From a52959ccf2d7c066132fb923169887edc5be8021 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20Klabbers?= Date: Thu, 22 Feb 2024 11:40:56 +0100 Subject: [PATCH] Patch vulnerability advisory (#3966) Seems composer has a vulnerability, see https://github.com/advisories/GHSA-7c6p-848j-wh5h Affected versions >= 2.0.0-alpha1, < 2.2.23 -- patched in 2.2.23 >= 2.3.0-rc1, < 2.7.0 -- patched in 2.7.0 --- Let's raise the minimum to enforce the latest. Thank you @peopleinside for reporting this. (cherry picked from commit e771b908d5e42ee223c6321ce264960d42b7ad9d) --- extensions/package-manager/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extensions/package-manager/composer.json b/extensions/package-manager/composer.json index 4abb1a5c5b..5dbf9cad3d 100755 --- a/extensions/package-manager/composer.json +++ b/extensions/package-manager/composer.json @@ -23,7 +23,7 @@ }, "require": { "flarum/core": "^1.8", - "composer/composer": "^2.3" + "composer/composer": "^2.7" }, "require-dev": { "flarum/testing": "^1.0.0",