Update dependency composer/composer to v2.7.7 #720

Merged

renovate-bot merged 1 commit from renovate/composer-composer-2.7.x into master

2024-06-10 22:03:30 +00:00

renovate-bot commented

2024-06-10 21:03:30 +00:00

Collaborator

This PR contains the following updates:

Package	Update	Change
composer/composer	patch	`2.7.6` -> `2.7.7`

Release Notes

composer/composer (composer/composer)

`v2.7.7`

Compare Source

Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241)
- Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242)
- Security: Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b958)
- Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67)
- Security: Fixed perforce argument escaping (3773f77)
- Security: Fixed handling of zip bombs when extracting archives (de5f7e3)
- Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion (3130a74, 04a63b3)
- Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown (#11957)
- Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches (#12000)
- Fixed new platform requirements from composer.json not being checked if the lock file is outdated (#12001)
- Fixed ability for config command to remove autoload keys (#11967)
- Fixed empty type support in init command (#11999)
- Fixed git clone errors when safe.bareRepository is set to strict in the git config (#11969)
- Fixed regression showing network errors on PHP <8.1 (#11974)
- Fixed some color bleed from a few warnings (#11972)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [composer/composer](https://github.com/composer/composer) | patch | `2.7.6` -> `2.7.7` | --- ### Release Notes <details> <summary>composer/composer (composer/composer)</summary> ### [`v2.7.7`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#277-2024-06-10) [Compare Source](https://github.com/composer/composer/compare/2.7.6...2.7.7) - Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c / CVE-2024-35241) - Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf / CVE-2024-35242) - Security: Fixed secure-http checks that could be bypassed by using malformed URL formats ([`fa3b958`](https://github.com/composer/composer/commit/fa3b9582c)) - Security: Fixed Filesystem::isLocalPath including windows-specific checks on linux ([`3c37a67`](https://github.com/composer/composer/commit/3c37a67c)) - Security: Fixed perforce argument escaping ([`3773f77`](https://github.com/composer/composer/commit/3773f775)) - Security: Fixed handling of zip bombs when extracting archives ([`de5f7e3`](https://github.com/composer/composer/commit/de5f7e32)) - Security: Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding conversion ([`3130a74`](https://github.com/composer/composer/commit/3130a7455), [`04a63b3`](https://github.com/composer/composer/commit/04a63b324)) - Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to new violations being shown ([#11957](https://github.com/composer/composer/issues/11957)) - Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing branches ([#12000](https://github.com/composer/composer/issues/12000)) - Fixed new platform requirements from composer.json not being checked if the lock file is outdated ([#12001](https://github.com/composer/composer/issues/12001)) - Fixed ability for `config` command to remove autoload keys ([#11967](https://github.com/composer/composer/issues/11967)) - Fixed empty `type` support in `init` command ([#11999](https://github.com/composer/composer/issues/11999)) - Fixed git clone errors when `safe.bareRepository` is set to `strict` in the git config ([#11969](https://github.com/composer/composer/issues/11969)) - Fixed regression showing network errors on PHP <8.1 ([#11974](https://github.com/composer/composer/issues/11974)) - Fixed some color bleed from a few warnings ([#11972](https://github.com/composer/composer/issues/11972)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit 2024-06-10 21:03:31 +00:00

Update dependency composer/composer to v2.7.7 c117e050ff

renovate-bot merged commit c117e050ff into master

2024-06-10 22:03:30 +00:00

No reviewers

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: mwalbeck/docker-composer#720

No description provided.

Rows
Columns