Fixed ZF1F version in composer.json to avoid conflicts with our patches #3475
Conversation
|
composer validation is complaining but we have to do it this way... I don't see any other possibility |
as mentioned in #3474 another possibility would be to use composer patches plugins such as vaimo/composer-patches that can handle version constraints for the patches |
|
@ma4nn so sorry, I'll check it out immediately! |
|
so, I was checking this matter more in detail, but I still think we should have a strict version dependency here. let's make this example
am I getting something wrong? |
|
@kiatng @elidrissidev @colinmollenhour @addison74 we've to address this as soon as possible and tag a new release, at this moment all installations via composer are broken |
|
@fballiano yes you're right, there is no optimal solution. My (untested) idea was to constraint e.g. the Imho the whole idea of the composer patches is to live with the fact that there may be future updates to the patched library that will make your patch fail as you mentioned. In this case one could either add a This approach has the benefit that you profit by updates of the |
sure, but that patch is already removed from our composer.json for, for a next release, we don't have a need for the version contstraint, but it doesn't fix the problem anyway, sadly
with our fast pacing updates I don't think that we really need to allow zf1f updates, and allowing the upgrade with a failing patch could be tricky too :-\ |
|
From the conversations I followed carefully, I think the two patches should be removed (I think this has happened) and a new version must be released. When OM it is installed with Composer, it will get the current ZF1-Future version, according to the version mentioned in composer.json. Also, the current OM version is either completely removed, or we correct it with a ZF1-Future version up to X, as you also showed. The less pleasant part is that we have to be careful when a new version of ZF1-Future is launched and not to approve the automatic the PR created by the bot without checking the existing patches. |
not really, because our composer requirement for zf1f allows the upgrade regardless we approve that automatic PR or not |
|
I agree that the version should be fixed given the circumstances. If there is a critical update, dependabot should tell us, right? |
|
@colinmollenhour dependabot will tell us 1 week later (in the worst case) thing is, composer validation is complaining not to use exact version number... |
|
Is it ok to use |
|
I was checking that parameter earlier but the documentation is not super clear to me, anyway I think it’s our only way |
|
I am not an advanced Composer user, but maybe we should ask for an opinion in their forum. I noticed that there are quite interesting discussions on various topics. |
|
ok from https://getcomposer.org/doc/03-cli.md it's clear that the no-check-all is the parameter we want in this case:
|
|
@colinmollenhour we will have to address this also in v19 because composer installation are broken in v19 at the same way... |
|
Reading the documentation, we don't really have other options. What @colinmollenhour proposed would be the solution. |
|
it's already implemented in this PR ;-) |
when implementing our composer patches for ZF1F we didn't consider that our 20.1.0 tagged release can't now run a
composer installbecause ZF1F is now been updated and the patches can't be applied anymore.Explanation at #3474
Thus we have to specify the exact version number of ZF1F in the composer.json.
Fixes #3474