composer Composer 2.7.7 & Security Audit by Cure53 funded by Alpha-Omega Today we’re releasing Composer 2.7.7 (PHP 7.2+) and 2.2.24 (LTS for use on PHP 5.3 to 7.1) to address two security vulnerabilities as well as a number of smaller security hardening measures, please update to the new versions immediately (e.g. with
composer Composer 2.4 Release Auditing dependencies for known security vulnerabilities Staying on top of disclosed security vulnerabilities in dependencies is a constant challenge. There are many monitoring solutions created to help track the security status of your dependencies. We offer our own Private Packagist Security Monitoring [https://blog.packagist.com/security-monitoring/] to notify customers