php-imap icon indicating copy to clipboard operation
php-imap copied to clipboard

Published 20 hours ago verified publisher icon Webklex

Snyk alert about master branch

Open HZ-labs opened this issue 1 year ago • 2 comments

We used Snyk and the master branch of php-imap.

Because in composer we have "dev-master": "1.0-dev", Snyk shows a Critical severity vulnerability.

How can we fix it? image

HZ-labs avatar May 16 '24 08:05 HZ-labs

Hi @HZ-labs , the easiest way might be to update to the latest version, as mentioned in the Snyk report - if that isn't possible, make sure to read the advisory and don't use the Attachment::save() method.

I hope this helps :)

Best regards & happy coding,

Webklex avatar May 16 '24 12:05 Webklex

Hi, @Webklex thank you for the answer.

That is, it is normal that for the latest dev version after 5.5.0 in composer.json used:

{
...
    "extra": {
        "branch-alias": {
            "dev-master": "1.0.x-dev"
        }
    }
}

Maybe it should be 5.5.x-dev or something with version 5?

HZ-labs avatar May 16 '24 13:05 HZ-labs

Hi @HZ-labs , thanks for your patience - it's done :)

Best regards & happy coding,

Webklex avatar Jan 17 '25 21:01 Webklex