Problem
composer.json has "abandoned": "ignore" in the config section, which silently suppresses Composer warnings about abandoned packages. This means if a dependency is abandoned (no longer maintained, potentially with known security issues), the development team will not be notified during composer install or composer update.
Location
composer.json, lines 64–65
Current Code
{
"config": {
"audit": {
"abandoned": "ignore"
}
}
}Proposed Fix
Change to "report" to receive warnings without blocking the install:
{
"config": {
"audit": {
"abandoned": "report"
}
}
}Or remove the setting entirely to use Composer's default behavior (which is to report).
Priority
🟡 MEDIUM — masks potentially important dependency health warnings.
Problem
composer.jsonhas"abandoned": "ignore"in theconfigsection, which silently suppresses Composer warnings about abandoned packages. This means if a dependency is abandoned (no longer maintained, potentially with known security issues), the development team will not be notified duringcomposer installorcomposer update.Location
composer.json, lines 64–65Current Code
{ "config": { "audit": { "abandoned": "ignore" } } }Proposed Fix
Change to
"report"to receive warnings without blocking the install:{ "config": { "audit": { "abandoned": "report" } } }Or remove the setting entirely to use Composer's default behavior (which is to report).
Priority
🟡 MEDIUM — masks potentially important dependency health warnings.