Affected script: "install-scripts:post-install-cmd"
The script is running the phive command with the --force-accept-unsigned flag, which will force the acceptance of unsigned phar files. This can be a major security concern as it allows the execution of potentially malicious or tampered-with files. Additionally, the --trust-gpg-keys flag might lead to trusting compromised keys. It is recommended to never use these flags unless you fully trust the source of the phar files.
sitepark/github-composer-release-test's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.