Security advisory: Composer 2.9.8 and 2.2.28 (LTS) fix a vulnerability that lead Composer to leak GitHub Actions GITHUB_TOKENs and GitHub App installation tokens into job logs.GitHub's new ghs_<id>_<JWT> token format fails Composer's validation regex; the rejected token is printed into the error message and secret masking does not reliably catch it.Update now or disable affected Actions workflows.https://blog.packagist.com/composer-2-9-8-and-2-2-28-fix-github-actions-token-disclosure-in-error-messages/
P