vulnerabilities in composer dependencies

ugh, composer.

There are 3 composer security advisories affecting our repositories.

swiftmailer/swiftmailer (CVE-2024-28859)

Deserialization Gadget chain in Swift Mailer
details

Affected repositories (1)

mediawiki/extensions/SwiftMailer

symfony/http-foundation (CVE-2024-50345)

CVE-2024-50345: Open redirect via browser-sanitized URLs
details

Affected repositories (1)

🗄mediawiki/extensions/DonationInterface

phpoffice/phpspreadsheet (CVE-2025-54370)

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
details

Affected repositories (1)

mediawiki/extensions/DataTransfer

Source code is licensed under the AGPL.