vulnerabilities in composer dependencies

ugh, composer.

There are 7 composer security advisories affecting our repositories.

phpmailer/phpmailer (CVE-2018-19296)

Object injection

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

symfony/http-foundation (CVE-2018-11386)

CVE-2018-11386: Denial of service when using PDOSessionHandler

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

symfony/http-foundation (CVE-2018-14773)

CVE-2018-14773: Remove support for legacy and risky HTTP headers

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

symfony/http-foundation (CVE-2019-10913)

CVE-2019-10913: Reject invalid HTTP method overrides

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

symfony/http-foundation (CVE-2019-18888)

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

symfony/polyfill-php55 (CVE-2013-5958)

Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

twig/twig (CVE-2019-9942)

Sandbox Information Disclosure

Affected repositories (1)

• mediawiki/extensions/FundraisingEmailUnsubscribe

Source code is licensed under the AGPL.