Description
We are currently using some dependencies which MAY be problematic for maintenance.
Whilst not a big issue, if we want to support newer versions of PHP (e.g. 8.4 at the time of writing, is unreleased), we have to ensure we are compatible with the newer dependencies. For example, the constraint we have for illuminate/container is ^10.47, which would not allow version 11 (which I believe has fixed the PHP 8.4 issues). This is somewhat mitigated by our root php constraint being explicitly 8.1.*||8.2.*||8.3.* (i.e., we do not yet support PHP 8.4), and this issue only surfaces when --ignore-platform-req=php is used (e.g. for testing). The more third-party dependencies we have, the more we are constrained by upstream support. We should evaluate the dependencies we are using, and ensure it makes sense to continue using them or not.
PSL - https://packagist.org/packages/azjezz/psl - was mentioned as problematic, since it relies on some extensions which not everyone always has installed (e..g bcmath, sodium, etc.). This creates a chicken/egg problem if the extension someone wants to install is bcmath! Whilst I love the functionality we're using in azjezz/psl we may need to find another way; we're not using the azjezz/psl parts that use those extensions (we're ONLY using the nicely-typed JSON parsing, and only in a couple of places), and I don't think it's reasonable at all to ask the author that these parts are split off into a separate package.