Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Something weird is happening in regards of version constraints #128

Open
SCIF opened this issue Feb 23, 2024 · 3 comments
Open

Something weird is happening in regards of version constraints #128

SCIF opened this issue Feb 23, 2024 · 3 comments

Comments

@SCIF
Copy link

SCIF commented Feb 23, 2024

Here is one of the latest commits: 3c621b0

  1. The latest CVE is https://github.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2023-50262.yaml which has a constraint <2.0.4.

  2. The message has a link to PR has nothing to do with dompdf.

Any idea?
@Ocramius
Copy link
Member

See:

Check also https://github.com/advisories for the latest updates.

@SCIF
Copy link
Author

SCIF commented Feb 23, 2024

I found next security issue but it seems like dompdf is not actually the source of the problem as they have a wide constraint allowing but not forcing the usage of affected version of phenx/php-svg-lib. Does it mean GH advisory report has mentioned dompdf incorrect so your package reflected this wrong decision as well?

@Ocramius
Copy link
Member

Sounds like it: I would bring it up there then, as this package only follows.

@sivaramkjs sivaramkjs mentioned this issue Feb 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ocramius @SCIF