Description
In composer.json (lines 13-16), dependencies are using dev-main branches instead of stable tagged versions.
Impact
- Builds are not reproducible
- Breaking changes could be pulled unexpectedly
- Security vulnerabilities harder to track
Severity
MEDIUM
Recommended Fix
Pin dependencies to specific stable versions or version ranges (e.g., ^1.0).
Description
In
composer.json(lines 13-16), dependencies are usingdev-mainbranches instead of stable tagged versions.Impact
Severity
MEDIUM
Recommended Fix
Pin dependencies to specific stable versions or version ranges (e.g.,
^1.0).