vulnerabilities in composer dependencies

ugh, composer.

There are 7 composer security advisories affecting our repositories.

phpmailer/phpmailer (CVE-2018-19296)

Object injection
Affected repositories (1)

symfony/http-foundation (CVE-2018-11386)

CVE-2018-11386: Denial of service when using PDOSessionHandler
Affected repositories (1)

symfony/http-foundation (CVE-2018-14773)

CVE-2018-14773: Remove support for legacy and risky HTTP headers
Affected repositories (1)

symfony/http-foundation (CVE-2019-10913)

CVE-2019-10913: Reject invalid HTTP method overrides
Affected repositories (1)

symfony/http-foundation (CVE-2019-18888)

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser
Affected repositories (1)

symfony/polyfill-php55 (CVE-2013-5958)

Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)
Affected repositories (1)

twig/twig (CVE-2019-9942)

Sandbox Information Disclosure
Affected repositories (1)
Source code is licensed under the AGPL.