Skip to content

chore(deps): update dependency composer/composer to ^2.9.3 #1078

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rabbitlair merged 1 commit into from
Jan 5, 2026
Merged

chore(deps): update dependency composer/composer to ^2.9.3 #1078

rabbitlair merged 1 commit into from
Jan 5, 2026

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Dec 30, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
composer/composer (source) ^2.9.2^2.9.3 age confidence

Release Notes

composer/composer (composer/composer)

v2.9.3

Compare Source

  • Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
    • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#​12677)
    • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#​12645)
    • Fixed client-certificate authentication implementation (#​12667)
    • Fixed php-ext schema not being validated in ValidatingArrayLoader (#​12694)
    • Fixed crash when --bump-after-update is used and the lock file is disabled (#​12660)
    • Fixed support for SecureTransport + LibreSSL on macOS (#​12615)
    • Fixed display of reasons for why advisories are ignored (#​12668)
    • Fixed compatibility issues when git has log.showSignature enabled (#​12666)
    • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#​12662)
    • Fixed EventDispatcher requiring a full Composer instance to function (#​12629)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions github-actions bot temporarily deployed to pantheon-pr-1078 December 30, 2025 14:48 Destroyed
@github-actions github-actions bot temporarily deployed to lullabotsandbox.dev December 30, 2025 14:49 Inactive
@renovate renovate bot force-pushed the renovate/composer-composer-2.x branch from 59020d6 to ae899b7 Compare January 5, 2026 13:56
@github-actions github-actions bot temporarily deployed to pantheon-pr-1078 January 5, 2026 13:59 Destroyed
@github-actions github-actions bot temporarily deployed to lullabotsandbox.dev January 5, 2026 14:08 Inactive
@rabbitlair rabbitlair merged commit 5f1693f into main Jan 5, 2026
63 checks passed
@rabbitlair rabbitlair deleted the renovate/composer-composer-2.x branch January 5, 2026 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rabbitlair