Fixes CVE-2023-43655 Composer Remote Code Execution vulnerability public composer.phar

[joelpittet]

Description

+-------------------+----------------------------------------------------------------------------------+
| Package           | composer/composer                                                                |
| CVE               | CVE-2023-43655                                                                   |
| Title             | Composer Remote Code Execution vulnerability via web-accessible composer.phar    |
| URL               | https://github.com/advisories/GHSA-jm6m-4632-36hf                                |
| Affected versions | >=2.3.0,<2.6.4|>=2.0.0,<2.2.22|<1.10.27                                          |
| Reported at       | 2023-09-29T20:39:21+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Fixes CVE-2023-43655 Composer Remote Code Execution vulnerability via web-accessible composer.phar

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Composer audit before and after fix

Checklist:

• I have read the Contributing documentation available here: https://snipe-it.readme.io/docs/contributing-overview
• I have formatted this PR according to the project guidelines: https://snipe-it.readme.io/docs/contributing-overview#pull-request-guidelines

[joelpittet]

Oh yeah that is why I didn't make these already... they bump PHP to 8.1 :(

[joelpittet]

Ok stood on my head and forced with PHP 7.4.3 platform requirement then removed that and updated the lock file... 🙃