From 3d9cef57a772b4c811a1a9db7ee9850f081ec3cc Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 9 Oct 2023 17:43:16 +0200
Subject: [PATCH] [TASK] Upgrade to composer/composer ^2.6.5
> composer req --dev composer/composer ^2.6.5
Raised development dependencies, since v2.6.4 fixes
CVE-2023-43655 which concerns "web-accessible server
where the composer.phar can be executed as a php file"
(which is not a security issue for TYPO3 in this case).
Resolves: #102128
Releases: main, 12.4, 11.5
Change-Id: I3fd478fa7cee2c875b560f79cab94cb889d2b73a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81385
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Schaufelberger <simonschaufi+typo3@gmail.com>
---
composer.json | 2 +-
composer.lock | 33 +++++++++++++++++----------------
2 files changed, 18 insertions(+), 17 deletions(-)
diff --git a/composer.json b/composer.json
index 8bc83a47434c..f720a070783f 100644
--- a/composer.json
+++ b/composer.json
@@ -107,7 +107,7 @@
"codeception/module-cli": "^2.0.1",
"codeception/module-filesystem": "^3.0.0",
"codeception/module-webdriver": "^4.0.0",
- "composer/composer": "^2.5.5",
+ "composer/composer": "^2.6.5",
"friendsofphp/php-cs-fixer": "^3.26.1",
"friendsoftypo3/phpstan-typo3": "^0.9.0",
"php-webdriver/webdriver": "^1.14.0",
diff --git a/composer.lock b/composer.lock
index 332c6a95e9e8..dfa127fd59a7 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "3cf20470d0de7c2c7b45a918125099e4",
+ "content-hash": "3d9b27c5b9f0d158a02688e2ccc752c5",
"packages": [
{
"name": "bacon/bacon-qr-code",
@@ -5685,16 +5685,16 @@
},
{
"name": "composer/composer",
- "version": "2.5.5",
+ "version": "2.6.5",
"source": {
"type": "git",
"url": "https://github.com/composer/composer.git",
- "reference": "c7cffaad16a60636a776017eac5bd8cd0095c32f"
+ "reference": "4b0fe89db9e65b1e64df633a992e70a7a215ab33"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/composer/composer/zipball/c7cffaad16a60636a776017eac5bd8cd0095c32f",
- "reference": "c7cffaad16a60636a776017eac5bd8cd0095c32f",
+ "url": "https://api.github.com/repos/composer/composer/zipball/4b0fe89db9e65b1e64df633a992e70a7a215ab33",
+ "reference": "4b0fe89db9e65b1e64df633a992e70a7a215ab33",
"shasum": ""
},
"require": {
@@ -5702,23 +5702,23 @@
"composer/class-map-generator": "^1.0",
"composer/metadata-minifier": "^1.0",
"composer/pcre": "^2.1 || ^3.1",
- "composer/semver": "^3.0",
+ "composer/semver": "^3.2.5",
"composer/spdx-licenses": "^1.5.7",
"composer/xdebug-handler": "^2.0.2 || ^3.0.3",
"justinrainbow/json-schema": "^5.2.11",
"php": "^7.2.5 || ^8.0",
"psr/log": "^1.0 || ^2.0 || ^3.0",
- "react/promise": "^2.8",
+ "react/promise": "^2.8 || ^3",
"seld/jsonlint": "^1.4",
"seld/phar-utils": "^1.2",
"seld/signal-handler": "^2.0",
- "symfony/console": "^5.4.11 || ^6.0.11",
- "symfony/filesystem": "^5.4 || ^6.0",
- "symfony/finder": "^5.4 || ^6.0",
+ "symfony/console": "^5.4.11 || ^6.0.11 || ^7",
+ "symfony/filesystem": "^5.4 || ^6.0 || ^7",
+ "symfony/finder": "^5.4 || ^6.0 || ^7",
"symfony/polyfill-php73": "^1.24",
"symfony/polyfill-php80": "^1.24",
"symfony/polyfill-php81": "^1.24",
- "symfony/process": "^5.4 || ^6.0"
+ "symfony/process": "^5.4 || ^6.0 || ^7"
},
"require-dev": {
"phpstan/phpstan": "^1.9.3",
@@ -5726,7 +5726,7 @@
"phpstan/phpstan-phpunit": "^1.0",
"phpstan/phpstan-strict-rules": "^1",
"phpstan/phpstan-symfony": "^1.2.10",
- "symfony/phpunit-bridge": "^6.0"
+ "symfony/phpunit-bridge": "^6.0 || ^7"
},
"suggest": {
"ext-openssl": "Enabling the openssl extension allows you to access https URLs for repositories and packages",
@@ -5739,7 +5739,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "2.5-dev"
+ "dev-main": "2.6-dev"
},
"phpstan": {
"includes": [
@@ -5749,7 +5749,7 @@
},
"autoload": {
"psr-4": {
- "Composer\\": "src/Composer"
+ "Composer\\": "src/Composer/"
}
},
"notification-url": "https://packagist.org/downloads/",
@@ -5778,7 +5778,8 @@
"support": {
"irc": "ircs://irc.libera.chat:6697/composer",
"issues": "https://github.com/composer/composer/issues",
- "source": "https://github.com/composer/composer/tree/2.5.5"
+ "security": "https://github.com/composer/composer/security/policy",
+ "source": "https://github.com/composer/composer/tree/2.6.5"
},
"funding": [
{
@@ -5794,7 +5795,7 @@
"type": "tidelift"
}
],
- "time": "2023-03-21T10:50:05+00:00"
+ "time": "2023-10-06T08:11:52+00:00"
},
{
"name": "composer/metadata-minifier",
--
GitLab