Closed bitwombat closed 7 years ago
There is no fix: this package can only be used unbound.
On 26 Oct 2017 03:46, "Bit Wombat" notifications@github.com wrote:
I like to run composer diagnose as one of many CD health/settings checks.
It's currently all clear except for roave/security-advisories:
Checking composer.json: WARNING require.roave/security-advisories : unbound version constraints (dev-master) should be avoided Checking platform settings: OK Checking git settings: OK Checking http connectivity to packagist: OK Checking https connectivity to packagist: OK Checking github.com rate limit: OK Checking disk free space: OK Checking pubkeys: Tags Public Key Fingerprint: 57815B42 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642 Dev Public Key Fingerprint: 4AC4D767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952 OK
I'm guessing this is intentional so that we always have the latest advisories without the maintainers having to do continuous releases. However, this check erroring out stops my CD process (as it should).
Any ideas of a fix/workaround?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Roave/SecurityAdvisories/issues/39, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJakP5mYNyhSnOs8M0OdACduafmiQo8ks5sv-SSgaJpZM4QG5UW .
Continuous releases would simply not work for this package: Composer would then happily use an older release of the advisory package to be able to use another library (and then use a vulnerable version)
Closing as per clarifications above. @bitwombat please do ask if you have further doubts.
Please also see https://github.com/kalessil/phpinspectionsea/issues/615
I like to run
composer diagnose
as one of many CD health/settings checks.It's currently all clear except for roave/security-advisories:
I'm guessing this is intentional so that we always have the latest advisories without the maintainers having to do continuous releases. However, this check erroring out stops my CD process (as it should).
Any ideas of a fix/workaround?