From a52959ccf2d7c066132fb923169887edc5be8021 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20Klabbers?= <luceos@users.noreply.github.com>
Date: Thu, 22 Feb 2024 11:40:56 +0100
Subject: [PATCH] Patch vulnerability advisory (#3966)

Seems composer has a vulnerability, see https://github.com/advisories/GHSA-7c6p-848j-wh5h

Affected versions
>= 2.0.0-alpha1, < 2.2.23 -- patched in 2.2.23
>= 2.3.0-rc1, < 2.7.0 -- patched in 2.7.0

---

Let's raise the minimum to enforce the latest.

Thank you @peopleinside for reporting this.

(cherry picked from commit e771b908d5e42ee223c6321ce264960d42b7ad9d)
---
 extensions/package-manager/composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/package-manager/composer.json b/extensions/package-manager/composer.json
index 4abb1a5c5b..5dbf9cad3d 100755
--- a/extensions/package-manager/composer.json
+++ b/extensions/package-manager/composer.json
@@ -23,7 +23,7 @@
     },
     "require": {
         "flarum/core": "^1.8",
-        "composer/composer": "^2.3"
+        "composer/composer": "^2.7"
     },
     "require-dev": {
         "flarum/testing": "^1.0.0",