vulnerabilities in composer dependencies

ugh, composer.

There are 3 composer security advisories affecting our repositories.

twig/twig (CVE-2022-39261)

Possibility to load a template outside a configured directory when using the filesystem loader

Affected repositories (1)

• mediawiki/extensions/FundraisingEmailUnsubscribe

firebase/php-jwt (CVE-2021-46743)

Key/algorithm type confusion

Affected repositories (3)

• 🗄mediawiki/extensions/CheckUser
• 🗄mediawiki/extensions/ContentTranslation
• 🗄mediawiki/extensions/OAuth

swiftmailer/swiftmailer (CVE-2024-28859)

Deserialization Gadget chain in Swift Mailer

Affected repositories (1)

• mediawiki/extensions/SwiftMailer

Source code is licensed under the AGPL.