Menu
I'm trying to update only a single package and its dependencies. When I try a dry-run, it correctly seems to list all the packages that need updating:
> composer update drupal/core --with-dependencies --dry-run
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 17 updates, 0 removals
- Updating guzzlehttp/psr7 (1.3.1) to guzzlehttp/psr7 (1.4.2)
- Updating guzzlehttp/guzzle (6.2.2) to guzzlehttp/guzzle (6.2.3)
- Updating symfony/class-loader (v2.8.17) to symfony/class-loader (v2.8.18)
- Updating symfony/debug (v2.8.17) to symfony/debug (v2.8.18)
- Updating symfony/console (v2.8.17) to symfony/console (v2.8.18)
- Updating symfony/dependency-injection (v2.8.17) to symfony/dependency-injection (v2.8.18)
- Updating symfony/http-foundation (v2.8.17) to symfony/http-foundation (v2.8.18)
- Updating symfony/event-dispatcher (v2.8.17) to symfony/event-dispatcher (v2.8.18)
- Updating symfony/http-kernel (v2.8.17) to symfony/http-kernel (v2.8.18)
- Updating symfony/process (v2.8.17) to symfony/process (v2.8.18)
- Updating symfony/routing (v2.8.17) to symfony/routing (v2.8.18)
- Updating symfony/serializer (v2.8.17) to symfony/serializer (v2.8.18)
- Updating symfony/translation (v2.8.17) to symfony/translation (v2.8.18)
- Updating symfony/validator (v2.8.17) to symfony/validator (v2.8.18)
- Updating symfony/yaml (v2.8.17) to symfony/yaml (v2.8.18)
- Updating twig/twig (v1.31.0) to twig/twig (v1.33.0)
- Updating zendframework/zend-feed (2.7.0) to zendframework/zend-feed (2.8.0)
However, when I run the same command without --dry-run, no packages get updated:
> composer update drupal/core --with-dependencies
Gathering patches for root package.
Dependency "asm89/stack-cors" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "composer/semver" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "doctrine/annotations" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "doctrine/common" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "easyrdf/easyrdf" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "egulias/email-validator" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "guzzlehttp/guzzle" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "masterminds/html5" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "paragonie/random_compat" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "stack/builder" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony-cmf/routing" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/class-loader" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/console" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/dependency-injection" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/event-dispatcher" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/http-foundation" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/http-kernel" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/polyfill-iconv" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/process" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/psr-http-message-bridge" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/routing" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/serializer" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/translation" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/validator" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "symfony/yaml" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "twig/twig" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "zendframework/zend-diactoros" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Dependency "zendframework/zend-feed" is also a root requirement, but is not explicitly whitelisted. Ignoring.
Shouldn't the --with-dependencies-switch whitelist all dependencies of drupal/core, causing those to be updated as well?
324
To update your packages json file is. Run composer update (on your local machine) to update the required packages and re-generate a composer. lock file. Commit the updated composer.
composer update is mostly used in the 'development' phase, to upgrade our project packages. composer install is primarily used in the 'deploying phase' to install our application on a production server or on a testing environment, using the same dependencies stored in the composer.
update / u# In order to get the latest versions of the dependencies and to update the composer. lock file, you should use the update command.
If you need to update one dependency ,You can run this command . composer generates autoload.php file. You can include this file and it will load your dependencies. This makes things easy, You can immediately work with your third party libraries immediately. Let’s dig with monolog.
“composer update” will do the task, but it will also update the other packages. Now if you just want to remove a specific package without updating others then just specify that package name. It will remove the “package_name” package.
You should commit the composer.lock file to your project repo so that all people working on the project are locked to the same versions of dependencies (more below). This is the main role of the update command. It then implicitly runs the install command. This will download the dependencies' files into the vendor directory in your project.
When Composer finds the right package, either in Packagist or in a repo you have specified, it then uses the versioning features of the package's VCS (i.e., branches and tags) to attempt to find the best match for the version constraint you have specified.
The cause of this is that Drupal (drupal/drupal) specifically merges core/composer.json into the project (root) composer.json.
"extra": {
"merge-plugin": {
"include": [
"core/composer.json"
],
"recurse": false,
"replace": false,
"merge-extra": false
},
This causes the drupal/core dependencies to be treated as root dependencies, resulting in the "X is also a root requirement, but is not explicitly whitelisted. Ignoring." errors.
As a workaround, either update the full project via composer update or disable the merge section of your composer.json file.
106
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
