search

imbo / behat-api-extension

API extension for Behat, used to ease testing of JSON-based APIs
MIT License
107 stars 42 forks source link

Extend support of firebase/php-jwt with version 6 branch #120

Closed pixelfantasy closed 1 year ago

pixelfantasy commented 2 years ago

Hello,

we had to update some of our packages to the latest version because of some Synk findings. Now we stumpled upon an incompatibility regarding the package composition. Would it be possible to extend your composer.json like shown below or are there any known issues with version 6 of firebase/php-jwt?

"require": {
    "firebase/php-jwt": "^5.2 || ^6.0",
}

Vulnerability details can be found here. It seems that every version below 6 has a CVSS score with 7.5 (high). https://security.snyk.io/vuln/SNYK-PHP-FIREBASEPHPJWT-2434829

jawira commented 1 year ago

Yes please, I also can't update my project's dependencies because of this. see https://github.com/imbo/behat-api-extension/pull/121

khiminrm commented 1 year ago

Hi, any updates there? Can the maintainers of the library to fix the issue? I've also faced with it one project, where I need to upgrade firebase/php-jwt, but can't due the issue :(

chris-archer-whisky commented 1 year ago

Hi, is there any update on this we also need this issue fixed.

christeredvartsen commented 1 year ago

125

pixelfantasy commented 1 year ago

Thanks for upgrading dependencies