Hey there,

I've been using your library within a plugin of mine https://wordpress.org/plugins/wp-user-manager/

A user of the plugin has reported that the Vaultpress triggered a "suspicious code" warning found within the library which is of course a false positive. The user has reported, that Vaultpress said:

The vulnerability was detected on this line: return $callable($factory($c), $c);

The affected file is https://github.com/htmlburger/carbon-fields/blob/master/core/Pimple/Container.php#L243

Not sure if there's anything you can do, I just wanted to report it 👍