Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Composer, minimum-stability and dependencies of dependencies

I'm in quite a pickle with a new project and Symfony 2 dependencies using composer.

First some situation, i install the symfony/framework-standard-edition v2.1.5 using composer. This yields a composer file that has these requirements and no minimum-stability node.

"require": {
  "php": ">=5.3.3",
  "symfony/symfony": "2.1.*",
  "doctrine/orm": ">=2.2.3,<2.4-dev",
  "doctrine/doctrine-bundle": "1.0.*",
  "twig/extensions": "1.0.*@dev",
  "symfony/assetic-bundle": "2.1.*",
  "symfony/swiftmailer-bundle": "2.1.*",
  "symfony/monolog-bundle": "2.1.*",
  "sensio/distribution-bundle": "2.1.*",
  "sensio/framework-extra-bundle": "2.1.*",
  "sensio/generator-bundle": "2.1.*",
  "jms/security-extra-bundle": "1.2.*",
  "jms/di-extra-bundle": "1.1.*",
  "kriswallsmith/assetic": "1.1.*@dev"
},

This works fine, it installs all the latest stable versions, just as it is supposed to.

Next, I add a bundle -> https://packagist.org/packages/kunstmaan/admin-bundle

"require": {
  "php": ">=5.3.3",
  "symfony/symfony": "2.1.*",
  "doctrine/orm": ">=2.2.3,<2.4-dev",
  "doctrine/doctrine-bundle": "1.0.*",
  "twig/extensions": "1.0.*@dev",
  "symfony/assetic-bundle": "2.1.*",
  "symfony/swiftmailer-bundle": "2.1.*",
  "symfony/monolog-bundle": "2.1.*",
  "sensio/distribution-bundle": "2.1.*",
  "sensio/framework-extra-bundle": "2.1.*",
  "sensio/generator-bundle": "2.1.*",
  "jms/security-extra-bundle": "1.2.*",
  "jms/di-extra-bundle": "1.1.*",
  "kriswallsmith/assetic": "1.1.*@dev",
  "kunstmaan/admin-bundle": "dev-master"
},

This bundle depends on "doctrine/doctrine-fixtures-bundle" in "dev-master"(https://packagist.org/packages/doctrine/doctrine-fixtures-bundle)

And that bundle depends on doctrine/data-fixtures with * (https://packagist.org/packages/doctrine/data-fixtures)

Now when i run composer update in the project, it tells me that there is nothing to satisfy the doctrine/data-fixtures dependency. Either a typo in the name, or no "stable" version available since the minimum-stability defaults to stable.

It does want to install the doctrine-fixtures-bundle in "dev" stability, since putting dev-master automatically puts this dependency in "dev" stability. But this does nothing for the deps of this dep, they keep wanting to install as stable since that is my minimum-stability.

At this point i can fix this, by adding doctrine/data-fixtures: dev-master or with @dev to my composer.json in the project.

But since this is only one example (knpmenubundle, fosuserbundle, etc etc) i will have to manually go and add all deps of deps that don't install to my own composer file.

Another solution would be dropping minimum-stability of my project to dev, but at that time all my deps, including the stable ones like Symfony2, will install their dev version and not the tagged release.

like image 668
Roderik Avatar asked Dec 20 '12 10:12

Roderik


People also ask

How do I update composer and all dependencies?

To update dependencies two commands can be used: composer update and composer require . The difference between these two commands is that composer update will try to update a dependency based on the current constraints in composer. json and will only update composer. lock .

What are composer dependencies?

Composer makes information about the environment Composer runs in available as virtual packages. This allows other packages to define dependencies (require, conflict, provide, replace) on different aspects of the platform, like PHP, extensions or system libraries, including version constraints.

How do I fix composer problems?

Try clearing Composer's cache by running composer clear-cache . Ensure you're installing vendors straight from your composer. json via rm -rf vendor && composer update -v when troubleshooting, excluding any possible interferences with existing vendor installations or composer. lock entries.

Why is composer update so slow?

Composer update is very slow if you have a lot of dependencies/packages implemented. You should avoid variable versions and think about using a HHVM as server.


1 Answers

There is only one good way out of this: nag people so that they tag more releases. If you really need to work with unstable stuff then whitelisting it all with requires "@dev" is the best alternative IMO. If you have more unstable than stable, then you can always tag @stable and set the minimum-stability to dev. There is still the lock file to save your ass in most cases ;)

like image 195
Seldaek Avatar answered Oct 23 '22 14:10

Seldaek