Adjust conflict string temporarily in pm:security

src/Commands/pm/SecurityUpdateCommands.php

@@ -130,7 +130,11 @@ protected function calculateSecurityUpdates($composer_lock_data, $security_advis
         $conflict = $security_advisories_composer_json['conflict'];
         foreach ($both as $package) {
             $name = $package['name'];
-            if (!empty($conflict[$name]) && Semver::satisfies($package['version'], $security_advisories_composer_json['conflict'][$name])) {
+            if (empty($conflict[$name])) {
+                continue;
+            }
+            $conflict_adjusted = $this->adjustConflict($conflict[$name], substr($package['version'], 0, 1));
+            if (Semver::satisfies($package['version'], $conflict_adjusted)) {
                 $updates[$name] = [
                     'name' => $name,
                     'version' => $package['version'],
@@ -139,4 +143,30 @@ protected function calculateSecurityUpdates($composer_lock_data, $security_advis
         }
         return $updates;
     }
+
+    /**
+     * Temporary code until https://github.com/drupal-composer/drupal-security-advisories/pull/11 is merged.
+     *
+     * @param $conflict
+     *   The raw conflict string from security advisories project.
+     * @param $major
+     *   The major version of the package that we are currently using.
+     *
+     * @return string
+     *   A new conflict string thats specific to major version of the package and uses OR operator.
+     *   For example, from drupal/jsonapi
+     *
+     *  - Input: <1.9,<1.10,<1.14,<1.16,<1.24,<2.0-rc4 and $major=1
+     *  - Output: <1.9||<1.10||<1.14||<1.16||<1.24
+     */
+    protected function adjustConflict($conflict, $major)
+    {
+        foreach (explode(',', $conflict) as $requirement) {
+            $version = ltrim($requirement, '<');
+            if (substr($version, 0, 1) == $major) {
+                $new[] = "<$version";
+            }
+        }
+        return implode('||', $new);
+    }
 }