• Security: Fixed command injection vulnerability in HgDriver/GitDriver (GHSA-x7cr-6qr6-2hh6 / CVE-2022-24828)
• Added warning when downloading a file with verify_peer[_name] disabled (#10722)
• Fixed curl downloader not retrying when a DNS resolution failure occurs (#10716)
• Fixed composer.lock file still being used/read when the lock config option is disabled (#10726)
• Fixed validate command checking the lock file even if the lock option is disabled (#10723)
• Fixed detection of default branch name when it changed since a git repo was mirrored in cache dir (#10701)