valet-linux icon indicating copy to clipboard operation
valet-linux copied to clipboard
verified publisher icon cpriego

Bug: relying on abandoned package tightenco/collect

Open njames opened this issue 1 year ago • 1 comments

Basic info

Distro (Name and version) PHP Version Valet version
Ubuntu 2204 8.3.10 2.3.10
  • [x] I've checked the issue queue and could not find anything similar to my bug.
  • [x] I'm on the latest version of valet-linux (valet --version): <Valet-Linux-Version>
  • [ ] I've run valet fix and valet install after updating and before submitting my issue/feature.

What is the problem? when updating my composer global I got this error that tightenco/collect was deprecated. I tried to remove it but a package depended on it

Changed current directory to /home/nigeljames/.config/composer
cpriego/valet-linux v2.3.10   requires  tightenco/collect (~5.3|^6.0|^7.0|^8.0|^9.0)

What was supposed to happen? No error

What actually happened? see above

How to reproduce this?

  1. composer global update Package tightenco/collect is abandoned, you should avoid using it. Use illuminate/collections instead.

What is the solution? replace with illuminate/collections

Sources All sources related to the bug. If the bug uses external tools like PHP extensions it should at least contain a link to the tool. Any other media which proves helpful can be included here.

njames avatar Aug 22 '24 06:08 njames

If I get past my current work queue I will attempt a PR but for now I wanted it registered as an issue.

njames avatar Aug 22 '24 06:08 njames

+-------------------+----------------------------------------------------------------------------------+ | Package | nategood/httpful | | Severity | medium | | CVE | NO CVE | | Title | Insecure HTTPS Connections due to Missing Default Certificate Validation | | URL | https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb | | Affected versions | <0.2.0|>=0.2.0,<0.3.0|>=0.3.0,<1.0.0 | +-------------------+----------------------------------------------------------------------------------+ Found 1 abandoned package: +-------------------+----------------------------------------------------------------------------------+ | Abandoned Package | Suggested Replacement | +-------------------+----------------------------------------------------------------------------------+ | tightenco/collect | illuminate/collections | +-------------------+----------------------------------------------------------------------------------+

prpanto avatar Sep 21 '24 17:09 prpanto