Keep an eye on "Implement “list security advisories” Packagist/Composer API"

[mxr576]

This Drupal.org feature can make the insecure list obsolete. Let's keep an eye on it and check if there is any difference between that list and ours.

[mxr576]

So it looks like this is already live since https://www.drupal.org/project/project_composer/issues/3301876#comment-15173564...

             {
                "advisoryId": "DDQG-insecure-drupal-apigee_edge",
                "packageName": "drupal/apigee_edge",
                "affectedVersions": ">=1.0.0,<1.27.0|>=1.0.0,<1.27.0|>=2.0.0,<2.0.8",
                "title": "The installed \"2.0.7.0\" version is insecure. (Reported by Drupal Dependency Quality Gate.)",
                "cve": "DDQG-insecure-drupal-apigee_edge",
                "link": "https://www.drupal.org/project/apigee_edge",
                "reportedAt": "2023-09-22T09:09:26+00:00",
                "sources": [
                    {
                        "name": "DDQG",
                        "remoteId": "DDQG-insecure-drupal-apigee_edge"
                    }
                ]
            },
            {
                "advisoryId": "SA-CONTRIB-2023-005",
                "packageName": "drupal/apigee_edge",
                "affectedVersions": "<1.27.0 || >=2.0.0 <2.0.8",
                "title": "Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005",
                "cve": null,
                "link": "https://www.drupal.org/sa-contrib-2023-005",
                "reportedAt": "2023-02-01T16:13:42+00:00",
                "sources": [
                    {
                        "name": "Apigee Edge - Moderately critical - Access bypass - SA-CONTRIB-2023-005",
                        "remoteId": "SA-CONTRIB-2023-005"
                    }
                ]
            }
        ],