BUGFIX: Avoid insecure composer/composer versions - Githubissues

neos / flow-development-collection

The unified repository containing the Flow core packages, used for Flow development.

https://flow.neos.io/

MIT License

137 stars 189 forks source link

BUGFIX: Avoid insecure composer/composer versions #3366

Closed kdambekalns closed 3 months ago

kdambekalns commented 3 months ago

This adjusts the dependency to ~2.2.24 || ^2.7.7 to avoid versions vulnerable to multiple command injections via malicious branch names.

More details in:

Checklist

[x] Code follows the PSR-2 coding style
[ ] ~Tests have been created, run and adjusted as needed~
[x] The PR is created against the lowest maintained branch
[x] Reviewer - PR Title is brief but complete and starts with FEATURE|TASK|BUGFIX
[x] Reviewer - The first section explains the change briefly for change-logs
[ ] ~Reviewer - Breaking Changes are marked with !!! and have upgrade-instructions~