GitHub has expanded its dependency graph feature to include PHP repositories using Composer, enhancing security by providing alerts for vulnerabilities in dependencies listed in composer.json and composer.lock files. This feature, which was previously available for languages using package managers like Maven, NPM, Yarn, and Nuget, now allows users to receive notifications via email or web, depending on their preferences, for both public and private repositories. Users managing multiple private repositories can enable the dependency graph across them using a script, and organizations using GitHub Enterprise can leverage dependency insights for a comprehensive overview of PHP dependencies and their vulnerabilities. To manage old projects, users can archive them to stop receiving security alerts. Those participating in the automatic security fixes beta will receive pull requests for vulnerable dependencies when alerts are issued, helping maintain secure and up-to-date PHP projects.