dependency-type: development
updates even production dependencies in composer ecosystem
#9650
Open
1 task done
Labels
L: git:submodules
Git submodules
L: php:composer
Issues and code for Composer
T: bug 🐞
Something isn't working
Is there an existing issue for this?
Package ecosystem
composer
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
dependabot.yml content
Updated dependency
phpstan/phpstan
What you expected to see, versus what you actually saw
The actual meaning of
dependency-type: development
is poorly documented, but I'd assume it should update only dev deps and not production deps, otherwise it would be useless.Here is a PR that shows it updates even production dependencies (
phpstan/phpstan
in this case).I believe dependabot should execute
composer update dev/dependency1 dev/dependency2 dev/dependency3 dev/dependency4
(list all dev depenendencies fromrequire-dev
) to achieve only dev deps being updated.Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Smallest manifest that reproduces the issue
No response
The text was updated successfully, but these errors were encountered: