Severity: LOW
Summary
The app depends on androidx.compose.material3:material3 pinned to an alpha pre-release (1.5.0-alpha20) while shipping production, minified/shrunk release APKs.
Evidence
gradle/libs.versions.toml
material3 = "1.5.0-alpha20"
consumed in app/build.gradle.kts (e.g. implementation(libs.androidx.material3)), with the release build using versionName 2026.6.8 and minify + resource shrink enabled.
Impact
Alpha Compose artifacts carry no API/behavior stability guarantee and receive less hardening than stable releases. A later alpha bump can silently change layout/behavior or introduce regressions/crashes for end users, and shipping a core UI library at alpha in production is a supply-chain/stability risk.
Suggested fix
Pin material3 to the latest stable 1.x compatible with the Compose BOM (or at minimum a -rc). If a specific alpha-only API is genuinely required, isolate its usage and document the dependency rather than taking the whole library at alpha.
Severity: LOW
Summary
The app depends on
androidx.compose.material3:material3pinned to an alpha pre-release (1.5.0-alpha20) while shipping production, minified/shrunk release APKs.Evidence
gradle/libs.versions.tomlconsumed in
app/build.gradle.kts(e.g.implementation(libs.androidx.material3)), with the release build usingversionName2026.6.8and minify + resource shrink enabled.Impact
Alpha Compose artifacts carry no API/behavior stability guarantee and receive less hardening than stable releases. A later alpha bump can silently change layout/behavior or introduce regressions/crashes for end users, and shipping a core UI library at alpha in production is a supply-chain/stability risk.
Suggested fix
Pin
material3to the latest stable1.xcompatible with the Compose BOM (or at minimum a-rc). If a specific alpha-only API is genuinely required, isolate its usage and document the dependency rather than taking the whole library at alpha.