You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When installing this via composer the repo's composer.lock file is included. This usually contains outdated versions, some of which have published security vulnerabilities. While this file is not used in a composer install outside of this project, it's clutter that doesn't need to be there, and if running SensioLab's vulnerability checker on all composer.lock files it will be flagged up as a false positive match.
I think it would be better to remove the composer.lock file from releases so that when someone installs via composer they do not inherit this file.
The text was updated successfully, but these errors were encountered:
When installing this via composer the repo's composer.lock file is included. This usually contains outdated versions, some of which have published security vulnerabilities. While this file is not used in a
composer installoutside of this project, it's clutter that doesn't need to be there, and if running SensioLab's vulnerability checker on all composer.lock files it will be flagged up as a false positive match.I think it would be better to remove the composer.lock file from releases so that when someone installs via composer they do not inherit this file.
The text was updated successfully, but these errors were encountered: