Posted: 2016-12-21 22:38:22 by Alasdair Keyes
When updating your dependencies, it will alert if the versions you are using contain known vulnerabilities. It's quite simple in it's operation, the
composer.json file populates the
conflict key with a list of package versions that are known to be insecure so composer will fail to update.
The list isn't exhaustive, but it contains a number of large packages such as Doctrine, Drupal, Zend, Symfony
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
I'm now available for IT consultancy and software development services - Cloudee LTD.
Happy user of Digital Ocean (Affiliate link)