From 5d8d7f870b32eb5ad837fe1f32dde67bbadfacd0 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Mon, 9 Oct 2023 17:32:48 +0200
Subject: [PATCH] [TASK] Upgrade to composer/composer ^2.2.22

> composer req --dev composer/composer ^2.2.22

Raised development dependencies, since v2.2.22 fixes
CVE-2023-43655 which concerns "web-accessible server
where the composer.phar can be executed as a php file"
(which is not a security issue for TYPO3 in this case).

Resolves: #102128
Releases: main, 12.4, 11.5
Change-Id: I3fd478fa7cee2c875b560f79cab94cb889d2b73a
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/81387
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Benjamin Franzke <ben@bnf.dev>
---
 composer.json |  2 +-
 composer.lock | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/composer.json b/composer.json
index 2b5918b503cf..af0fc400c47c 100644
--- a/composer.json
+++ b/composer.json
@@ -110,7 +110,7 @@
 		"codeception/module-cli": "^1.1",
 		"codeception/module-filesystem": "^1.0.3",
 		"codeception/module-webdriver": "^1.4.0",
-		"composer/composer": "^2.2.12",
+		"composer/composer": "^2.2.22",
 		"composer/package-versions-deprecated": "^1.11.99.4",
 		"cweagans/composer-patches": "^1.7.1",
 		"friendsofphp/php-cs-fixer": "^3.26.1",
diff --git a/composer.lock b/composer.lock
index 16bc995ba174..f2ae68be7b93 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "26d40ee1351ef2c9870c7a5a153ad704",
+    "content-hash": "385fea3b246eff950eaee22577a2ee54",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -5905,16 +5905,16 @@
         },
         {
             "name": "composer/composer",
-            "version": "2.2.13",
+            "version": "2.2.22",
             "source": {
                 "type": "git",
                 "url": "https://github.com/composer/composer.git",
-                "reference": "de11c9819ac45659fb0fafb2e704912f9994ed60"
+                "reference": "fedc76ee3f3e3d57d20993b9f4c5fcfb2f8596aa"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/composer/composer/zipball/de11c9819ac45659fb0fafb2e704912f9994ed60",
-                "reference": "de11c9819ac45659fb0fafb2e704912f9994ed60",
+                "url": "https://api.github.com/repos/composer/composer/zipball/fedc76ee3f3e3d57d20993b9f4c5fcfb2f8596aa",
+                "reference": "fedc76ee3f3e3d57d20993b9f4c5fcfb2f8596aa",
                 "shasum": ""
             },
             "require": {
@@ -5984,7 +5984,7 @@
             "support": {
                 "irc": "ircs://irc.libera.chat:6697/composer",
                 "issues": "https://github.com/composer/composer/issues",
-                "source": "https://github.com/composer/composer/tree/2.2.13"
+                "source": "https://github.com/composer/composer/tree/2.2.22"
             },
             "funding": [
                 {
@@ -6000,7 +6000,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-25T19:37:25+00:00"
+            "time": "2023-09-29T08:53:46+00:00"
         },
         {
             "name": "composer/metadata-minifier",
@@ -9259,5 +9259,5 @@
     "platform-overrides": {
         "php": "7.4.1"
     },
-    "plugin-api-version": "2.6.0"
+    "plugin-api-version": "2.3.0"
 }
-- 
GitLab