`birke/rememberme` is abandoned

[Rotzbua]

Problem

Used release 1.0.5 is 8 years old 2017-02-12 12:43 UTC

https://packagist.org/packages/birke/rememberme#1.0.5

This package is abandoned and no longer maintained. The author suggests using the mober/rememberme package instead.

Cause composer audit output due peer dependency:

Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | paragonie/random_compat                                                          |
| Severity          | low                                                                              |
| CVE               | NO CVE                                                                           |
| Title             | Uses insecure CSPRNG (openssl_random_pseudo_bytes())                             |
| URL               | https://github.com/paragonie/random_compat/issues/96                             |
| Affected versions | <2.0                                                                             |
| Reported at       | 2016-03-16T00:00:00+00:00                                                        |
| Advisory ID       | PKSA-cncr-q695-v65g                                                              |
+-------------------+----------------------------------------------------------------------------------+

[scott-quinlan]

We have hit this remember me bug which is triggered during refresh of the rememberme token when there is another concurrent request running.

gbirke/rememberme#27