Skip to content

chore(deps): update dependency composer/composer to v2.9.5#214

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/composer-composer-2.x
Open

chore(deps): update dependency composer/composer to v2.9.5#214
renovate[bot] wants to merge 1 commit intomainfrom
renovate/composer-composer-2.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 11, 2026

This PR contains the following updates:

Package Update Change
composer/composer patch 2.9.22.9.5

Release Notes

composer/composer (composer/composer)

v2.9.5

Compare Source

  • Added support for new pie download-url-methods (#​12727)
    • Fixed detection of 7z when installed as 7za on some linux systems (#​12731)
    • Fixed warning because of the symfony/process CVE, 2.9.4 had a workaround already

v2.9.4

Compare Source

  • Added active plugins to the diagnose command output (#​12706)
    • Fixed HTTP/3 causing issues with proxies (#​12699)
    • Fixed show command regression with long descriptions containing unicode characters (#​12704)
    • Fixed regression handling invalid unicode sequences in output (#​12707)
    • Fixed git rev-list usages to support older pre-2.33 git versions (#​12705)
    • Fixed issue handling paths with = in them on Windows (#​12726)

v2.9.3

Compare Source

  • Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
    • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#​12677)
    • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#​12645)
    • Fixed client-certificate authentication implementation (#​12667)
    • Fixed php-ext schema not being validated in ValidatingArrayLoader (#​12694)
    • Fixed crash when --bump-after-update is used and the lock file is disabled (#​12660)
    • Fixed support for SecureTransport + LibreSSL on macOS (#​12615)
    • Fixed display of reasons for why advisories are ignored (#​12668)
    • Fixed compatibility issues when git has log.showSignature enabled (#​12666)
    • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#​12662)
    • Fixed EventDispatcher requiring a full Composer instance to function (#​12629)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Feb 11, 2026
@renovate renovate bot enabled auto-merge February 11, 2026 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants