search

composer / composer

Dependency Manager for PHP
https://getcomposer.org/
MIT License
28.53k stars 4.53k forks source link

Dependency resolver finds the wrong package when the package is required "indirectly" #1794

Closed chuanma closed 11 years ago

chuanma commented 11 years ago

In order to support multiple projects, we create a Tool repo co/coding-standards that loads all of the php tools we use, and we just need to require this internal repo in other projects. Today we tried to change the version from 1.4.3 to 1.5.0RC2 for squizlabs/php_codesniffer. It worked perfectly fine in the coding-standards repo when we tested composer install. It loads the right package.

### in the `co/coding-standards` repo
"require": {
    "phing/phing": "2.4.14",
    "phpunit/phpunit": "3.7.13",
    "phpunit/dbunit": "1.2.1",
    "squizlabs/php_codesniffer": "1.5.0RC2",
    "phpmd/phpmd": "1.4.1"
},

### In project A, we load the repo
 "require-dev": {
     "co/coding-standards": "0.1.*"
 },

However, when we composer install --dev in project A, here is the error message. It tries to load a different package that we never heard of. When we had the stable version 1.4.3, it was fine.

Not sure if it helps. But we use default minimun-stability level.

chuanma commented 11 years ago

Also in our Project A composer.json, we don't require anything else except our coding-standards repo. And I checked packagist.org, foobugs-standards/php_codesniffer is never required by any other package. But That package has a replaces directive for squizlabs/php_codesniffer. Not sure how foobugs-standards/php_codesniffer is chosen by the resolver.

Seldaek commented 11 years ago

The foobugs package was incorrectly replacing phpcs, and I removed it. The issue however on your end is that 1.5.0RC2 is not stable, so it doesn't match the default minimum stability of your root package. You should allow it explicitly by requiring "squizlabs/php_codesniffer":"@RC" in your root package, or lower the minimum stability to RC.