Dependency update problem

imbo / behat-api-extension

API extension for Behat, used to ease testing of JSON-based APIs

MIT License

109 stars 42 forks source link

Dependency update problem #114

Closed tigike closed 2 years ago

tigike commented 2 years ago

Hi!

I need to update the "guzzlehttp/guzzle" package, because it contains security vulnerabilities. I can't do it now, because although you have "^7.3" in "composer.json", but you have a "composer.lock" file with fixed version number "7.4.0" for "guzzlehttp/guzzle". Please remove the "composer.lock" file, or update it to allow minor and patch updates.

Thank you!

christeredvartsen commented 2 years ago

Hi @tigike,

Could you give main a go now and see if it helps? I just did a complete composer update and merged it to the main branch. Btw, if you have imbo/behat-api-extension included as a dependency, the versions locked in the composer.lock file should not be an issue.