Skip to content

Ignore PHPUnit 5.7.27 security advisory in composer.json#2004

Merged
prathmesh-stripe merged 1 commit intomasterfrom
prathmesh/ignore-phpunit-advisory
Jan 28, 2026
Merged

Ignore PHPUnit 5.7.27 security advisory in composer.json#2004
prathmesh-stripe merged 1 commit intomasterfrom
prathmesh/ignore-phpunit-advisory

Conversation

@prathmesh-stripe
Copy link
Contributor

@prathmesh-stripe prathmesh-stripe commented Jan 28, 2026

Why?

Our CI started reporting errors when installing phpunit dependency for testing.
The root cause for this was a security advisory. PHPUnit stopped supporting v5 in February 2, 2018 and since we support PHP 5.6+ we have continued using this version.

This will change in March this year when we officially drop support for some of the older PHP versions

What?

  • Ignored audit for the given security advisory in our composer.json. Since this dependency is a dev dependency that we only require for testing, this does not impact our users in any way.

See Also

https://jira.corp.stripe.com/browse/RUN_DEVSDK-2180

@prathmesh-stripe prathmesh-stripe marked this pull request as ready for review January 28, 2026 19:11
@prathmesh-stripe prathmesh-stripe requested a review from a team as a code owner January 28, 2026 19:11
@prathmesh-stripe prathmesh-stripe requested review from ramya-stripe and xavdid-stripe and removed request for a team January 28, 2026 19:11
@prathmesh-stripe prathmesh-stripe enabled auto-merge (squash) January 28, 2026 19:15
@prathmesh-stripe prathmesh-stripe merged commit 1e4fcf7 into master Jan 28, 2026
29 checks passed
@prathmesh-stripe prathmesh-stripe deleted the prathmesh/ignore-phpunit-advisory branch January 28, 2026 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments