Skip to content

fix(deps): upgrade composer/composer to 2.2.28#1919

Closed
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/composer-composer-security-advisories
Closed

fix(deps): upgrade composer/composer to 2.2.28#1919
mrrobot47 wants to merge 1 commit into
EasyEngine:developfrom
mrrobot47:fix/composer-composer-security-advisories

Conversation

@mrrobot47

@mrrobot47 mrrobot47 commented Jun 5, 2026

Copy link
Copy Markdown
Member

Problem

The scheduled CI build (Build 🔨 + Test 👨‍🔧) has been failing daily since at least 2026-05-28. composer/composer 2.2.26 (pinned exactly in composer.json) is flagged by three security advisories:

  • PKSA-pwvr-3754-v57r
  • PKSA-t5r2-p5q9-mtpn
  • PKSA-6bp1-9hfj-2cgv

Composer's security advisory blocking policy prevents the package from being installed, causing composer update to exit with code 2.

Fix

Bumps composer/composer from 2.2.262.2.28 (latest in the LTS 2.2.x line). Version 2.2.28 has no blocking security advisories and retains the same PHP ^5.3.2 || ^7.0 || ^8.0 requirement, so it's fully compatible with this project's >=7.0 constraint.

Test plan

  • CI Build Phar job completes without the dependency resolution error

@mrrobot47
fix(deps): upgrade composer/composer from 2.2.26 to 2.2.28
bb5ce56 
Version 2.2.26 is flagged by three security advisories (PKSA-pwvr-3754-v57r,
PKSA-t5r2-p5q9-mtpn, PKSA-6bp1-9hfj-2cgv), causing Composer to refuse to
install it and failing the scheduled CI build.
@mrrobot47

mrrobot47 commented Jun 5, 2026

Copy link
Copy Markdown
Member Author

Closing in favour of the existing Dependabot PR #1918 which covers the same fix.

@mrrobot47 mrrobot47 closed this Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrrobot47