As of today Private Packagist [https://packagist.com] automatically keeps track
of security vulnerabilities in your Composer project dependencies. When we
notice you are using a vulnerable version of a dependency we'll alert you either
by email, on Slack, on Microsoft Teams, or through a webhook of your own
choosing.