Closed rdesimone closed 2 years ago
psr/cache is installed to provide caching support for the Google Public Tokens when doing ID Token verification - it's just the Interfaces, though, they are needed so that cache implementations can hook into the interfaces (https://github.com/kreait/firebase-tokens-php#cache-results-from-the-google-secure-token-store)
kreait/firebase has support for all psr/cache releases (1.x - 3.x), there are two common reasons why the 2.x version (which supports only PHP 8.0+) might have ended up in the composer.lock file as opposed to 1.x which supports any PHP version starting at 5.3):
composer.lock
file has been generated in a PHP 8.0 environment, and is used on a PHP 7.4 environment when doing a composer install
composer install
is executed with the --ignore-platform-requirements
parameterWhen building docker images, this can happen when the composer.lock
file is not present in the .dockerignore
file.
Since psr/cache
2.0 is installed and not 3.0, I assume that another package requires this version specifically. You can check why a specific package (version) is installed with composer why psr/cache
in your project directory.
Hmm, not sure...
composer.lock
has been created in a PHP 7.4 (PhpStorm) environment. It was an update of an old project with outdated dependencies.
composer install
has not been executed with --ignore-platform-requirements
The source files are mounted as a volume in Docker, so I also don't see the reason of a missing composer.lock
in .dockerignore
.
composer why psr/cache
gives
google/auth v1.18.0 requires psr/cache (^1.0|^2.0)
kreait/firebase-php 5.23.0 requires psr/cache (^1.0.1|^2.0|^3.0)
kreait/firebase-tokens 1.16.0 requires psr/cache (^1.0|^2.0|^3.0)
like I checked already in composer-lock
. (Thanks for the hint of this command!)
The dependencies which require psr/cache
are all related to kreait/firebase-php
. I also think google/auth
is required by kreait/firebase-php
.
Should it not be made sure that only 1.0.x
will be installed to not run into this problem?
Yes, you can add a "psr/cache": "^1.0"
in the composer.json
of your project to ensure that you won't receive a 2.x or 3.x version, but this would not answer the underlying question how a PHP 8.0 dependency ended up in a composer.lock
file that has been generated in a PHP 7.4 environment - this should just not be possible.
Does the composer.json
of your project have a "php": "^..."
in its require
section?
This is my composer.json
{
"require": {
"slim/slim": "^4.8.1",
"slim/psr7": "^1.3.0",
"slim/http": "^1.2.0",
"php-di/php-di": "^6.3.5",
"monolog/monolog": "2.3.2",
"firebase/php-jwt": "^v5.4.0",
"guzzlehttp/guzzle": "^7.3.0"
}
}
I just updated all dependencies to their latest version (they were outdated for years...)
and then run php composer.phar update
The line "php": "^7.4"
in the require
section is missing 🤞
Thanks a lot!!!!
You're welcome 🌺
Describe the issue you are experiencing
Ist seems that installing version
5.23.0
installs alsopsr/cache
2.0.0
which requires PHP 8.Checking
composer.lock
I noticed thatkreait/firebase-php
,kreait/firebase-tokens
andgoogle/auth
are requiringpsr/cache
. Not sure why it gets installed...Installed packages
PHP version and extensions
7.4.24
-> Docker environmentOn which operating system(s) does the issue occur?
Steps to reproduce the issue.
php composer.phar update
Error message/Stack trace
Running the app:
Additional information
No response