vulnerabilities in composer dependencies

ugh, composer.

There are 5 composer security advisories affecting our repositories.

twig/twig (CVE-2019-9942)

Sandbox Information Disclosure

Affected repositories (1)

• mediawiki/extensions/FundraisingEmailUnsubscribe

twig/twig (CVE-2022-39261)

Possibility to load a template outside a configured directory when using the filesystem loader

Affected repositories (1)

• mediawiki/extensions/FundraisingEmailUnsubscribe

phpseclib/phpseclib (CVE-2021-30130)

Improper Certificate Validation in phpseclib

Affected repositories (1)

• mediawiki/extensions/OpenIDConnect

phpmailer/phpmailer (CVE-2021-34551)

RCE affecting Windows hosts via UNC paths to translation files

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

phpmailer/phpmailer (CVE-2021-3603)

Untrusted code may be run from an overridden address validator

Affected repositories (1)

• 🗄mediawiki/extensions/DonationInterface

Source code is licensed under the AGPL.