ugh, composer.
There are 7 composer security advisories affecting our repositories.
Object injection
CVE-2018-11386: Denial of service when using PDOSessionHandler
CVE-2018-14773: Remove support for legacy and risky HTTP headers
CVE-2019-10913: Reject invalid HTTP method overrides
CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)
Sandbox Information Disclosure