[19:47:25] <gromit>	 What would be the appropriate team to assign to https://phabricator.wikimedia.org/T416292? 
[20:06:06] <andre>	 gromit: none, as teams decide themselves what they may assign to themselves. :) Looks like t.aavi already has project tags
[20:32:21] <Reedy>	 of course the other answer is using an older version of composer ;)
[20:33:56] <Reedy>	 It's a new feature in https://github.com/composer/composer/releases/tag/2.9.0
[20:34:00] <Reedy>	 >Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
[20:34:06] <Reedy>	 Added audit > block-insecure config setting to control blocking of updates to package versions with known security advisories (defaults to true) (#11956)
[20:34:08] <Reedy>	 ffs
[20:34:11] <Reedy>	 https://github.com/composer/composer/pull/11956
[20:36:23] <taavi>	 y'all might be interested in T416518 which I just filed
[20:36:23] <stashbot>	 T416518: Disable Composer 2.9 functionality to randomly block existing configurations from working - https://phabricator.wikimedia.org/T416518
[20:37:20] <Reedy>	 while we've had some silly failures from this (and I think some of the solution is to use say ~ on phpunit versions)... blissfully ignoring security issues in bundled packages isn't great either