search

paragonie / phpecc

Pure PHP Elliptic Curve Cryptography Library
17 stars 3 forks source link

Conflicts with roave/security-advisories #20

Closed mayestik1 closed 6 months ago

mayestik1 commented 6 months ago

Please fix package "replaces" information because of ` Problem 1

Maybe something like this "replace": { "mdanter/ecc": "<2.0" }

paragonie-security commented 6 months ago

Thanks, let's see if #23 fixes the problem. It should, but better to test.

paragonie-security commented 6 months ago

Before the PR

{
  "require": {
    "paragonie/ecc": "^2.1",
    "roave/security-advisories": "dev-latest"
  }
}

Yields:

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires paragonie/ecc ^2.1 -> satisfiable by paragonie/ecc[v2.1.0].
    - roave/security-advisories dev-latest conflicts with mdanter/ecc <2 (paragonie/ecc v2.1.0 replaces mdanter/ecc *).
    - Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].

After the PR

{
  "require": {
    "paragonie/ecc": "dev-master",
    "roave/security-advisories": "dev-latest"
  }
}

Yields:

Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires paragonie/ecc dev-master -> satisfiable by paragonie/ecc[dev-master].
    - roave/security-advisories dev-latest conflicts with mdanter/ecc <2 (paragonie/ecc dev-master replaces mdanter/ecc <2).
    - Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].

The only thing we can really do here is, not replace anything. And, instead, just create a separate meta-package that does that.

paragonie-security commented 6 months ago

After removing the replace directive:

Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires paragonie/ecc dev-master -> satisfiable by paragonie/ecc[dev-master].
    - roave/security-advisories dev-latest conflicts with mdanter/ecc <2 (paragonie/ecc dev-master replaces mdanter/ecc <2).
    - Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].

D:\tmp>del composer.phar

D:\tmp>php composer.phar update
Loading composer repositories with package information
Updating dependencies
Lock file operations: 4 installs, 0 updates, 0 removals
  - Locking genkgo/php-asn1 (v2.7.0)
  - Locking paragonie/ecc (dev-master 197bb7f)
  - Locking paragonie/sodium_compat (v2.0.1)
  - Locking roave/security-advisories (dev-latest a6cc84f)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
  - Downloading paragonie/ecc (dev-master 197bb7f)
  - Upgrading paragonie/ecc (v2.0.0 => dev-master 197bb7f): Extracting archive
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
1 package you are using is looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.