phpcs-security-audit may be abandoned

[danepowell]

FloeDesignTechnologies/phpcs-security-audit#78 (comment)

acquia/coding-standards-php depends on phpcs-security-audit, but according to the maintainer's comment above it may be abandoned.

If it's critical to acquia/coding-standards-php, can the team consider supporting the maintainer or that project?

If it's not critical, can we drop the dependency?

Apart from the long-term stability/security considerations of using an abandoned project, there's the immediate impact of these warnings that appear every time you do a composer install:

Deprecation Notice: Class PHPCS_SecurityAudit\Sniffs\Drupal8\CVE20132110Sniff located in ./vendor/pheromone/phpcs-security-audit/Security/Sniffs/CVE/20132110Sniff.php does not comply with psr-4 autoloading standard. It will not autoload anymore in Composer v2.0.

[TravisCarden]

Thanks, @danepowell. It's by no means critical, and it probably doesn't warrant the challenges arising from lack of maintenance at this point. I'll remove it.