Skip to content

Dependencies using dev-main branches instead of stable versions #13

@Snider

Description

@Snider

Description

In composer.json (lines 13-16), dependencies are using dev-main branches instead of stable tagged versions.

Impact

  • Builds are not reproducible
  • Breaking changes could be pulled unexpectedly
  • Security vulnerabilities harder to track

Severity

MEDIUM

Recommended Fix

Pin dependencies to specific stable versions or version ranges (e.g., ^1.0).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions