Ocramius
commented
1 year ago @angrybrad seems like it's caused by this range: https://github.com/advisories/GHSA-3x74-v64j-qc3f
Closed angrybrad closed 1 year ago
Ocramius
commented
1 year ago @angrybrad seems like it's caused by this range: https://github.com/advisories/GHSA-3x74-v64j-qc3f
Ocramius
commented
1 year ago Note: fix the advisory accordingly, and it will be fixed here too 😁
angrybrad
commented
1 year ago @Ocramius thank you! PR fix for the GHSA here: https://github.com/github/advisory-database/pull/2443
Context here: https://github.com/craftcms/cms/issues/13336#issuecomment-1599661035
Recently all Craft 3 versions using this package have been (incorrectly) flagged as insecure. I think it's coming from the unbounded
< 4.2.1constraint at the end of https://github.com/Roave/SecurityAdvisories/blob/latest/composer.json#L94But as far as I can tell, that unbound constraint has been there for 9 months: https://github.com/Roave/SecurityAdvisories/commit/4ed8a24bbb14c02aae12f8ec386e3e2804f58198
Mainly just looking for help on how to interpret and correct what we're seeing.