phpPackages.composer: 2.6.3 -> 2.6.4

Security release: To be mitigated since we are not using a publicly accessible composer.phar (GHSA-jm6m-4632-36hf / CVE-2023-43655).

Changelog: https://github.com/composer/composer/releases/tag/2.6.4
This commit is contained in:
Pol Dellaiera 2023-09-29 11:23:30 +02:00
parent 47a9fc3fb3
commit a39417a673
2 changed files with 5 additions and 5 deletions

View File

@ -14,11 +14,11 @@
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "composer-phar";
version = "2.6.3";
version = "2.6.4";
src = fetchurl {
url = "https://github.com/composer/composer/releases/download/${finalAttrs.version}/composer.phar";
hash = "sha256-5Yo5DKwN9FzPWj2VrpT6I57e2LeQf6LI91LwIDBPybE=";
hash = "sha256-Wjnz4s5bo5HuP+yyJ/ryE5D1t+1cVvFMq54cMEi8+Lg=";
};
dontUnpack = true;

View File

@ -4,13 +4,13 @@ php.buildComposerProject (finalAttrs: {
composer = callPackage ../../../build-support/php/pkgs/composer-phar.nix { };
pname = "composer";
version = "2.6.3";
version = "2.6.4";
src = fetchFromGitHub {
owner = "composer";
repo = "composer";
rev = finalAttrs.version;
hash = "sha256-yzpkdtfok22yMvRdv4jYrd8x8MgNZbSDOsg+sVl/JqE=";
hash = "sha256-o7z2GBiYjTwDQR9ZFuOOV8zsKUuGqyA52dvwTzo4hVA=";
};
nativeBuildInputs = [ makeBinaryWrapper ];
@ -20,7 +20,7 @@ php.buildComposerProject (finalAttrs: {
--prefix PATH : ${lib.makeBinPath [ _7zz cacert curl git unzip xz ]}
'';
vendorHash = "sha256-SG5RsKaP7zqJY2vjvULuNdf7w6tAGh7/dlxx2Pkfj2A=";
vendorHash = "sha256-S6LprixkLIbD+qqvg+eYjWsDe+jFl9NO1qWztWYKPXs=";
meta = {
changelog = "https://github.com/composer/composer/releases/tag/${finalAttrs.version}";