behat-api-extension icon indicating copy to clipboard operation
behat-api-extension copied to clipboard

Published 20 hours ago verified publisher icon imbo

Extend support of firebase/php-jwt with version 6 branch

Open pixelfantasy opened this issue 1 year ago • 1 comments

Hello,

we had to update some of our packages to the latest version because of some Synk findings. Now we stumpled upon an incompatibility regarding the package composition. Would it be possible to extend your composer.json like shown below or are there any known issues with version 6 of firebase/php-jwt?

"require": {
    "firebase/php-jwt": "^5.2 || ^6.0",
}

Vulnerability details can be found here. It seems that every version below 6 has a CVSS score with 7.5 (high). https://security.snyk.io/vuln/SNYK-PHP-FIREBASEPHPJWT-2434829

pixelfantasy avatar Aug 22 '22 13:08 pixelfantasy

Yes please, I also can't update my project's dependencies because of this. see https://github.com/imbo/behat-api-extension/pull/121

jawira avatar Sep 26 '22 11:09 jawira

Hi, any updates there? Can the maintainers of the library to fix the issue? I've also faced with it one project, where I need to upgrade firebase/php-jwt, but can't due the issue :(

khiminrm avatar Nov 29 '22 13:11 khiminrm

Hi, is there any update on this we also need this issue fixed.

chris-archer-whisky avatar Dec 01 '22 14:12 chris-archer-whisky

#125

christeredvartsen avatar Mar 13 '23 10:03 christeredvartsen

Thanks for upgrading dependencies

pixelfantasy avatar Mar 15 '23 09:03 pixelfantasy