From 1645b1a7be596f099d3edd7ee574e1a8b091a3e6 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Thu, 13 Nov 2025 20:04:25 +0100
Subject: [PATCH] Composer: remove roave/security-advisories

The `roave/security-advisories` package was an inventive method to block installation of known insecure versions of other dependencies (via a `conflict` annotation).

As of Composer 2.9, using the `roave/security-advisories` package for this purpose is no longer needed as Composer will now natively block installation of known insecure versions of dependencies.

And while not all contributors to this repo may be using Composer 2.9+ (yet), Composer 2.9+ **_will_** be used in CI and CI failing on Composer blocking an insecure dependency offers the same level of protection as the package previously offered.

Refs:
* https://blog.packagist.com/composer-2-9/
* https://github.com/composer/composer/releases/tag/2.9.0
---
 composer.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/composer.json b/composer.json
index e762d59d..05b05c75 100644
--- a/composer.json
+++ b/composer.json
@@ -43,7 +43,6 @@
         "php-parallel-lint/php-console-highlighter": "^1.0.0",
         "php-parallel-lint/php-parallel-lint": "^1.3.2",
         "phpcompatibility/php-compatibility": "^9.3.5",
-        "roave/security-advisories": "dev-latest",
         "squizlabs/php_codesniffer": "^3.7.2",
         "yoast/phpunit-polyfills": "^1.0.4"
     },