Update composer.lock

[m-vo]

Is there a reason why the composer.lock in the repo is not up to date with the composer.json file?

[leofeyer]

No idea. But this is most likely not a problem.

[m-vo]

True. It's a bit unintuitive when downloading/cloning the repo and running composer install to not have the latest version installed, though.

[leofeyer]

I don't know how Composer decides whether the lock file is up to date.

[m-vo]

I'm not sure how exactly the build process looks like for contao (and how automated it is) but I just thought it might be a good idea to update the managed edition's composer.lock after a new version of the core bundle and others are released (and available through the package repo).

[aschempp]

The lock file is up to date if the hash matches the composer.json. There is no validity of package versions, as it is the point of the lock file to lock to a certain version (which can be older than latest).

Be aware that the upcoming Contao Manager version will always use composer update on installation to get the latest packages. But I agree we should still update the lock file when a new Contao version is released.

[leofeyer]

I always do (see the commit log).

[leofeyer]

The hash might be out of date because of the PHP version override in the global Composer configuration, but since we have agreed on building the .zip file with the lowest supported PHP version, we cannot change this.

[m-vo]

I see. But this can't be the case why the current file references core-bundle 4.5.3 instead of 4.5.4? Both require php ^7.1.

https://github.com/contao/managed-edition/blob/21ce5ea721be5ea88043227711e7f634229aaaea/composer.lock#L989-L990

[ausi]

You are probably in the wrong branch. The lock file seems to be correct in the 4.5 branch: https://github.com/contao/managed-edition/blob/4.5/composer.lock#L992

[m-vo]

Oh, my bad - must have been in the master branch, sorry for the confusion. Thx @ausi!