Security check fail with "padraic/humbug_get_contents" old version 1.0.4 #54
Comments
|
Hi, the package should be permissive enough to allow you to upgrade to So what you should do here is to update your dependencies. You can force Composer to not install those vulnerable dependencies by requiring Roave SecurityAdvisories. |
GitHub might think that, but Packagist doesn't:
@theofidry I think you might need to click "Update" on Packagist, at least? until it shows the right constraint. (Maybe the 1.0.4 tag was force-pushed on this repo?) |
|
Erf, indeed looks like there is quite a difference between the last release and master. I'll try to update that ASAP |
|
Done. Please upgrade to 1.0.5. However keep in mind that if you are stuck on PHP 5.3, this won't work. Indeed newer versions of |
|
Thanks @theofidry! |
|
@theofidry |
Hello,
I have noticed an issue recently :
The package "padraic/phar-updater" requires "padraic/humbug_get_contents" version 1.0.4 but not newest version 1.1.2, which create failure in security check.
Are you going to update package "padraic/phar-updater" for solving this issue ?
Thanks in advance.
Symfony Security Check Report
// Checked file: /my_project/apache/volume/composer.lock
[ERROR] 1 packages have known vulnerabilities.
padraic/humbug_get_contents (1.0.4)
https://github.com/humbug/file_get_contents/releases/tag/1.1.2
! [NOTE] This checker can only detect vulnerabilities that are referenced in
! the SensioLabs security advisories database. Execute this command
! regularly to check the newly discovered vulnerabilities.
Loaded config default from ".php_cs.dist".
The text was updated successfully, but these errors were encountered: