GHSA-f9f8-rm49-7jv2: Fix GitHub auth handling for composer in affected versions

2026-05-14 09:27:14 +07:00 · 2026-05-13 16:15:51 +05:30
parent 7729e411ec
commit 7748c24380
7 changed files with 217 additions and 9 deletions
--- a/src/configs/composer-gh-auth-no-op
+++ b/src/configs/composer-gh-auth-no-op
@@ -0,0 +1,3 @@
+1.0.0-0 1.10.28
+2.0.0-0 2.2.28
+2.3.0-0 2.9.8
--- a/src/configs/composer-gh-auth-warn
+++ b/src/configs/composer-gh-auth-warn
@@ -0,0 +1 @@
+Composer %s has a known GitHub token parsing bug that exposes GitHub tokens in the error output. So, GitHub authentication has not been configured for this Composer version. Please update to the latest version of Composer. See: https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2
				`@@ -0,0 +1 @@`
				`Composer %s has a known GitHub token parsing bug that exposes GitHub tokens in the error output. So, GitHub authentication has not been configured for this Composer version. Please update to the latest version of Composer. See: https://github.com/composer/composer/security/advisories/GHSA-f9f8-rm49-7jv2`