Ocramius
commented
1 year ago Are you perhaps looking for composer audit instead?
This package contains no scripts/tooling whatsoever: it's the sole composer.json as a raw exclusion map, and the error you get with composer update --dry-run roave/security-advisories is precisely the report explaining what went wrong.
For example:
{
"require": {
"roave/security-advisories": "dev-latest",
"laminas/laminas-diactoros": "2.1.1"
}
}I get:
f38b3d720201:/app# composer update --dry-run --ignore-platform-reqs
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].
- roave/security-advisories dev-latest conflicts with laminas/laminas-diactoros <2.11.1.
- Root composer.json requires laminas/laminas-diactoros 2.1.1 -> satisfiable by laminas/laminas-diactoros[2.1.1].There's no JSON here :)
dcakmak
I am trying to generate a sample output via
composer update --dry-run roave/security-advisories --audit-format jsonas I need to know what the JSON structure looks like. Unfortunately, I can't get it to install packages that have security vulnerabilities, since roave/security-advisories has packages with security vulnerabilities in its conflicts script. Unfortunately I also can't find any documentation regarding the JSON structure. Does anyone here have an example output that they could provide me with or a reference where I can read about it?