These are all security issues fixed in the php-composer-1.10.22-2.2 package on the GA media of openSUSE Tumbleweed.
{ "binaries": [ { "php-composer": "1.10.22-2.2" } ] }