From a39417a6732cc5d2db0579d4d01a7f1a4f48a408 Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Fri, 29 Sep 2023 11:23:30 +0200
Subject: [PATCH] phpPackages.composer: 2.6.3 -> 2.6.4

Security release: To be mitigated since we are not using a publicly accessible composer.phar (GHSA-jm6m-4632-36hf / CVE-2023-43655).

Changelog: https://github.com/composer/composer/releases/tag/2.6.4
---
 pkgs/build-support/php/pkgs/composer-phar.nix      | 4 ++--
 pkgs/development/php-packages/composer/default.nix | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkgs/build-support/php/pkgs/composer-phar.nix b/pkgs/build-support/php/pkgs/composer-phar.nix
index 3efd9098d6df..7269d3029b6b 100644
--- a/pkgs/build-support/php/pkgs/composer-phar.nix
+++ b/pkgs/build-support/php/pkgs/composer-phar.nix
@@ -14,11 +14,11 @@
 
 stdenvNoCC.mkDerivation (finalAttrs: {
   pname = "composer-phar";
-  version = "2.6.3";
+  version = "2.6.4";
 
   src = fetchurl {
     url = "https://github.com/composer/composer/releases/download/${finalAttrs.version}/composer.phar";
-    hash = "sha256-5Yo5DKwN9FzPWj2VrpT6I57e2LeQf6LI91LwIDBPybE=";
+    hash = "sha256-Wjnz4s5bo5HuP+yyJ/ryE5D1t+1cVvFMq54cMEi8+Lg=";
   };
 
   dontUnpack = true;
diff --git a/pkgs/development/php-packages/composer/default.nix b/pkgs/development/php-packages/composer/default.nix
index d4ce6fc256c3..d9d431aecccd 100644
--- a/pkgs/development/php-packages/composer/default.nix
+++ b/pkgs/development/php-packages/composer/default.nix
@@ -4,13 +4,13 @@ php.buildComposerProject (finalAttrs: {
   composer = callPackage ../../../build-support/php/pkgs/composer-phar.nix { };
 
   pname = "composer";
-  version = "2.6.3";
+  version = "2.6.4";
 
   src = fetchFromGitHub {
     owner = "composer";
     repo = "composer";
     rev = finalAttrs.version;
-    hash = "sha256-yzpkdtfok22yMvRdv4jYrd8x8MgNZbSDOsg+sVl/JqE=";
+    hash = "sha256-o7z2GBiYjTwDQR9ZFuOOV8zsKUuGqyA52dvwTzo4hVA=";
   };
 
   nativeBuildInputs = [ makeBinaryWrapper ];
@@ -20,7 +20,7 @@ php.buildComposerProject (finalAttrs: {
       --prefix PATH : ${lib.makeBinPath [ _7zz cacert curl git unzip xz ]}
   '';
 
-  vendorHash = "sha256-SG5RsKaP7zqJY2vjvULuNdf7w6tAGh7/dlxx2Pkfj2A=";
+  vendorHash = "sha256-S6LprixkLIbD+qqvg+eYjWsDe+jFl9NO1qWztWYKPXs=";
 
   meta = {
     changelog = "https://github.com/composer/composer/releases/tag/${finalAttrs.version}";