Snyk alert about master branch

Webklex / php-imap

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. The protocol is completely integrated and therefore supports IMAP IDLE operation and the "new" oAuth authentication process as well.

https://www.php-imap.com

MIT License

308 stars 145 forks source link

Snyk alert about master branch #493

Open HZ-labs opened 4 months ago

HZ-labs commented 4 months ago

We used Snyk and the master branch of php-imap.

Because in composer we have "dev-master": "1.0-dev", Snyk shows a Critical severity vulnerability.

How can we fix it?

Webklex commented 4 months ago

Hi @HZ-labs , the easiest way might be to update to the latest version, as mentioned in the Snyk report - if that isn't possible, make sure to read the advisory and don't use the Attachment::save() method.

I hope this helps :)

Best regards & happy coding,

HZ-labs commented 4 months ago

Hi, @Webklex thank you for the answer.

That is, it is normal that for the latest dev version after 5.5.0 in composer.json used:

{
...
    "extra": {
        "branch-alias": {
            "dev-master": "1.0.x-dev"
        }
    }
}

Maybe it should be 5.5.x-dev or something with version 5?