{"id":20901383,"url":"https://github.com/drupal-composer/drupal-security-advisories","last_synced_at":"2025-04-07T06:12:15.038Z","repository":{"id":37547563,"uuid":"43290249","full_name":"drupal-composer/drupal-security-advisories","owner":"drupal-composer","description":null,"archived":false,"fork":false,"pushed_at":"2024-05-22T18:43:11.000Z","size":403,"stargazers_count":51,"open_issues_count":12,"forks_count":19,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-05-22T19:51:21.543Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/drupal-composer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-09-28T08:53:19.000Z","updated_at":"2024-05-29T23:37:36.188Z","dependencies_parsed_at":"2023-12-20T19:43:15.261Z","dependency_job_id":"14f43099-f288-4efd-aeb3-2e0cf49de9a7","html_url":"https://github.com/drupal-composer/drupal-security-advisories","commit_stats":{"total_commits":65,"total_committers":4,"mean_commits":16.25,"dds":"0.15384615384615385","last_synced_commit":"02e40133533343766258b242f83ca299b735aa2d"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-composer%2Fdrupal-security-advisories","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-composer%2Fdrupal-security-advisories/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-composer%2Fdrupal-security-advisories/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/drupal-composer%2Fdrupal-security-advisories/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/drupal-composer","download_url":"https://codeload.github.com/drupal-composer/drupal-security-advisories/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247601449,"owners_count":20964864,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-18T11:30:17.706Z","updated_at":"2025-04-07T06:12:15.004Z","avatar_url":"https://github.com/drupal-composer.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Drupal Security Advisories for Composer\n\nThis package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Inspired by [Roave Security Advisories](https://github.com/Roave/SecurityAdvisories).\n\n[![Circle CI](https://circleci.com/gh/drupal-composer/drupal-security-advisories/tree/main.svg?style=svg)](https://circleci.com/gh/drupal-composer/drupal-security-advisories/tree/main)\n\n# Deprecated\n\nThe project has been discontinued. The functions have been replaced by ‘composer audit’. Read the [related drupal.org issue](https://www.drupal.org/project/project_composer/issues/3301876) for more information.\n\n## Installation\n\n### Drupal 9+ ([composer.json](https://github.com/drupal-composer/drupal-security-advisories/blob/9.x/composer.json))\n\n```sh\n~$ composer require drupal-composer/drupal-security-advisories:9.x-dev\n```\n\n### Drupal 7 ([composer.json](https://github.com/drupal-composer/drupal-security-advisories/blob/7.x/composer.json))\n\n```sh\n~$ composer require drupal-composer/drupal-security-advisories:7.x-dev\n```\n\n# Usage\n\nThis package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and documented security issues.\n\n# Stability\n\nThis package can only be required in its dev-* version: there will never be stable/tagged versions because of the nature of the problem being targeted. Security issues are in fact a moving target, and locking your project to a specific tagged version of the package would not make any sense.\n\nThis package is therefore only suited for installation in the root of your deployable project.\n\n# Handling Failures\n\nIn the rare event that a security release does not affect your project, and upgrading to latest release is undesireable, you can suppress a build failure by specifying a particular SHA project in composer.json. For example, assume that drupal/dynamic_entity_reference 8.1.0-beta2 just came out as a Security release. In order to keep using 8.1.0-beta1, you can specify the following in composer.json:\n\n```\n\"require\": {\n  \"drupal/dynamic_entity_reference\": \"dev-8.x-1.x#8713890\"\n},\n\n ```\n\nNote: that this approach opts your package out of any future security releases. You can check for future security releases with `drush pm:security` (drush9) or `drush pm-updatestatus` (drush8).\n\n# Sources\n\nThis packages gets information form Drupal.org APIs.\n\nBuild command: ```./build/build.sh```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrupal-composer%2Fdrupal-security-advisories","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdrupal-composer%2Fdrupal-security-advisories","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdrupal-composer%2Fdrupal-security-advisories/lists"}