Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package php-composer2 for openSUSE:Factory checked in at 2026-07-14 13:52:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/php-composer2 (Old) and /work/SRC/openSUSE:Factory/.php-composer2.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "php-composer2" Tue Jul 14 13:52:38 2026 rev:36 rq:1365485 version:2.10.2 Changes: -------- --- /work/SRC/openSUSE:Factory/php-composer2/php-composer2.changes 2026-06-02 16:10:15.081630824 +0200 +++ /work/SRC/openSUSE:Factory/.php-composer2.new.1991/php-composer2.changes 2026-07-14 13:52:43.736759929 +0200 @@ -1,0 +2,28 @@ +Tue Jul 14 06:35:44 UTC 2026 - Petr Gajdos <[email protected]> + +- version update to 2.10.2 + * Validate package names (GHSA-499r-g7pc-vmp9) + * Validate package bin paths against path traversal (GHSA-gjfg-22fp-rrxx) + * Sanitize URL-embedded usernames/token in verbose output (GHSA-g6xq-892h-64w3) + * Only follow HTTP redirects from HTTP responses (#12948) + * Prevent phar metadata unserialization on unsafe PHP versions (#12946) + * Sanitize JSON parse errors in http responses to avoid leaking response body data (#12959) + * Added warning output in self-update command when using a soon-to-be EOL version (#12920) + * Added download retry when a GitHub codeload URL returns a 400 (#12962) + * Fixed audit command to output the audit result to stdout (#12904) + * Fixed backspace characters being output to non-decorated output (#12925) + * Fixed security advisory blocking causing issues with xdebug enabled (#12935) + * Fixed provider packages hiding suggestions for the package they provide themselves (#12933) + * Fixed security advisory blocking causing issues with xdebug enabled (#12935) +- version update to 2.10.1 + * Fixed shell escaping when opening an editor (#12903) + * Verify backup phar signature before restoring it when using self-update --rollback (#12918) + * Fixed source-fallback also disabling fallbacks to dist install when source is the preferred install method (#12888) + * Fixed source -> dist package updates wiping the .git dir without checking for local changes first (#12912) + * Fixed GitHub token prompt happening multiple times on parallel auth failures (#12913) + * Fixed warnings from Composer repositories being printed twice in some cases (#12907) +- fixes CVE-2026-59948 [bsc#1271123] + CVE-2026-59947 [bsc#1271130] + CVE-2026-59946 [bsc#1271152] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ php-composer2.spec ++++++ --- /var/tmp/diff_new_pack.1Ixt54/_old 2026-07-14 13:52:44.472785378 +0200 +++ /var/tmp/diff_new_pack.1Ixt54/_new 2026-07-14 13:52:44.476785516 +0200 @@ -17,7 +17,7 @@ Name: php-composer2 -Version: 2.10.0 +Version: 2.10.2 Release: 0 Summary: Dependency Management for PHP License: MIT ++++++ composer.phar ++++++ Binary files /var/tmp/diff_new_pack.1Ixt54/_old and /var/tmp/diff_new_pack.1Ixt54/_new differ ++++++ composer.phar.asc ++++++ Binary files /var/tmp/diff_new_pack.1Ixt54/_old and /var/tmp/diff_new_pack.1Ixt54/_new differ
