The SPM dependency on gwillish/DHModels tracks the main branch (Package.resolved records a moving revision). Builds are therefore not reproducible — an upstream push silently changes what the app compiles against.
Acceptance
- Change the dependency to a version/tag requirement.
- Document the version-bump process (where the tag lives, how to update).
- Verify a clean resolve.
Filed from architecture review.
The SPM dependency on
gwillish/DHModelstracks themainbranch (Package.resolved records a moving revision). Builds are therefore not reproducible — an upstream push silently changes what the app compiles against.Acceptance
Filed from architecture review.