Locally installed composer had not been checked
Closed this issue · 1 comments
adriansuter commented
Today I run the local php security checker inside a project - bam - no vulnerabilities found. Perfect.
But the locally installed composer version is 2.0.14
- it seems that the binary did not detect CVE-2021-41116.
Would it be difficult to check composer itself? Or is that out of scope?
fabpot commented
I would say that this is out of the scope of this utility which is about checking project dependencies indepently of your local tools (Component, PHP? ...).