Ocramius
commented
2 years ago No, there's no way to accept an insecure package: this package doesn't have "functionality", it's just a big exclusion map.
Closed toby-griffiths closed 2 years ago
Ocramius
commented
2 years ago No, there's no way to accept an insecure package: this package doesn't have "functionality", it's just a big exclusion map.
toby-griffiths
commented
2 years ago OK. Thanks.
toby-griffiths
commented
2 years ago Looks like they've patched the old release to address the issue.
I'm working on a legacy project that's using a compromised framework version. We're working towards upgrading it, however it's not a simple task, and because this is now conflicting with the
roave/security-advisoriespackage, we're unable to upgrade the advisories package to ensure everything else is OK, until we can upgrade the framework.Is there a way to accept 1 compromised package but still upgrade everything else?
I thought of using the inline aliases, but I'm worries that will cause other non-compatibility issues between packages, as I'd have to bump a major version to fix our current issue.