douliao2493 2017-11-14 08:27
浏览 63
已采纳

如何在“php bin / console security:check”之后更新

Symfony write on how to check for security updates: https://symfony.com/doc/current/security/security_checker.html and it works, in Akeneo it shows me one vulnerability. But how to update? I tried ../composer.phar update and ../composer.phar update symfony/symfony but unfortunately the vulnerability is still there when I check again. (https://github.com/akeneo/pim-community-dev/issues/7146)

/var/www/html/akeneo/pim-community-standard# ../composer.phar why dompdf/dompdf:0.6.1
Do not run Composer as root/super user! See https://getcomposer.org/root for details
akeneo/pim-community-dev  v2.0.6  requires  dompdf/dompdf (0.6.1)


/var/www/html/akeneo/pim-community-standard# ../composer.phar why-not dompdf/dompdf:0.6.2
Do not run Composer as root/super user! See https://getcomposer.org/root for details
akeneo/pim-community-dev  v2.0.6  requires  dompdf/dompdf (0.6.1)  
  • 写回答

3条回答 默认 最新

  • douduocuima61392 2017-11-14 09:27
    关注

    The security check complains about the package dompdf/dompdf being outdated. So you have to find out which dependency is responsible for this package being installed. You can use composer for this:

    composer why dompdf/dompdf
    

    Once you find out why it's installed you can either check if you can update that dependency to a version supporting/requiring a newer dompdf version or if you installed it by requiring it yourself just update it.

    Alternatively you can also ask composer why it won't install a new version by using:

    composer why-not dompdf/dompdf "^0.8"
    

    If you can't update whatever dependency depends on the outdated dompdf version you might have to resort to either create a PR in that project for a newer version or forking the project and updating the composer.json yourself (not recommended though, because of the additional work of keeping it up to date).

    edit: It looks like akeneo itself is responsible for pinning the version as you can see in the repo: https://github.com/akeneo/pim-community-dev/blob/2.0/composer.json#L41

    Maybe you can create a PR updating the composer.json and maybe loosening the version restriction for dompdf.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 nslt的可用模型,或者其他可以进行推理的现有模型
  • ¥15 arduino上连sim900a实现连接mqtt服务器
  • ¥15 vncviewer7.0安装后如何正确注册License许可证,激活使用
  • ¥15 phython如何实现以下功能?查找同一用户名的消费金额合并2
  • ¥66 关于人体营养与饮食规划的线性规划模型
  • ¥15 基于深度学习的快递面单识别系统
  • ¥15 Multisim仿真设计地铁到站提醒电路
  • ¥15 怎么用一个500W电源给5台60W的电脑供电
  • ¥15 请推荐一个轻量级规则引擎,配合流程引擎使用,规则引擎负责判断出符合规则的流程引擎模板id
  • ¥15 Excel表只有年月怎么计算年龄