{"id":13462534,"url":"https://github.com/Roave/SecurityAdvisories","last_synced_at":"2025-03-25T01:32:17.318Z","repository":{"id":22875458,"uuid":"26223397","full_name":"Roave/SecurityAdvisories","owner":"Roave","description":":closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily","archived":false,"fork":false,"pushed_at":"2025-03-18T11:05:05.000Z","size":913,"stargazers_count":2763,"open_issues_count":1,"forks_count":108,"subscribers_count":75,"default_branch":"latest","last_synced_at":"2025-03-18T15:13:19.058Z","etag":null,"topics":["composer","infosec","php","security-advisories","security-vulnerabilities","security-vulnerability"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Roave.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["Ocramius"],"tidelift":"packagist/roave/security-advisories"}},"created_at":"2014-11-05T14:34:26.000Z","updated_at":"2025-03-18T11:05:09.000Z","dependencies_parsed_at":"2023-12-18T23:09:45.986Z","dependency_job_id":"f72d68b2-bc26-4cb6-9ad6-0e4758235868","html_url":"https://github.com/Roave/SecurityAdvisories","commit_stats":{"total_commits":1685,"total_committers":13,"mean_commits":129.6153846153846,"dds":0.00949554896142435,"last_synced_commit":"3076981ea708db9685cd16fa83f919cc0bd2cd65"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Roave%2FSecurityAdvisories","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Roave%2FSecurityAdvisories/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Roave%2FSecurityAdvisories/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Roave%2FSecurityAdvisories/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Roave","download_url":"https://codeload.github.com/Roave/SecurityAdvisories/tar.gz/refs/heads/latest","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245382186,"owners_count":20606166,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["composer","infosec","php","security-advisories","security-vulnerabilities","security-vulnerability"],"created_at":"2024-07-31T12:00:51.121Z","updated_at":"2025-03-25T01:32:17.068Z","avatar_url":"https://github.com/Roave.png","language":null,"funding_links":["https://github.com/sponsors/Ocramius","https://tidelift.com/funding/github/packagist/roave/security-advisories","https://tidelift.com/subscription/pkg/packagist-roave-security-advisories?utm_source=packagist-roave-security-advisories\u0026utm_medium=referral\u0026utm_campaign=enterprise\u0026utm_term=repo"],"categories":["Uncategorized","Others","Standalone","Vulnerabilities and Security Advisories","Others (1002)","Table of Contents"],"sub_categories":["Uncategorized","Bugs finders","Security","Globalization"],"readme":"# Roave Security Advisories\n\n## A message to Russian 🇷🇺 people\n\nIf you currently live in Russia, please read [this message](./ToRussianPeople.md).\n\n[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md)\n\n## Help Palestine 🇵🇸\n\n[![ReadMeSupportPalestine](https://raw.githubusercontent.com/Safouene1/support-palestine-banner/master/banner-support.svg)](https://github.com/TheBSD/StandWithPalestine/blob/main/docs/README.md)\n\n### Purpose\n\n[![Hourly build](https://github.com/Roave/SecurityAdvisoriesBuilder/workflows/Hourly%20build/badge.svg?branch=latest)](https://github.com/Roave/SecurityAdvisoriesBuilder/actions?query=workflow%3A%22Hourly+build%22)\n[![Downloads](https://img.shields.io/packagist/dt/roave/security-advisories.svg)](https://packagist.org/packages/roave/security-advisories)\n\nThis package ensures that your application doesn't have installed dependencies with known security vulnerabilities.\n\n## Installation\n\n```sh\ncomposer require --dev roave/security-advisories:dev-latest\n```\n\n## Usage\n\nThis package does not provide any API or usable classes: its only purpose is to prevent installation of software\nwith known and documented security issues.\nSimply add `\"roave/security-advisories\": \"dev-latest\"` to your `composer.json` `\"require-dev\"` section and you will\nnot be able to harm yourself with software with known security vulnerabilities.\n\nFor example, try following:\n\n```sh\ncomposer require --dev roave/security-advisories:dev-latest\n# following commands will fail:\ncomposer require symfony/symfony:2.5.2\ncomposer require zendframework/zendframework:2.3.1 \n```\n\nThe checks are only executed when adding a new dependency via `composer require` or when running `composer update`:\ndeploying an application with a valid `composer.lock` and via `composer install` won't trigger any security versions\nchecking.\n\n \u003e You can manually trigger a version check by using the `--dry-run` switch on an update while not doing anything. Running `composer update --dry-run roave/security-advisories` is an effective way to manually trigger a security version check.\n\n## roave/security-advisories for enterprise\n\nAvailable as part of the Tidelift Subscription.\n\nThe maintainers of roave/security-advisories and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more](https://tidelift.com/subscription/pkg/packagist-roave-security-advisories?utm_source=packagist-roave-security-advisories\u0026utm_medium=referral\u0026utm_campaign=enterprise\u0026utm_term=repo).\n\nYou can also contact us at team@roave.com for looking into security issues in your own project.\n\n## Stability\n\nThis package can only be required in its `dev-latest` version: there will never be stable/tagged versions because of\nthe nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a \nspecific tagged version of the package would not make any sense.\n\nThis package is therefore only suited for installation in the root of your deployable project.\n\n## Sources\n\nThis package extracts information about existing security issues in various composer projects from \nthe [FriendsOfPHP/security-advisories](https://github.com/FriendsOfPHP/security-advisories) repository and the [GitHub Advisory Database](https://github.com/advisories?query=ecosystem%3Acomposer).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRoave%2FSecurityAdvisories","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRoave%2FSecurityAdvisories","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRoave%2FSecurityAdvisories/lists"}