ugh, composer.
There are 10 composer security advisories affecting our repositories.
Deserialization Gadget chain in Swift Mailer
Possible sandbox bypass when using a source policy
Sandbox does not protect against resource exhaustion
The `spaceless` filter implicitly marks its output as safe
PHP code injection via `{% use %}` template name
`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name
Sandbox property allowlist bypass via the `column` filter (array_column on objects)
`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)
XSS in profiler HtmlDumper via unescaped template and profile names
Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points