Strengthen your PHP Composer dependencies
Posted: 2016-12-21 22:38:22 by Alasdair Keyes
For those of you that use Composer to install and manage dependencies in your PHP App, you may be interested in https://github.com/Roave/SecurityAdvisories.
When updating your dependencies, it will alert if the versions you are using contain known vulnerabilities. It's quite simple in it's operation, the composer.json file populates the conflict key with a list of package versions that are known to be insecure so composer will fail to update.
The list isn't exhaustive, but it contains a number of large packages such as Doctrine, Drupal, Zend, Symfony
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
© Alasdair Keyes
IT Consultancy Services
I'm now available for IT consultancy and software development services - Cloudee LTD.
Happy user of Digital Ocean (Affiliate link)
Version:master-4091c64dc9
