Magento 1 has already become obsolete and websites running on the platform won’t receive updates anymore from Adobe.
The date for Magento 1 End of Life (EOL) was November 2018. Later, Magento extended the final end of life date to June 30, 2020. To stay up to date for PCI DSS compliance, you should migrate to Magento 2, or choose one of the softwares below.
This is a paid service, Mage One provides some security updates and releases upgrades for newer PHP versions of M1 stores. I recommend this for previous Magento EE site owners. However, no code review is possible before choosing this solution.
OpenMage is a Magento 1 fork and is maintained by the Magento community. With OpenMage LTS, merchants can continue running a secure, stable Magento 1 platform while remaining PCI compliant. OpenMage can be installed using composer.
If you are unable or unwilling to migrate to Magento 2, both OpenMage and Mage One is a good alternative. Magento 2, unfortunately is a completely different beast with higher cost of hosting and it may be the wrong choice for stores that were previously ran on Magento 1.