I think these are false positives as we don't use all those .lock files -but we should check & potentially do a housekeeping update
https://github.com/wikimedia/wikimedia-fundraising-crm-vendor/security/dependabot
I think these are false positives as we don't use all those .lock files -but we should check & potentially do a housekeeping update
https://github.com/wikimedia/wikimedia-fundraising-crm-vendor/security/dependabot
Reviewed! All of these are in composer.lock files in subdirectories (and in one case a package.lock version in a subdirectory). We have updated versions of the PHP libraries at the top level.