What Happened

I wanted to fix the latest security issue in phpunit by updating that package, but Pest prevents this. That was somewhat fixed in v4.6.3 now, but a future security issue in phpunit is prevented again. The composer.json requires ^12.5.23 (thus 12.5.23 or anything higher in 12.*), but also conflicts >12.5.23, as in everything higher than 12.5.23. Effectively locking phpunit to exactly 12.5.23.

I don't think this should be locked in that very specific way. I don't know why this was done, maybe it is actually a typo, and meant to be conflicts <12.5.23, although also that is quite strict. Maybe it was meant to state that Pest is tested and thus supported on this specific version? But I think at least patch upgrades from phpunit should be allowed. If phpunit would release a patch which breaks Pest that would be a bug at phpunit or Pest, but I think that's better than prevent users from fixing security issues.

How to Reproduce

• Install Pest
• Wait for a new phpunit version
• Run composer update phpunit/phpunit

Sample Repository

No response

Pest Version

v4.3.2

PHP Version

8.5.3

Operation System

Linux

Notes

No response