DeepDiver1975
commented
2 years ago @eropple allow me to ping you on this PR as you are the one who touched composer.* last
THX
Closed DeepDiver1975 closed 2 years ago
DeepDiver1975
commented
2 years ago @eropple allow me to ping you on this PR as you are the one who touched composer.* last
THX
jsanford8
commented
2 years ago Hi @DeepDiver1975 - thank you for the PR here! We're actually in the process of using another service (used across Mux) for dependency management and monitoring, so in lieu of that work, I'm going to close out this PR. We'll work to get that in as soon as we can, and thanks again!
DeepDiver1975
commented
2 years ago @jsanford8 THX for your feedback - any chance to get the dependencies updated - kind of asap aka now ;-)
guzzle http is pinned to 7.4.2 which has vulnerabilities refs https://packagist.org/packages/guzzlehttp/guzzle/advisories?version=6078636
THX a lot
jsanford8
commented
2 years ago Absolutely. We'll try to get this out this week or early next week, sorry for the inconvenience!
jaredsmith
commented
2 years ago Can you please try the latest 3.7.0 release (just released this afternoon), and let me know if that fixes things for you in the short term?
DeepDiver1975
commented
2 years ago Can you please try the latest 3.7.0 release (just released this afternoon), and let me know if that fixes things for you in the short term?
sure - once it is available on https://packagist.org/packages/muxinc/mux-php
DeepDiver1975
commented
2 years ago Looks good - THX a lot! :+1:
See in my fork how dependabot updates dependencies - especially the guzzle update is critical ...
THX