composer update log:
For additional security you should declare the allow-plugins config with a list of packages names that are allowed to run code. See https://getcomposer.org/allow-plugins You have until July 2022 to add the setting. Composer will then switch the default behavior to disallow all plugins. Loading composer repositories with package information Info from https://repo.packagist.org: #StandWithUkraine Updating dependencies Lock file operations: 0 installs, 1 update, 0 removals - Upgrading matomo/referrer-spam-list (dev-master 980999a => dev-master 1c90329) Writing lock file Installing dependencies from lock file (including require-dev) Package operations: 0 installs, 1 update, 0 removals - Downloading matomo/referrer-spam-list (dev-master 1c90329) - Upgrading matomo/referrer-spam-list (dev-master 980999a => dev-master 1c90329): Extracting archive Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested. Generating autoload files 32 packages you are using are looking for funding. Use the `composer fund` command to find out more!