Advisories for Composer/Paragonie/Random_compat package

random_compat versions prior to 2.0 are affected by a security vulnerability related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators (CSPRNG). The affected versions use openssl_random_pseudo_bytes(), which may result in insufficient entropy and compromise the security of generated random numbers.

random_compat u ses insecure CSPRNG (openssl_random_pseudo_bytes()).

random_compat uses openssl_random_pseudo_bytes() but this Cryptographically Secure Pseudorandom Number Generator (CSPRNG) is insecure.