From 1968d6c3e89269a8f363d38cbafad92014fbb640 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Thu, 13 Nov 2025 20:23:37 +0100
Subject: [PATCH] Composer: remove roave/security-advisories suggestion

The `roave/security-advisories` package was an inventive method to block installation of known insecure versions of other dependencies (via a `conflict` annotation).

As of Composer 2.9, using the `roave/security-advisories` package for this purpose is no longer needed as Composer will now natively block installation of known insecure versions of dependencies.

And while not all contributors to this repo may be using Composer 2.9+ (yet), Composer 2.9+ **_will_** be used in CI and CI failing on Composer blocking an insecure dependency offers the same level of protection as the package previously offered.

Refs:
* https://blog.packagist.com/composer-2-9/
* https://github.com/composer/composer/releases/tag/2.9.0
---
 composer.json | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/composer.json b/composer.json
index dbaca88..87181c2 100644
--- a/composer.json
+++ b/composer.json
@@ -26,9 +26,6 @@
         "phpcompatibility/php-compatibility" : "^10.0.0@dev",
         "phpcsstandards/phpcsextra" : "^1.4.2"
     },
-    "require-dev" : {
-        "roave/security-advisories" : "dev-master"
-    },
     "config": {
         "allow-plugins": {
             "dealerdirect/phpcodesniffer-composer-installer": true