:hammer: Build tools responsible for assembling https://github.com/Roave/SecurityAdvisories/blob/master/composer.json
10
stars
7
forks
source link
Validate advisory payloads, skip invalid ones, and log their output #737
Closed
Ocramius closed 1 year ago
Advisories in the Github advisory DB are getting worse and worse in quality, mostly because many sources start reporting them.
It is a good idea to start validating version ranges, and rejecting anything that isn't 100% clear.
Whilst that lowers security, it is better than not having an updated advisory compendium due to a crash while reading an advisory.
Composer validation must still pass, once
composer.jsonis fully generated.