Fedora 42: Composer Critical ANSI Injection Denial of Service Advisory

Composer helps you declare, manage and install dependencies of PHP projects,

ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746) Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#12677) Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#12645) Fixed client-certificate authentication implementation (#12667) Fixed php-ext schema not being validated in ValidatingArrayLoader (#12694) Fixed crash when --bump-after-update is used and the lock file is disabled (#12660) Fixed support for SecureTransport + LibreSSL on macOS (#12615) Fixed display of reasons for why advisories are ignored (#12668) Fixed compatibility issues when git has log.showSignature enabled (#12666) Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#12662) Fixed EventDispatcher requiring a full Composer instance to function (#12629)