What happened to version 1.3.1?

[MetalArend]

Version: 1.3.1

Bug Description

Our pipeline is failing because of version 1.3.1 not being available anymore.

[dg]

I don't remember exactly what it was about, but there was some serious bug. Please update to v1.3.2

[MetalArend]

We indeed upgraded already.

But it was very odd to suddenly have a package version simply pulled. We have tools in place like dependency analyzer and composer audit, but none of these prevented us from suddenly not being able to deploy our application. It pulls their information from the GitHub Advisory Database and the FriendsOfPHP Security Advisories.

Somehow not even our nexus saved us, which we have to look into - so yeey for a good test run for that :)

It was a very honest question. I was wondering if something happened to this specific version, that it would not have been enough to mark it as a security issue, but to completely pull it. I mean, pulling a version seems to be a very harsh thing to solve any issue,

Thankful for all your hard work, btw! Just hoping to learn something myself as well as to how stuff like this can be handled better. There seems to have been a discussion on this before (at least once): composer/packagist#335