Roave / SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
MIT License
2.72k stars 105 forks source link

Conflict with silverstripe/admin #85

Closed rosiemck closed 2 years ago

rosiemck commented 2 years ago
Ocramius commented 2 years ago

The issue is with https://github.com/advisories/GHSA-j66h-cc96-c32q

I suggest reaching out to who reported that

dizzystuff commented 2 years ago

Hi this has targeted the wrong package. silverstripe/admin is in version 1.x, whereas it appears that silverstripe/framework <4.8.1 was the intended target. The related update/commit now completely prevents the installation of any version of modern SilverStripe. Please advise whether a PR is the best way for me to submit a fix for this, or some alternate method.

Ocramius commented 2 years ago

Heyo,

this package only replicates what is announced on the github advisories: you will need to request an edit on https://github.com/advisories/GHSA-j66h-cc96-c32q

dizzystuff commented 2 years ago

Ok thanks