Add Components Firewall to composer.json

RickBakkr / hetzner-notify

A bot that uses webhooks and the Hetzner Serverbörse API to notify you of new servers in the Hetzner Server Auction / Serverbörse.

27 stars 6 forks source link

Add Components Firewall to composer.json #7

Closed mishavantol closed 5 years ago

mishavantol commented 5 years ago

The firewall declares vulnerable components as conflicting and prevents their installation via Composer.
Add composer.lock
Add .gitignore

RickBakkr commented 5 years ago

Hi Misha, Thanks for contributing. Can you elaborate on why you think the roave/security-advisories package should be included? I have my doubts on whether it'd be rather useful, given the scale of this project..

Would love to hear what you think.

mishavantol commented 5 years ago

Hi Rick, It's just one of the things I usually add by default. Just three lines of code that protect you against vulnerabilities whenever you might add some new dependencies through Composer. Or if a vulnerability is found in one of the current installed packages (or one of their dependencies).