As long as we're using something like ^1.2.3 or ^1.2 for development dependencies, we risk our build breaking when a new version of a development dependency is released and it either includes breaking changes or requires changes to the PHPStan baseline.
To avoid this, we should use exact version numbers like 1.2.3 in for development dependencies in composer.json. The only exception are TYPO3 Core packages.
As we're using Dependabot to update our dependencies, having exact version number does in no way block updates to our development dependencies.
As long as we're using something like
^1.2.3
or^1.2
for development dependencies, we risk our build breaking when a new version of a development dependency is released and it either includes breaking changes or requires changes to the PHPStan baseline.To avoid this, we should use exact version numbers like
1.2.3
in for development dependencies incomposer.json
. The only exception are TYPO3 Core packages.As we're using Dependabot to update our dependencies, having exact version number does in no way block updates to our development dependencies.