Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory instead message on installation
#157
Comments
|
I think this is an issue in upstream dependency: |
|
Thanks for the report. This is a very minor issue, and you can safely ignore this, as it will never pose a security issue - interface only packages can't have security issues in them. I imagine this will eventually be fixed, maybe in the next few months. I've created a PR upstream for them to review: KnpLabs/php-github-api#1134. |
Thank you! It's more of an issue in CI/CD pipelines which use security scanning. It's not always easy to add exceptions because of compliance reasons. |
acrobat
added a commit
to KnpLabs/php-github-api
that referenced
this issue
Mar 19, 2024
This PR was merged into the 3.13-dev branch. Discussion ---------- Closes #1127. Blocks GrahamCampbell/Laravel-GitHub#157. Commits ------- 680eea2 Allow php-http/cache-plugin v2
|
This is fixed in today's release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello. Firstly, thanks for your work on this great package.
We're getting a
Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory insteadwarning after installing it. I'm guessing it's because of one of the dependencies. Is there any chance this could be fixed? It's causing our CI/CD security scanner's 'Outdated dependencies' check to fail.The text was updated successfully, but these errors were encountered: