Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
Summary
GitHub Actions issued a GitHub_TOKEN disclosure in Composer's logs due to a regex validation bug in Composer's IO::loadConfiguration(). The advisory GHSA-f9f8-rm49-7jv2 explains that new GitHub Actions tokens containing a hyphen can be leaked when validation errors are logged. The report lists affected versions, patched releases, and CVE-2026-45793, and it highlights the risk of token leakage through error messages in CI/CD workflows.