From a39417a6732cc5d2db0579d4d01a7f1a4f48a408 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Fri, 29 Sep 2023 11:23:30 +0200
Subject: phpPackages.composer: 2.6.3 -> 2.6.4

Security release: To be mitigated since we are not using a publicly accessible composer.phar (GHSA-jm6m-4632-36hf / CVE-2023-43655).

Changelog: https://github.com/composer/composer/releases/tag/2.6.4
---
 pkgs/build-support/php/pkgs/composer-phar.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pkgs/build-support')

diff --git a/pkgs/build-support/php/pkgs/composer-phar.nix b/pkgs/build-support/php/pkgs/composer-phar.nix
index 3efd9098d6df5..7269d3029b6b6 100644
--- a/pkgs/build-support/php/pkgs/composer-phar.nix
+++ b/pkgs/build-support/php/pkgs/composer-phar.nix
@@ -14,11 +14,11 @@
 
 stdenvNoCC.mkDerivation (finalAttrs: {
   pname = "composer-phar";
-  version = "2.6.3";
+  version = "2.6.4";
 
   src = fetchurl {
     url = "https://github.com/composer/composer/releases/download/${finalAttrs.version}/composer.phar";
-    hash = "sha256-5Yo5DKwN9FzPWj2VrpT6I57e2LeQf6LI91LwIDBPybE=";
+    hash = "sha256-Wjnz4s5bo5HuP+yyJ/ryE5D1t+1cVvFMq54cMEi8+Lg=";
   };
 
   dontUnpack = true;
-- 
cgit 1.4.1