Depend on enlightn/security-checker once again

.circleci/config.yml

@@ -18,9 +18,8 @@ test_74_steps: &test74steps
   steps:
     - checkout
     - run: cp .docker/zz-php.ini /usr/local/etc/php/conf.d/
-    - run: composer -n require enlightn/security-checker --no-update
-    - run: composer -n update
     - run: mkdir -p /tmp/results
+    - run: composer -n install
     - run: composer -n lint
     - run: composer -n unit -- --log-junit /tmp/results/unit.junit.xml
     - run: composer -n functional -- --log-junit /tmp/results/functional.junit.xml
@@ -34,7 +33,7 @@ test_74_steps: &test74steps
 version: 2.1
 jobs:
   # Code style test:
-  #   FAIL if code does not conform to PSR-2 conventions
+  #   FAIL if code does not conform to code style conventions
   #   PASS otherwise
   code_style:
     <<: *defaults
@@ -104,7 +103,6 @@ jobs:
       - run: cp .docker/zz-php.ini /usr/local/etc/php/conf.d/
       - run: composer -n require --dev drupal/core-recommended:9.2.8 --no-update
       - run: composer -n require symfony/polyfill-php80:"1.23 as 1.20" --no-update
-      - run: composer -n require enlightn/security-checker --no-update
       - run: php --version
       - run: composer -n update
       - run: composer -n phpunit -- --testsuite integration --filter=testInsecureDrupalPackage --stop-on-skipped

appveyor.yml

@@ -55,7 +55,6 @@ install:
   - php -r "readfile('http://getcomposer.org/installer');" | php
   #Install dependencies via Composer
   - php composer.phar install --prefer-dist -n
-  - php composer.phar require enlightn/security-checker -n
   - SET PATH=%APPVEYOR_BUILD_FOLDER%;%APPVEYOR_BUILD_FOLDER%/vendor/bin;%PATH%
   # Uncomment this and on_finish line below to enable RDP into build machine https://www.appveyor.com/docs/how-to/rdp-to-build-worker/
   # - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))

composer.json

@@ -40,6 +40,7 @@
     "consolidation/robo": "^3.0.9",
     "consolidation/site-alias": "^3.1.3",
     "consolidation/site-process": "^4.1.3 || ^5",
+    "enlightn/security-checker": "^1",
     "guzzlehttp/guzzle": "^6.3 || ^7.0",
     "league/container": "^3.4 || ^4",
     "psr/log": "~1.0",
@@ -64,9 +65,6 @@
     "vlucas/phpdotenv": "^2.4",
     "yoast/phpunit-polyfills": "^0.2.0"
   },
-  "suggest": {
-    "enlightn/security-checker": "Required to use pm:security command"
-  },
   "conflict": {
     "drupal/core": "< 9.2",
     "drupal/migrate_run": "*",

src/Commands/pm/SecurityUpdateCommands.php

@@ -63,10 +63,6 @@ public static function composerLockPath(): string
      */
     public function security(array $options = ['no-dev' => false])
     {
-        if (!class_exists(SecurityChecker::class)) {
-            throw new \Exception("Enlightn\SecurityChecker not available. To use, run: composer require enlightn/security-checker");
-        }
-
         $security_advisories_composer_json = $this->fetchAdvisoryComposerJson();
         $composer_lock_data = $this->loadSiteComposerLock();
         $updates = $this->calculateSecurityUpdates($composer_lock_data, $security_advisories_composer_json, $options['no-dev']);

tests/integration/SecurityUpdatesTest.php

@@ -16,7 +16,6 @@ class SecurityUpdatesTest extends UnishIntegrationTestCase
    */
     public function testInsecureDrupalPackage()
     {
-        $this->skipIfSecurityCheckerNotAvailable();
         list($expected_package, $expected_version) = ['drupal/semver_example', '2.3.0'];
         $this->drush('pm:security', [], ['format' => 'json'], self::EXIT_ERROR_WITH_CLARITY);
         $this->assertStringContainsString('One or more of your dependencies has an outstanding security update.', $this->getErrorOutput());
@@ -41,7 +40,6 @@ public function testInsecureDrupalPackage()
      */
     public function testNoInsecureProductionDrupalPackage()
     {
-        $this->skipIfSecurityCheckerNotAvailable();
         $this->drush('pm:security', [], ['format' => 'json', 'no-dev' => true], self::EXIT_SUCCESS);
         $this->assertStringContainsString('There are no outstanding security updates for Drupal projects', $this->getErrorOutput());
     }
@@ -51,7 +49,6 @@ public function testNoInsecureProductionDrupalPackage()
      */
     public function testInsecurePhpPackage()
     {
-        $this->skipIfSecurityCheckerNotAvailable();
         $this->drush('pm:security-php', [], ['format' => 'json'], self::EXIT_ERROR_WITH_CLARITY);
         $this->assertStringContainsString('One or more of your dependencies has an outstanding security update.', $this->getErrorOutput());
         $this->assertStringContainsString('Run composer why david-garcia/phpwhois', $this->getErrorOutput());
@@ -64,18 +61,7 @@ public function testInsecurePhpPackage()
      */
     public function testNoInsecureProductionPhpPackage()
     {
-        $this->skipIfSecurityCheckerNotAvailable();
         $this->drush('pm:security-php', [], ['format' => 'json', 'no-dev' => true], self::EXIT_SUCCESS);
         $this->assertStringContainsString('There are no outstanding security updates for your dependencies.', $this->getErrorOutput());
     }
-
-    /**
-     * Mark the test skipped if we don't expect enlightn/security-checker to be available.
-     */
-    protected function skipIfSecurityCheckerNotAvailable()
-    {
-        if ($this->isDrupalGreaterThanOrEqualTo('10.0.0@dev')) {
-            $this->markTestSkipped('enlightn/security-checker not yet available for Drupal 10.');
-        }
-    }
 }