Mastodawn

▪ Also patched in legacy Composer 1.10.28 (upgrade to 2.x still recommended)

🚑 Immediate actions:
1️⃣ Run composer.phar self-update NOW
2️⃣ Can't update? Disable #GitHubActions workflows running Composer
3️⃣ Review CI logs for leaked tokens
4️⃣ Delete any log contents containing raw token values before they expire

📦 #Packagist.org is unaffected — no GitHub App involved. #PrivatePackagist applied the fix and audited logs: no tokens were exposed. Self-hosted PP is also unaffected.

Alerta! Alerta!Apr 9

Hey @packagist: Thank you so much for Conductor!

It's awesome to have dependency updates in small incremental steps during the day-to-day process and not as one huge project every half year (if at all)

#privatePackagist

packagist Sep 26, 2025

Bitbucket Cloud is retiring app passwords in favor of API tokens. If you're using Private Packagist with Bitbucket Cloud, migrate now to avoid future disruptions.

This blog post explains it step-by-step: https://blog.packagist.com/bitbucket-deprecated-app-passwords/

#php #composerphp #phpc #privatepackagist #bitbucket

Bitbucket deprecated App Passwords

Bitbucket announced that they deprecated app passwords in favor of their new API token system. This change affects organizations using Private Packagist with Bitbucket Cloud (bitbucket.org) workspace synchronizations. Bitbucket app passwords will stop working entirely on June 9th, 2026. Bitbucket's app passwords provided limited functionality and security features. API

Private Packagist