +4986,7 @@
"type": "tidelift"
}
],
- "time": "2023-12-08T17:32:26+00:00"
+ "time": "2024-02-09T14:26:28+00:00"
},
{
"name": "composer/metadata-minifier",
diff --git a/composer/Metapackage/DevDependencies/composer.json b/composer/Metapackage/DevDependencies/composer.json
index 2d73ffd3baac..fef6d5681c9c 100644
--- a/composer/Metapackage/DevDependencies/composer.json
+++ b/composer/Metapackage/DevDependencies/composer.json
@@ -11,7 +11,7 @@
"behat/mink-browserkit-driver": "^2.2",
"behat/mink-selenium2-driver": "^1.7",
"colinodell/psr-testlogger": "^1.2",
- "composer/composer": "^2.6.4",
+ "composer/composer": "^2.7",
"drupal/coder": "^8.3.10",
"instaclick/php-webdriver": "^1.4.1",
"justinrainbow/json-schema": "^5.2",
diff --git a/composer/Metapackage/PinnedDevDependencies/composer.json b/composer/Metapackage/PinnedDevDependencies/composer.json
index e163b8fe7260..b04ef07535c6 100644
--- a/composer/Metapackage/PinnedDevDependencies/composer.json
+++ b/composer/Metapackage/PinnedDevDependencies/composer.json
@@ -14,7 +14,7 @@
"colinodell/psr-testlogger": "v1.3.0",
"composer/ca-bundle": "1.3.7",
"composer/class-map-generator": "1.1.0",
- "composer/composer": "2.6.6",
+ "composer/composer": "2.7.1",
"composer/metadata-minifier": "1.0.0",
"composer/pcre": "3.1.1",
"composer/spdx-licenses": "1.5.8",
--
GitLab