Closed Jimbolino closed 1 year ago
To some extent: this package will implicitly aid composer update
in picking secure dependency ranges.
As for composer require --dry-run roave/security-advisories
, I'd say that composer audit
gives you much better ergonomics.
Note: regardless of what the community will pick, this package will stay maintained long-term.
I recently noticed all my
composer update
started to give a message:No security vulnerability advisories found
After reading some documentation about it: https://php.watch/articles/composer-audit
Since this repo also uses the same FriendsOfPHP/security-advisories source, is it still really relevant ?