Reputation: 401
Composer, minimum-stability and dependencies of dependencies
I'm in quite a pickle with a new project and Symfony 2 dependencies using composer.
First some situation, i install the symfony/framework-standard-edition v2.1.5 using composer. This yields a composer file that has these requirements and no minimum-stability node.
"require": {
"php": ">=5.3.3",
"symfony/symfony": "2.1.*",
"doctrine/orm": ">=2.2.3,<2.4-dev",
"doctrine/doctrine-bundle": "1.0.*",
"twig/extensions": "1.0.*@dev",
"symfony/assetic-bundle": "2.1.*",
"symfony/swiftmailer-bundle": "2.1.*",
"symfony/monolog-bundle": "2.1.*",
"sensio/distribution-bundle": "2.1.*",
"sensio/framework-extra-bundle": "2.1.*",
"sensio/generator-bundle": "2.1.*",
"jms/security-extra-bundle": "1.2.*",
"jms/di-extra-bundle": "1.1.*",
"kriswallsmith/assetic": "1.1.*@dev"
},
This works fine, it installs all the latest stable versions, just as it is supposed to.
Next, I add a bundle -> https://packagist.org/packages/kunstmaan/admin-bundle
"require": {
"php": ">=5.3.3",
"symfony/symfony": "2.1.*",
"doctrine/orm": ">=2.2.3,<2.4-dev",
"doctrine/doctrine-bundle": "1.0.*",
"twig/extensions": "1.0.*@dev",
"symfony/assetic-bundle": "2.1.*",
"symfony/swiftmailer-bundle": "2.1.*",
"symfony/monolog-bundle": "2.1.*",
"sensio/distribution-bundle": "2.1.*",
"sensio/framework-extra-bundle": "2.1.*",
"sensio/generator-bundle": "2.1.*",
"jms/security-extra-bundle": "1.2.*",
"jms/di-extra-bundle": "1.1.*",
"kriswallsmith/assetic": "1.1.*@dev",
"kunstmaan/admin-bundle": "dev-master"
},
This bundle depends on "doctrine/doctrine-fixtures-bundle" in "dev-master"(https://packagist.org/packages/doctrine/doctrine-fixtures-bundle)
And that bundle depends on doctrine/data-fixtures with * (https://packagist.org/packages/doctrine/data-fixtures)
Now when i run composer update in the project, it tells me that there is nothing to satisfy the doctrine/data-fixtures dependency. Either a typo in the name, or no "stable" version available since the minimum-stability defaults to stable.
It does want to install the doctrine-fixtures-bundle in "dev" stability, since putting dev-master automatically puts this dependency in "dev" stability. But this does nothing for the deps of this dep, they keep wanting to install as stable since that is my minimum-stability.
At this point i can fix this, by adding doctrine/data-fixtures: dev-master or with @dev to my composer.json in the project.
But since this is only one example (knpmenubundle, fosuserbundle, etc etc) i will have to manually go and add all deps of deps that don't install to my own composer file.
Another solution would be dropping minimum-stability of my project to dev, but at that time all my deps, including the stable ones like Symfony2, will install their dev version and not the tagged release.
Upvotes: 9
Views: 5223
Answers (1)
Reputation: 42056
There is only one good way out of this: nag people so that they tag more releases. If you really need to work with unstable stuff then whitelisting it all with requires "@dev" is the best alternative IMO. If you have more unstable than stable, then you can always tag @stable and set the minimum-stability to dev. There is still the lock file to save your ass in most cases ;)
Upvotes: 14
Related Questions
- How to manage composer dependencies for a package
- How to resolve the Composer dependencies conflicts (a clean way)?
- Composer minimum stability issue
- Composer dependency and redundancy challenge
- Composer: required dependency conflict And version stability
- composer.json - minimum-stability for single package
- Composer ignore minimum stable
- How to fix Symfony requirements which could not be resolved by composer?
- Using composer on small projects
- Composer dependency constraint