We are currently seeing the following in Terminal after running composer update on systems running Composer ^2.4.
Looks like Commerce 3 runs DOMPDF 1.x and only Commerce 4 is on the ^2.x branch?
Unsure how much of a genuine issue this is but wanted to flag it for review because "security vulnerabilities" and sites that take money aren't a confidence inspiring combination. Especially if one is an "SSR forgery" and another is "remote file inclusion".
What happened?
We are currently seeing the following in Terminal after running
composer update
on systems running Composer ^2.4. Looks like Commerce 3 runs DOMPDF 1.x and only Commerce 4 is on the ^2.x branch?Unsure how much of a genuine issue this is but wanted to flag it for review because "security vulnerabilities" and sites that take money aren't a confidence inspiring combination. Especially if one is an "SSR forgery" and another is "remote file inclusion".
Craft CMS version
3.8.8
Craft Commerce version
3.4.20.1
PHP version
7.4
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
No response