Updated vendors - Githubissues

littleredbutton / bigbluebutton-api-php

Unofficial (but better) PHP API for @BigBlueButton

GNU Lesser General Public License v3.0

25 stars 12 forks source link

Updated vendors #115

Closed FelixJacobi closed 2 years ago

FelixJacobi commented 2 years ago

This fixes compat with PHP 8.1:

Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run `composer update` or `composer update <package name>`.
Your lock file does not contain a compatible set of packages. Please run composer update.

  Problem 1
    - phpspec/prophecy is locked to version 1.12.2 and an update of this package was not requested.
    - phpspec/prophecy 1.12.2 requires php ^7.2 || ~8.0, <8.1 -> your php version (8.1.3) does not satisfy that requirement.
  Problem 2
    - phpspec/prophecy 1.12.2 requires php ^7.2 || ~8.0, <8.1 -> your php version (8.1.3) does not satisfy that requirement.
    - phpunit/phpunit 8.5.14 requires phpspec/prophecy ^1.10.3 -> satisfiable by phpspec/prophecy[1.12.2].
    - phpunit/phpunit is locked to version 8.5.14 and an update of this package was not requested.

FelixJacobi commented 2 years ago

I decided to remove the composer.lock. It does not make sense to have it here for several reasons:

It is not evaluated when the library is integrated into a project. There, ony the composer.lock of the project is accounted.
It is not safety possible to generate a composer.lock, which works for all PHP versions. We have relaxed deps, yes, but there are libraries used by us indirectly, which does not have a release which supports PHP 7.2 and 8.1 at the same time. Therefore, the CI for PHP 7.* begins to fail, when I am running composer require on PHP 8.1 and vice versa
It's a convention for libraries to not commit the lock file.

We're testing against the highest deps for all PHP versions and our oldest set supported (PHP 7.2 and lowest deps). So, I guess we are still safe without a lock file.

FelixJacobi commented 2 years ago

If we merge this, I would like to have a comment in the gitignore which explains the step or at least links back to this pr.

Sure, makes sense. Will do that.

SamuelWei commented 2 years ago

I agree, we should remove the lock file. I reasearched a bit on recommendations/best practices, but didn't find it lot. However you can have a look at this comment: https://github.com/composer/composer/issues/2461#issuecomment-29282932

Most popular libraries I know also do not include the lock file.