Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package php-composer2 for openSUSE:Factory 
checked in at 2026-07-14 13:52:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/php-composer2 (Old)
 and      /work/SRC/openSUSE:Factory/.php-composer2.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "php-composer2"

Tue Jul 14 13:52:38 2026 rev:36 rq:1365485 version:2.10.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/php-composer2/php-composer2.changes      
2026-06-02 16:10:15.081630824 +0200
+++ /work/SRC/openSUSE:Factory/.php-composer2.new.1991/php-composer2.changes    
2026-07-14 13:52:43.736759929 +0200
@@ -1,0 +2,28 @@
+Tue Jul 14 06:35:44 UTC 2026 - Petr Gajdos <[email protected]>
+
+- version update to 2.10.2
+  * Validate package names (GHSA-499r-g7pc-vmp9)
+  * Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx)
+  * Sanitize URL-embedded usernames/token in verbose output 
(GHSA-g6xq-892h-64w3)
+  * Only follow HTTP redirects from HTTP responses (#12948)
+  * Prevent phar metadata unserialization on unsafe PHP versions (#12946)
+  * Sanitize JSON parse errors in http responses to avoid leaking response 
body data (#12959)
+  * Added warning output in self-update command when using a soon-to-be EOL 
version (#12920)
+  * Added download retry when a GitHub codeload URL returns a 400 (#12962)
+  * Fixed audit command to output the audit result to stdout (#12904)
+  * Fixed backspace characters being output to non-decorated output (#12925)
+  * Fixed security advisory blocking causing issues with xdebug enabled 
(#12935)
+  * Fixed provider packages hiding suggestions for the package they provide 
themselves (#12933)
+  * Fixed security advisory blocking causing issues with xdebug enabled 
(#12935)
+- version update to 2.10.1
+  * Fixed shell escaping when opening an editor (#12903)
+  * Verify backup phar signature before restoring it when using self-update 
--rollback (#12918)
+  * Fixed source-fallback also disabling fallbacks to dist install when source 
is the preferred install method (#12888)
+  * Fixed source -> dist package updates wiping the .git dir without checking 
for local changes first (#12912)
+  * Fixed GitHub token prompt happening multiple times on parallel auth 
failures (#12913)
+  * Fixed warnings from Composer repositories being printed twice in some 
cases (#12907)
+- fixes CVE-2026-59948 [bsc#1271123]
+        CVE-2026-59947 [bsc#1271130]
+        CVE-2026-59946 [bsc#1271152]
+ 
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ php-composer2.spec ++++++
--- /var/tmp/diff_new_pack.1Ixt54/_old  2026-07-14 13:52:44.472785378 +0200
+++ /var/tmp/diff_new_pack.1Ixt54/_new  2026-07-14 13:52:44.476785516 +0200
@@ -17,7 +17,7 @@
 
 
 Name:           php-composer2
-Version:        2.10.0
+Version:        2.10.2
 Release:        0
 Summary:        Dependency Management for PHP
 License:        MIT

++++++ composer.phar ++++++
Binary files /var/tmp/diff_new_pack.1Ixt54/_old and 
/var/tmp/diff_new_pack.1Ixt54/_new differ

++++++ composer.phar.asc ++++++
Binary files /var/tmp/diff_new_pack.1Ixt54/_old and 
/var/tmp/diff_new_pack.1Ixt54/_new differ

Reply via email to