Stable dependencies in composer.json instead of "dev-master"

[bvis]

Hi,

I've seen that in your dependencies list you have them defined as:

"require": {
    "php": ">=5.3.0",
    "guzzlehttp/guzzle": "~5.0",
    "ext-json": "*",
    "adoy/oauth2": "dev-master",
    "firebase/php-jwt" : "~2.2"
  },

The "adoy/oauth2" component has stable version 1.2.0: https://packagist.org/packages/adoy/oauth2

Is it there any reason to use the "dev-master" instead the stable version?

As you may know rely on development dependencies makes your software so fragile and it can break at any time after a "composer update" execution.

My suggestion is to update this component version to: "adoy/oauth2": "~1.2"

Regards,

[glena]

Yes, becase the 1.2.0 tags does not have the latest chages (like a PR I sent) so we cant rely on a stable tag.

It is on my plans changing of oauth2 package but right now is not a priority (PRs welcome :D).

Anyway, this dependency is not very active so I doubt a change can break you project. You can always fork the repo and override it on composer (check https://getcomposer.org/doc/05-repositories.md#loading-a-package-from-a-vcs-repository).

[glena]

@bvis before you ask, it is 1.0.9 ;)

[bvis]

Thanks! ;)

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.