Update Drupal core to 8.4.7 via Composer. Security update; I *think* we've been lucky to get away with this so far, as we don't support self-registration which seems to be used by the so-called "drupalgeddon 2" attack that 8.4.5 was vulnerable to.

wget -q https://github.com/php/php-src/archive/php-7.1.0.tar.gz
mkdir -p ./data/php-src
tar -xzf ./php-7.1.0.tar.gz -C ./data/php-src --strip-components=1
php -n test_old/run.php --verbose --no-progress PHP7 ./data/php-src