Question: Packagist (and thus dependabot) lists a version 5 release but GitHub lists 4.0.4 as latest release. Is version 5 truly a release?

[apotek]

Question

I have a dependabot merge request in my repo (which includes robo via composer and thank you) that wants me to update to robo v5.

Packagist has a v5 package: https://packagist.org/packages/consolidation/robo#5.0.0
But GitHub does not. It's latest release is v4.0.4

I would expect a packagist package to be designated as a release in GitHub not just as a tag. Does the omission of a GitHub v5 official release mean that v5 is still being tested/considered for release? Is it an oversight?

Do you recommend updating to version 5? And if so, why would there not be a corresponding GitHub release?

There is no release note/changelog on the version 5 tag, but I see the README mentions it as stable and changelog does include some notes.

Thank you so much.

[dpagini]

Came here with the same question. I see there is also a 4.0.5 and 4.0.6 release as well that fall into the same category.