sprankhub
commented
2 weeks ago This fixes https://symfony.com/cve-2024-51736.
Closed sprankhub closed 2 weeks ago
sprankhub
commented
2 weeks ago This fixes https://symfony.com/cve-2024-51736.
private-packagist[bot]
commented
2 weeks ago | Package | Operation | From | To | About |
|---|---|---|---|---|
| symfony/process | upgrade | v5.4.8 :warning: | v5.4.46 :white_check_mark: | diff |
Settings · Docs · Powered by Private Packagist
sprankhub
commented
2 weeks ago Told ya so, @private-packagist :joy:
convenient
commented
2 weeks ago RE: the failing tests
Problem 1
- symfony/process is locked to version v6.4.14 and an update of this package was not requested.
- symfony/process v6.4.14 requires php >=8.1 -> your php version (7.4.29) does not satisfy that requirement.
Problem 2
- symfony/process v6.4.14 requires php >=8.1 -> your php version (7.4.29) does not satisfy that requirement.
- friendsofphp/php-cs-fixer v3.4.0 requires symfony/process ^4.4.20 || ^5.0 || ^6.0 -> satisfiable by symfony/process[v6.4.14].
- friendsofphp/php-cs-fixer is locked to version v3.4.0 and an update of this package was not requested.@tr33m4n at this point i may be inclined to say that anyone who is on the 2.3 series of Magento will have to use an older version of the tool, as they will have more security issues to be dealing with than CVE-2024-51736. In which case maybe simply turning off the m23 tests in the .travis.yml may be sufficient. Thoughts?
hostep
commented
2 weeks ago Can't we upgrade to symfony/process 5.4.46, which comes with the same security fix?
private-packagist[bot]
commented
2 weeks ago The composer.lock diff comment has been updated to reflect new changes in this PR.
sprankhub
commented
2 weeks ago Yeah, done that now.
convenient
commented
2 weeks ago much better recommendation thanks @hostep
Checklist