如何在“php bin / console security：check”之后更新

Symfony write on how to check for security updates: https://symfony.com/doc/current/security/security_checker.html and it works, in Akeneo it shows me one vulnerability. But how to update? I tried ../composer.phar update and ../composer.phar update symfony/symfony but unfortunately the vulnerability is still there when I check again. (https://github.com/akeneo/pim-community-dev/issues/7146)

/var/www/html/akeneo/pim-community-standard# ../composer.phar why dompdf/dompdf:0.6.1
Do not run Composer as root/super user! See https://getcomposer.org/root for details
akeneo/pim-community-dev  v2.0.6  requires  dompdf/dompdf (0.6.1)


/var/www/html/akeneo/pim-community-standard# ../composer.phar why-not dompdf/dompdf:0.6.2
Do not run Composer as root/super user! See https://getcomposer.org/root for details
akeneo/pim-community-dev  v2.0.6  requires  dompdf/dompdf (0.6.1)

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

3条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douduocuima61392 2017-11-14 09:27
关注
The security check complains about the package dompdf/dompdf being outdated. So you have to find out which dependency is responsible for this package being installed. You can use composer for this:

composer why dompdf/dompdf

Once you find out why it's installed you can either check if you can update that dependency to a version supporting/requiring a newer dompdf version or if you installed it by requiring it yourself just update it.

Alternatively you can also ask composer why it won't install a new version by using:

composer why-not dompdf/dompdf "^0.8"

If you can't update whatever dependency depends on the outdated dompdf version you might have to resort to either create a PR in that project for a newer version or forking the project and updating the composer.json yourself (not recommended though, because of the additional work of keeping it up to date).

edit: It looks like akeneo itself is responsible for pinning the version as you can see in the repo: https://github.com/akeneo/pim-community-dev/blob/2.0/composer.json#L41

Maybe you can create a PR updating the composer.json and maybe loosening the version restriction for dompdf.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(2条)

报告相同问题？

关注问题

如何在“php bin / console security：check”之后更新 php symfony
2017-11-14 08:27

回答 3 已采纳 The security check complains about the package dompdf/dompdf being outdated. So you have to find o
/usr/bin/yum: /usr/bin/python2.6: bad interpreter python
2015-12-19 07:01

回答 1 已采纳这个意思就是说，你的yum的版本不支持python2.6，所以你得把yum的python执行版本调成与你yum版本兼容的python版本，或者你的是yum更新了，而python太落伍的了！
构建docker镜像 /bin/sh apt-get not found docker ubuntu 运维
2022-04-16 22:34

回答 1 已采纳因为你修改了PATH的值在 /usr/local 中找不到的apt get你应该这样使用。ENV PATH="/usr/local:${PATH}"
Nacos启动报错解决：which: no javac in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin)
2020-04-14 17:52

非著名运维的博客报错信息： [root@localhost bin]# bash startup.sh -...which: no javac in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) readlink: 缺少操作数 Try 'readlink --help' for more information. d...
SLAM编译过程中报错,/usr/bin/ld: 找不到 -lEigen3::Eigen c++ 有问必答
2022-03-07 16:59

回答 1 已采纳 Eigen库不同于一般的库，它只有头文件，没有.so和 .a那样的二进制库文件哪来的libEigen.so需要你-l ? CMakeLists.txt中添加 find_packa
hadoop读取hdfs文件：No such file or directory: `hdfs://localhost:9000/user/hadoop' hadoop hdfs spark
2022-10-09 17:22

回答 1 已采纳可以考虑换个目录试一下比如：hdfs dfs -put /usr/local/spark/README.MD /
php bin / console symfony命令给出致命错误 php symfony
2016-06-24 17:51

回答 1 已采纳 After hours of looking for solutions I checked the php packages that I had installed and realized
symfony4 安装和创建项目[2019]
2019-08-15 19:22

北溟の魚的博客 │ │ ├── security . yaml │ │ ├── sensio_ framework_extra . yaml │ │ ├── swiftmailer . yaml │ │ ├── translation . yaml │ │ ├── twig . yaml │ │ └── validator . yaml │ ├─...
/usr/bin/ld: 找不到 -lLLVM linux 测试工具
2022-12-09 10:20

回答 5 已采纳报错信息表明在编译程序时，编译器找不到libLLVM.so这个库文件。这可能是由于安装LLVM时出现了问题，导致该库文件没有安装到正确的位置。要解决这个问题，可以尝试以下方法：重新安装LLVM：首
Debian - / usr / bin / env：'php '：没有这样的文件或目录 debian docker php
2018-04-12 10:33

回答 1 已采纳 You should convert the file with UNIX new line convention. You have a DOS file, which has the ext
docker-php-ext-install: command not found php
2019-04-30 22:59

回答 1 已采纳你没有安装docker的php扩展重新安装下php https://blog.csdn.net/qw_xingzhe/article/details/80179094
Symfony 常用命令汇总
2017-05-10 15:41

行天游龙的博客安全漏洞检测：php bin/console security:check 开发环境：/app_dev.php/ 调试时需注释 $kernel->loadClassCache() || 正式环境：/app.php/(默认不加) 清除 Symfony 缓存：php bin/console cache:clear --env...
sh: /home/jia/下载/SPD3-numpy/env/bin/activate: 权限不够 python 有问必答
2021-05-27 16:25

回答 3 已采纳 # 没有执行权限先进行授权 sudo chmod u+x /home/jia/下载/SPD3-numpy/env/bin/activate 如上
google api php client
2018-10-24 12:04

This means that we will address critical bugs and security issues but will not add any new features. ## Google Cloud Platform For Google Cloud Platform APIs such as Datastore, Cloud Storage or Pub/...
weblogic系列漏洞整理 -———— 2、weblogic弱口令
2018-11-01 10:34

FLy_鹏程万里的博客 weblogic常用的后台登录弱口令 WebLogic后台登陆地址: http://192.168.11.178:7001/console/login/LoginForm.jsp 测试思路登陆weblogic后台看到后台地址登陆并无限制（验证码或登录认证次数...可以看...
<BEA-090870> [Security:099060]The URL specified<BEA-000362>
2014-03-26 09:52

rocklei123的博客 To enable this check, specify -Dweblogic.security.a llowCryptoJDefaultJCEVerification=true> 上午10时22分44秒 CST> <Info> <Security> <BEA-090906> Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. ...
LAMPSECURITY: CTF6 内网拿到root 20211226
2021-12-26 21:43

32进制的博客 =PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3268: /css/: Directory indexing found....
没有解决我的问题, 去提问

悬赏问题

¥20 matlab yalmip kkt 双层优化问题
¥15 如何在3D高斯飞溅的渲染的场景中获得一个可控的旋转物体
¥88 实在没有想法，需要个思路
¥15 MATLAB报错输入参数太多
¥15 python中合并修改日期相同的CSV文件并按照修改日期的名字命名文件
¥15 有赏，i卡绘世画不出
¥15 如何用stata画出文献中常见的安慰剂检验图
¥15 c语言链表结构体数据插入
¥40 使用MATLAB解答线性代数问题
¥15 COCOS的问题COCOS的问题

如何在“php bin / console security：check”之后更新

3条回答 默认 最新

悬赏问题

3条回答默认最新