Problem/Motivation
Follow-up for #3357247: Update guzzlehttp/psr7 dealing with https://github.com/advisories/GHSA-wxmh-65f7-jcvw
If I'm not mistaken only core-recommended constraints were updated and not core constraints.
Isn't the current policy still to also up core constraints (caret) for security updates? Meaning not just core-recommended constraints (tilde)?
Like for example when twig/twig was upped in core from ^2.15.0 to ^2.15.3 in 9.4.7. (https://git.drupalcode.org/project/drupal/-/commit/82a7d4dd3077ef16b69f2...)
I think there are more recent examples out there, but not able to give one right now.