Bump composer/composer from 2.9.3 to 2.9.5

[dependabot]

Bumps composer/composer from 2.9.3 to 2.9.5.

Release notes

Sourced from composer/composer's releases.

2.9.5

• Added support for new pie download-url-methods (#12727)
• Fixed detection of 7z when installed as 7za on some linux systems (#12731)
• Fixed warning because of the symfony/process CVE, 2.9.4 had a workaround already

Full Changelog: composer/composer@2.9.4...2.9.5

2.9.4

• Added active plugins to the diagnose command output (#12706)
• Fixed HTTP/3 causing issues with proxies (#12699)
• Fixed show command regression with long descriptions containing unicode characters (#12704)
• Fixed regression handling invalid unicode sequences in output (#12707)
• Fixed git rev-list usages to support older pre-2.33 git versions (#12705)
• Fixed issue handling paths with = in them on Windows (#12726)

Full Changelog: composer/composer@2.9.3...2.9.4

Changelog

Sourced from composer/composer's changelog.

[2.9.5] 2026-01-29

• Added support for new pie download-url-methods (#12727)
• Fixed detection of 7z when installed as 7za on some linux systems (#12731)
• Fixed warning because of the symfony/process CVE, 2.9.4 had a workaround already

[2.9.4] 2026-01-22

• Added active plugins to the diagnose command output (#12706)
• Fixed HTTP/3 causing issues with proxies (#12699)
• Fixed show command regression with long descriptions containing unicode characters (#12704)
• Fixed regression handling invalid unicode sequences in output (#12707)
• Fixed git rev-list usages to support older pre-2.33 git versions (#12705)
• Fixed issue handling paths with = in them on Windows (#12726)

Commits

• 72a8f8e Release 2.9.5
• 6b54088 Update changelog
• 3f0976b Update baseline
• 5b44d62 Fix detection of 7z when it is installed as 7za
• 4c49f46 Bump actions/attest-build-provenance from 3.1.0 to 3.2.0 (#12728)
• e602232 Bump actions/checkout from 6.0.1 to 6.0.2 (#12729)
• 06c273b Add support for PIE list of download-url-methods (#12727)
• 9861166 Update symfony/process to fix #12726
• 2102496 Revert "Work around issue with msys/rmdir on windows (#12726)"
• defa1bb Add info about downloading using gh util
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like composer/composer is up-to-date now, so this is no longer needed.