composer (2.9.3-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/php-team/pear/composer.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/latest
Path: debian/changelog
Repo size: 37191680
Browser: https://salsa.debian.org/php-team/pear/composer
Last scan: 2025-12-30 20:31:50+00
Next scan: 2026-01-04 21:04:00+00
CI pipeline status: success

Debian changelog in Git:

composer (2.9.3-1) unstable; urgency=medium

  * Security: Fixed ANSI sequence injection [CVE-2025-67746]

  [ Jordi Boggiano ]
  * Remove requirement that a full Composer instance be passed to
    EventDispatcher (#12629)
  * Fix update --lock / update mirrors not working when locked packages
    contain vulnerabilities, fixes #12634 (#12645)
  * Retry on curl timeouts (28) (#12662)
  * Use git rev-list instead of log to avoid issues with
    log.showSignature being enabled (#12666)
  * Fix regression in showing reasons for ignoring advisories (#12668)
  * Fix no-security-blocking / COMPOSER_NO_SECURITY_BLOCKING not working
    on updates done via the install command
  * Validate php-ext schema in ValidatingArrayLoader (#12694)
  * Fix support for securetransport + libressl
  * Release 2.9.3

  [ ಠ_ಠ ]
  * fix crash bumping version with composer update and disabled lockfile

  [ Ilia Urvachev ]
  * fix(AuthHelper): misplaced `username` and `password` (#12667)

  [ David Prévot ]
  * Update Standards-Version to 4.7.3
  * Convert d/watch to version 5

 -- David Prévot <taffit@debian.org>  Tue, 30 Dec 2025 16:00:43 +0100

This branch is even with tag debian/2.9.3-1