Roave Security Advisories

A message to Russian 🇷🇺 people

If you currently live in Russia, please read this message.

Purpose

This package ensures that your application doesn’t have installed dependencies with known security vulnerabilities.

following commands will fail:

composer require symfony/symfony:2.5.2 composer require zendframework/zendframework:2.3.1 “`

The checks are only executed when adding a new dependency via composer require or when running composer update: deploying an application with a valid composer.lock and via composer install won’t trigger any security versions checking.

You can manually trigger a version check by using the --dry-run switch on an update while not doing anything. Running composer update --dry-run roave/security-advisories is an effective way to manually trigger a security version check.

Sources

This package extracts information about existing security issues in various composer projects from the FriendsOfPHP/security-advisories repository and the GitHub Advisory Database.