Replace abandoned Sensiolabs security checker #215
Conversation
https://github.com/sensiolabs/security-checker Jan 15 2021 WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 2021.
|
This PR has several advantages over #214:
|
|
Looks interesting. Composer.lock is not uploaded anywhere, am I correct? |
|
That's right @zdenekdrahos, it just looks for the lock file in the current directory. It's very similar to how the old Sensiolabs security-checker worked. |
|
Could you support
|
|
Hey @zdenekdrahos, I've added support all the way upto PHP 5.6 with enlightn/security-checker#6. We need a min of symfony/yaml 3.4 and symfony/console 3.4 for everything to work right now. Given that 5.6 was EOL in 2018, I think it's a good version to support for now. I'm open to PRs for expanding support though but this as far as I can get for now. Hope that works! |
https://github.com/EdgedesignCZ/phpqa/pull/215/checks?check_run_id=1830905399 - Package enlightn/security-checker at version has a PHP requirement incompatible with your PHP version (5.4.45) https://github.com/EdgedesignCZ/phpqa/pull/215/checks?check_run_id=1830905455 https://github.com/EdgedesignCZ/phpqa/runs/1838836954?check_suite_focus=true#step:5:130 - enlightn/security-checker v1.4 requires ext-zip * -> the requested PHP extension zip is missing from your system. https://github.com/EdgedesignCZ/phpqa/pull/215/checks?check_run_id=1830905569#step:5:316 - Conclusion: don't install symfony/dependency-injection v2.8.50 - enlightn/security-checker v1.4 requires symfony/console ^3.4|^4|^5
zdenekdrahos
force-pushed
the
master
branch
2 times, most recently
from
29e5593
to
752bbb0
Compare
This PR replaces the abandoned Sensiolabs security checker with the Enlightn security checker.