Bump sensiolabs/security-checker to ^5 for v1 and v2

bringyourownideas / silverstripe-composer-security-checker

Provides information if your SilverStripe application uses dependencies with known vulnerabilities.

https://bringyourownideas.com

BSD 3-Clause "New" or "Revised" License

9 stars 6 forks source link

Bump sensiolabs/security-checker to ^5 for v1 and v2 #45

Closed brynwhyman closed 5 years ago

brynwhyman commented 5 years ago

Contrary to #44 , the security-checker CLI too will stay open source.

With the closure of security.sensiolabs.org the endpoint used by sensiolabs/security-checker has changed to security.symfony.com in version 5 of the tool.

brynwhyman commented 5 years ago

Could be a change/major if we're bumping the dependancy to a new major?

robbieaverill commented 5 years ago

Fixed in #46

robbieaverill commented 5 years ago

@brynwhyman we don't expose any of that dependencies API as part of the public API of this package, so in essence we haven't changed any of this module's API, therefore it should be OK as a patch fix (IMO)