Livewire version conflicts upgrade without security issue

[yepzy]

Hi,

I'm using your package to prevent security issue. But with the commit https://github.com/Roave/SecurityAdvisories/commit/b44b25cbb6c9933966ba3177df1511b0978055aa I can't deploy because it requires to upgrade the livewire/livewire package to the version 3.0.4, but I'm using the 2.5.6 version it's a major version.

As I read the commit, it mentions https://github.com/FriendsOfPHP/security-advisories/commit/e14352c9f2dfa2bfc7cbf7b9f255b497925d9cc9 where there isn't security issue on livewire/livewire, also there isn't new file with information of a security issue on https://github.com/FriendsOfPHP/security-advisories/tree/master/livewire/livewire that require version greater than 3.0.4.

[Ocramius]

See https://github.com/advisories/GHSA-2cjh-75gp-34gc

[Treggats]

Reading the GHSA it looks like it only pertains to livewire v3 as it references a commit on that version tag.

If that's the case, then the <3.0.4 is too broad and should exclude v2 of the livewire package.

[Ocramius]

That requires adjusting the advisory: this package will update itself accordingly once that's done :+1: