Niels Keurentjes

I think the issue is wider than just security. It's the "yanked" issue on one hand - pulling a version of a package because of a serious security, stability or...

When reporting issues or asking questions please provide sufficient information to reproduce or analyse the problem, including expected and actual output.

I still do not understand your question. If English is an issue please consult with someone more proficient in the language to construct an issue report we can work with....

> Really don't like breaking old projects You wouldn't have to. Packagist knows both about release dates and install counts. If it were to separate metadata into "all tags" and...

@carlososiel the 'feature' cannot be implemented, as by its very nature composer nor satis have any way of identifying which packages are 'obsolete', as they don't know what's out there...

@mikebarlow the underlying 'issue' is that Composer supports (or rather: depends on) the `composer.lock` file which locks the state of the application to a verified and known-to-be-working one. For tags...

I neither wrote nor use nor reviewed this feature: https://github.com/omines/datatables-bundle/pull/120 Not much I can do to help with an issue I don't really fully understand myself. I'm keeping it open...

There, now it has a label showing I also have no clue about how to solve this issue.

I'm also running into this issue in a bleeding edge development environment, both with Symfony 6.2 and 6.3-beta. Simple reproducer: ```php use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository; use Doctrine\Persistence\ManagerRegistry; /** * @extends ServiceEntityRepository */...

Came here for the same one 😉  > This check should probably be ignored when inside a class that extends or implements the KernelInterface? As the plugin parses `services.yaml`...