Update version constraint for "composer/composer" to allow for 1.10.21

magento / composer-root-update-plugin

Open Software License 3.0

57 stars 17 forks source link

Update version constraint for "composer/composer" to allow for 1.10.21 #24

Closed Serializator closed 3 years ago

igorwulff commented 3 years ago

Can you also include support for 1.10.22 which fixes an security issue: https://github.com/composer/composer/releases/tag/1.10.22

Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472)

EDIT I see this issue is also already in PR for looser restrictions https://github.com/magento/composer-root-update-plugin/pull/25

pdohogne-magento commented 3 years ago

Addressed in https://github.com/magento/composer-root-update-plugin/pull/25, released in version 1.1.2