Skip to content

Bump composer/composer from 2.2.26 to 2.2.28#92

Merged
llaumgui merged 1 commit into
mainfrom
dependabot/composer/composer/composer-2.2.28
May 27, 2026
Merged

Bump composer/composer from 2.2.26 to 2.2.28#92
llaumgui merged 1 commit into
mainfrom
dependabot/composer/composer/composer-2.2.28

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps composer/composer from 2.2.26 to 2.2.28.

Release notes

Sourced from composer/composer's releases.

2.2.28

Full Changelog: composer/composer@2.2.27...2.2.28

2.2.27

  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (246f807b, 246f807b, 246f807b)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (246f807b)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (21ffece62)
  • Fixed issue handling paths with = in them on Windows (#11568)

Full Changelog: composer/composer@2.2.26...2.2.27

Changelog

Sourced from composer/composer's changelog.

[2.2.28] 2026-05-13

[2.2.27] 2026-04-14

  • Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261)
  • Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176)
  • Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with - do not cause issues (246f807b, 246f807b, 246f807b)
  • Security: Fixed Perforce unescaped user input in queryP4User shell command (246f807b)
  • Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing (21ffece62)
  • Fixed issue handling paths with = in them on Windows (#11568)
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels May 19, 2026
@dependabot dependabot Bot mentioned this pull request May 19, 2026
Closed
@dependabot
Bump composer/composer from 2.2.26 to 2.2.28
742fb7d 
Bumps [composer/composer](https://github.com/composer/composer) from 2.2.26 to 2.2.28.
- [Release notes](https://github.com/composer/composer/releases)
- [Changelog](https://github.com/composer/composer/blob/2.2.28/CHANGELOG.md)
- [Commits](composer/composer@2.2.26...2.2.28)

---
updated-dependencies:
- dependency-name: composer/composer
  dependency-version: 2.2.28
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/composer/composer/composer-2.2.28 branch from acdc20f to 742fb7d Compare May 27, 2026 15:31
@llaumgui llaumgui merged commit 52ed039 into main May 27, 2026
5 checks passed
@dependabot dependabot Bot deleted the dependabot/composer/composer/composer-2.2.28 branch May 27, 2026 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@llaumgui