Roave Security Advisories
A message to Russian 🇷🇺 people
If you currently live in Russia, please read this message.
Purpose
This package ensures that your application doesn’t have installed dependencies with known security vulnerabilities.
following commands will fail:
composer require symfony/symfony:2.5.2 composer require zendframework/zendframework:2.3.1 “`
The checks are only executed when adding a new dependency via composer require
or when running composer update
:
deploying an application with a valid composer.lock
and via composer install
won’t trigger any security versions
checking.
You can manually trigger a version check by using the
--dry-run
switch on an update while not doing anything. Runningcomposer update --dry-run roave/security-advisories
is an effective way to manually trigger a security version check.
Sources
This package extracts information about existing security issues in various composer projects from the FriendsOfPHP/security-advisories repository and the GitHub Advisory Database.