Vulnerable Dependency found #1138
I have run the
symfony check:security program today on the most recent
develop branch and it found the following vulnerable dependency used by kbin:
Symfony Security Check Report ============================= 1 package has known vulnerabilities. symfony/ux-autocomplete (v2.10.0) --------------------------------- * [CVE-2023-41336]: symfony/ux-autocomplete Prevent injection of invalid entity ids for "autocomplete" fields [CVE-2023-41336]: https://github.com/symfony/ux-autocomplete/security/advisories/GHSA-4cpv-669c-r79x Note that this checker can only detect vulnerabilities that are referenced in the security advisories database. Execute this command regularly to check the newly discovered vulnerabilities.
We maybe able to fix this by upgrading this dependency to v2.11.2
Thanks, I'll take care of it on Monday.
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?