your dependency robrichards/xmlseclibs has security issue

[craigh]

 % composer audit
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | robrichards/xmlseclibs                                                           |
| Severity          | medium                                                                           |
| CVE               | CVE-2025-66578                                                                   |
| Title             | robrichards/xmlseclibs has an Libxml2 Canonicalization error which can bypass    |
|                   | Digest/Signature validation                                                      |
| URL               | https://github.com/advisories/GHSA-c4cc-x928-vjw9                                |
| Affected versions | <=3.1.3                                                                          |
| Reported at       | 2025-12-08T17:57:33+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

[craigh]

I guess forcing my own local update fixed it

[craigh]

re-opening because I think you should update your composer file to conflict with older versions (<3.1.4)

[nikita-stena]

This issue shouldn't be ignored. Please update as soon as possible. I use the package, and the vulnerability reduces the security level of my project.