Open bobdenotter opened 3 years ago
Do you have "paragonie/random_compat": "*"
in your composer.json
's replace
section?
If so: try to replace it with "paragonie/random_compat": "2.*"
or remove it entirely (v9.99.*
are no-op packages).
@glensc I know there is, but because several packages (like https://github.com/nelmio/NelmioCorsBundle) have a hard dependency like this:
"paragonie/random_compat": "~1.0|~2.0|9.99.99",
It can not install it.
Hi @jdreesen,
There's probably something else wrong in your composer.json.
Well, our composer.json
has no reference to this package at all. It's other packages that require it, that we require, so we have no direct dependency on it. So, i don't think it's our composer.json
that necesarily has something wrong.
/edit: the error message even mentions the v9.99.99 as not applicable, which won't be the case if it had been removed.
That is weird, though.
Do you have "paragonie/random_compat": "*" in your composer.json's replace section?
If so: try to replace it with "paragonie/random_compat": "2.*"
I've tried, but no dice:
Problem 1
- bolt/core dev-master conflicts with roave/security-advisories[dev-master].
- roave/security-advisories dev-master conflicts with bolt/core[dev-master].
- roave/security-advisories dev-master conflicts with bolt/core[dev-master].
- Installation request for bolt/core dev-master -> satisfiable by bolt/core[dev-master].
- Installation request for roave/security-advisories dev-master@dev -> satisfiable by roave/security-advisories[dev-master].
or remove it entirely (v9.99.* are no-op packages).
I would if i could, but it's other packages requiring it.
I've also opened an issue on the other end, but it seems like it's not maintained actively: https://github.com/nelmio/NelmioSecurityBundle/pull/236
@bobdenotter perhaps the original problem is resolved (missing tag restored), or there's something in your existing composer dependencies causing conflict that 9.99.99 won't be picked. as installing to a blank repository with PHP 7.3 works okay. thus, provide an actual reproducer of the problem (and try it yourself), perhaps publish it to gist.
mkdir random-compat-167
cd random-compat-167
composer require nelmio/security-bundle
➔ composer show|grep -E 'paragonie/random_compat|nelmio/security-bundle'
nelmio/security-bundle v2.10.1 Extra security-related features for Symfony: signed/encrypted cookies, HTTPS/SSL/HSTS handling, cook...
paragonie/random_compat v9.99.99 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
➔
altho using strict dependency like "9.99.99" is calling for problems like this, so downstream project needs to be fixed.
but then again it's this project fault for suggestion such use-case in the project readme:
EDIt: the project readme doesn't actually say to use exactly "9.99.99" in dependencies, but only in "replaces", altho now that 9.99.100 is released, that recommendation is also invalid. perhaps the new value should be "replaces: 9.99.999", so this project has room to make 101-998 releases?
Hi @glensc,
perhaps the original problem is resolved (missing tag restored)
That looks like it worked! Thanks. In the sense that I can now run composer req nelmio/security-bundle
.
altho using strict dependency like "9.99.99" is calling for problems like this, so downstream project needs to be fixed.
Yes, I agree 100%. :-)
if you're using PHP 8.1, you can utilize the random_bytes() function provided by PHP's core random extension to generate cryptographically secure random bytes. This function is available starting from PHP 7.0 and is recommended for generating random data in PHP. and so you do not need to use random_compat for that.
$randomKey = random_bytes(32); // 32 bytes = 256 bits
instead of
$randomKey = Random::bytes(32); // 32 bytes = 256 bits
Did you post this in the wrong repository? Which project hasRandom::bytes()
defined?
Hi,
Several packages (like https://github.com/nelmio/NelmioCorsBundle) have a hard dependency like this:
They can't be installed anymore: