Hi,

I missed this announcement, looking specifically for composer again.

If I make the effort of bumping to newest version, is this something that would be re-added to the tree?

I note there were active security vulnerabilities under very specific conditions (composer.phar is exposed via http).

Or should I rather just deploy this into a local overlay?

Kind regards,
Jaco

On 2024/06/21 19:20, Arthur Zamarin wrote:

# Arthur Zamarin <arthurzam@gentoo.org> (2024-06-21)
# Last dev-php/* EAPI=6 packages, and reverse dependencies of them.
# composer has active security vulnerabilities. Others are waiting
# for version bumps, and unbundling of dependencies.
# Removal on 2024-07-21.  Bugs #934666.
dev-php/phpDocumentor
dev-php/phpcov
dev-php/phpdepend
dev-php/phpdocumentor-reflection-common
dev-php/phpdocumentor-reflection-docblock
dev-php/phpdocumentor-type-resolver
dev-php/stringparser_bbcode
dev-php/symfony-config
dev-php/symfony-console
dev-php/symfony-dependency-injection
dev-php/symfony-event-dispatcher
dev-php/symfony-yaml
dev-php/composer