chore(php): release 2.9.3

Author: github-actions[bot]

…leased/bump-composer-base-image-cves.yml …/2.9.3/bump-composer-base-image-cves.ymlgenerators/php/sdk/changes/unreleased/bump-composer-base-image-cves.yml renamed to generators/php/sdk/changes/2.9.3/bump-composer-base-image-cves.yml generators/php/sdk/changes/unreleased/bump-composer-base-image-cves.yml renamed to generators/php/sdk/changes/2.9.3/bump-composer-base-image-cves.yml

@@ -1,4 +1,23 @@
 # yaml-language-server: $schema=../../../fern-versions-yml.schema.json
+- version: 2.9.3
+  changelogEntry:
+    - summary: |
+        Bump the php-sdk container's `composer` base image from `composer:2.7.9`
+        (Alpine 3.20, PHP 8.3.12) to `composer:2.9.7` (Alpine 3.22, current PHP),
+        addressing the Alpine 3.20 EOL alert and the PHP 8.3.12 CVEs
+        (CVE-2024-8932, CVE-2024-11236, CVE-2025-1861), and force a fresh
+        `apk upgrade` so the rebuilt image picks up the patched openssl 3.5.6-r0
+        from Alpine 3.23.4 (CVE-2026-31789).
+      type: chore
+    - summary: |
+        Bump the php-model container's `composer` base image from `composer:2.7.9`
+        (Alpine 3.20, PHP 8.3.12) to `composer:2.9.7` (Alpine 3.22, current PHP),
+        mirroring the php-sdk bump. Addresses the Alpine 3.20 EOL alert and the
+        PHP 8.3.12 CVEs (CVE-2024-8932, CVE-2024-11236, CVE-2025-1861), and
+        standardizes on `apk upgrade --no-cache --available` for cache invalidation.
+      type: chore
+  createdAt: "2026-05-08"
+  irVersion: 66
 - version: 2.9.2
   changelogEntry:
     - summary: |