Suggère deployer/deployer & roave/security-advisories plutôt que de les inclure.

composer.json

@@ -10,7 +10,6 @@
         }
     ],
     "require": {
-        "deployer/deployer": "@stable",
         "hirak/prestissimo": "@stable",
         "irstea/composer-require-checker-shim": "@stable",
         "irstea/pcov-clobber-plugin": "@stable",
@@ -18,11 +17,13 @@
         "irstea/phpcpd-shim": "@stable",
         "irstea/phploc-shim": "@stable",
         "irstea/phpmd-config": "@stable",
-        "irstea/phpmd-shim": "@stable",
         "irstea/phpstan-config": "@stable",
         "php-parallel-lint/php-parallel-lint": "@stable",
         "phpunit/phpunit": "@stable",
-        "roave/security-advisories": "dev-master",
         "sensiolabs/security-checker": "@stable"
+    },
+    "suggests": {
+        "deployer/deployer": "Pour gérer les déploiements sur les serveurs",
+        "roave/security-advisories": "Pour s'assurer de ne pas mettre à jour avec des versions concernées par des failles de sécurité."
     }
 }