Automatically reject packages with known security vulnerabilities
This package ensures that your application doesn't have installed dependencies with known security vulnerabilities.https://github.com/Roave/SecurityAdvisories...
The checks are only executed when adding a new dependency via
composer require
or when runningcomposer update
: deploying an application with a validcomposer.lock
and viacomposer install
won't trigger any security versions checking.
Awesome idea! It works by leveraging the "conflict"-property in the composer.json-file of the package.
What are your thoughts on "Automatically reject packages with known security vulnerabilities"?