Update composer to versions 1.10.26 and 2.2.12

docksal / service-cli

CLI service image for Docksal

https://docksal.io

MIT License

19 stars 45 forks source link

Update composer to versions 1.10.26 and 2.2.12 #283

Closed CyberJack closed 2 years ago

CyberJack commented 2 years ago

This PR updates composer to versions 1.10.26 and 2.2.12 which are not vulnerable to CVE-2022-24828. See: https://blog.packagist.com/cve-2022-24828-composer-command-injection-vulnerability/

shelane commented 2 years ago

We are continually updating all packages in a version-bumps branch and merge those periodically. I have one open now with multiple packages including composer. See #284

Thanks for the update.

lmakarov commented 2 years ago

This has been just released in v3.2.2