chore(deps): update dependency composer/composer to v2.9.3

[renovate]

This PR contains the following updates:

Package	Update	Change
composer/composer	patch	2.9.2 → 2.9.3

---

Release Notes

composer/composer (composer/composer)

v2.9.3

Compare Source

• Security: Fixed ANSI sequence injection (GHSA-59pp-r3rg-353g / CVE-2025-67746)
  • Fixed COMPOSER_NO_SECURITY_BLOCKING env var not being respected for updates done via the install command, and added --no-security-blocking flag to install as well (#​12677)
  • Fixed update --lock / update mirrors not working when locked packages contain vulnerabilities (#​12645)
  • Fixed client-certificate authentication implementation (#​12667)
  • Fixed php-ext schema not being validated in ValidatingArrayLoader (#​12694)
  • Fixed crash when --bump-after-update is used and the lock file is disabled (#​12660)
  • Fixed support for SecureTransport + LibreSSL on macOS (#​12615)
  • Fixed display of reasons for why advisories are ignored (#​12668)
  • Fixed compatibility issues when git has log.showSignature enabled (#​12666)
  • Fixed curl downloader not retrying when a timeout (err 28) failure occurs (#​12662)
  • Fixed EventDispatcher requiring a full Composer instance to function (#​12629)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}