Skip to content

Replace security-checker with composer audit#454

Merged
GSadee merged 1 commit into
Sylius:2.0from
vasilvestre:remove-security-checker
Apr 22, 2025
Merged

Replace security-checker with composer audit#454
GSadee merged 1 commit into
Sylius:2.0from
vasilvestre:remove-security-checker

Conversation

@vasilvestre

@vasilvestre vasilvestre commented Apr 17, 2025

Copy link
Copy Markdown
Contributor

Closes #369

@vasilvestre vasilvestre self-assigned this Apr 17, 2025
@vasilvestre
vasilvestre requested review from a team April 17, 2025 13:35
Comment thread composer.json
"cache:clear": "symfony-cmd",
"assets:install %PUBLIC_DIR%": "symfony-cmd",
"security-checker security:check": "script"
"COMPOSER_AUDIT_ABANDONED=ignore composer audit": "script"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What this line do exactly?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It reports package that are vulnerable. https://getcomposer.org/doc/03-cli.md#audit
Using the env variable allows us to ignore abandoned packages, which are NOT security issues and were security-checker behaviour.

Check the readme here to see https://github.com/fabpot/local-php-security-checker

@GSadee
GSadee merged commit b378826 into Sylius:2.0 Apr 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Remove security:checker reference in composer.json as it's no longer used

4 participants