I expected that
composer update videlalvaro/php-amqplib
would only update one dependency, but instead of that it updates all.
What am I missing?
PS: this dependency is defined as "videlalvaro/php-amqplib": "2.2.0" in composer.json
PPS: the composer version used is 3da05c68f9561fa822c522b1815435ff990493ff 2013-10-02 14:25:06
PPPS: the actual output:
$ composer.phar update videlalvaro/php-amqplib --no-dev
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- symfony/icu v1.2.0 requires lib-icu >=4.4 -> the requested linked library icu has the wrong version installed or is missing from your system, make sure to have the extension providing it.
- symfony/icu v1.2.0 requires lib-icu >=4.4 -> the requested linked library icu has the wrong version installed or is missing from your system, make sure to have the extension providing it.
- Installation request for symfony/icu == 1.2.0.0 -> satisfiable by symfony/icu[v1.2.0].
The command composer update videlalvaro/php-amqplib does just update that dependency. However it doesn't disable the other dependency checking that Composer does.
What the error message is complaining about is that the lib-icu is not available on your system. Apparently this would be solved by installing the PHP Intl extension.
You would see similar issues if you did a composer update on a project that required PHP 5.5 in one of it's requires, downgraded to PHP 5.4 and then ran composer update on a separate require, that didn't require PHP 5.5. Even though you wouldn't be updating the require that needs PHP 5.5, the requirements for that package would not be resolvable, and so Composer would fail.
In your case, even though you're just trying to update videlalvaro/php-amqplib to the latest version, the requirements for symfony/icu aren't met, and so the composer update fails.
Edit
To try to be helpful, I'm guessing you re-installed PHP since you last did an update, and either removed or forgot to install the PHP Intl extension. Composer can't satisfactorily satisfy the requirements your composer.json is setting, and so is defaulting to doing nothing, rather than knowingly doing an update where the requirements aren't met.
So basically, you need to install the PHP extensions that are required for your existing installed software to run, and then Composer will be able to update the single package you want to update, as well as meet the requirements for the other packages.
tl;dr:
You can list more than one dependency to update in one command:
composer update one/dependency second/dependency other/dependency
Story:
If you want to update only one dependency (composer update some/dependency), you may face an issue that request is not satisfiable due to some other dependency is installed in wrong version. And that one does not necessarily must be listed in your composer.json, it could be just dependency of some other dependency.
E.g. I wanted to update only and only google/apiclient, but calling composer update google/apiclient complained, that google/auth (dependency of apiclient) requires guzzlehttp/psr7 in version 1.2.3. I had 1.3.0 installed. The guzzlehttp/psr7 was not listed in my composer.json. What I had to do, was to call:
composer update guzzlehttp/psr7 google/apiclient
and that's it! Just update the package you want, and if composer tells you, that you need to update (or downgrade :-)) some other package, list it in the command.
I had a similar case due to security reasons on a GitHub repository.
I solved updating the dependency to a specific version like this:
composer require phpseclib/phpseclib:2.0.31
If you are working with virtual environments like docker containers (ddev, lando, etc..) before running it you should connect to the container with a:
ddev ssh
To overcome this kind of dependency problem during the update of a specific package you should specify all the specific packages versions before running their update altogether.
In your case something like this:
composer require videlalvaro/php-amqplib:2.2.0 --no-update
composer require symfony/icu:1.2.0 --no-update
composer require lib-icu:4.4 --no-update
composer update videlalvaro/php-amqplib symfony/icu lib-icu
Related
After updating to Composer 2.0 I got into problems on doing my Travis.
I have a TYPO3 Extension, that I want to test with multiple TYPO3 Versions. Till yesterday I could do this with composer require nimut/typo3-complete:$TYPO3_VERSION (coming from the version Matrix).
After the update I got following error/information.
Cannot update only a partial set of packages without a lock file present.
Installation failed, reverting ./composer.json to its original content.
As I have no composer.lock in my repository, I tested my pipeline with a composer install first, and then did the update. This is all fine until I go to the next version as the dependencies are different, and the composer.lock from the composer install cannot update the additional dependencies.
I have tried it with composer require --dev nimut/typo3-complete:^10.4 --with-all-dependencies the response from composer:
Problem 1
- typo3/testing-framework is locked to version 4.15.2 and an update of this package was not requested.
- typo3/testing-framework 4.15.2 requires typo3/cms-backend ^9.3 -> found typo3/cms-backend[v9.3.0, ..., 9.5.x-dev] but it conflicts with another require.
Problem 2
- symfony/http-client v5.1.7 requires symfony/http-client-contracts ^2.2 -> found symfony/http-client-contracts[dev-main, dev-master, v2.2.0, v2.3.1, 2.3.x-dev (alias of dev-master)] but it conflicts with another require.
- nunomaduro/phpinsights v1.14.0 requires sensiolabs/security-checker ^6.0 -> satisfiable by sensiolabs/security-checker[v6.0.3].
- sensiolabs/security-checker v6.0.3 requires symfony/http-client ^4.3|^5.0 -> satisfiable by symfony/http-client[v5.1.7].
- nunomaduro/phpinsights is locked to version v1.14.0 and an update of this package was not requested.
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
The -W option is the one I'm trying out already. I have tried both -w and -W, no luck so far.
I'm not sure how to get around this problem yet, your input your be very helpful.
Link to .travis.yml
https://github.com/AOEpeople/crawler/blob/master/.travis.yml#L50
Link to Travis Build where testing it out.
https://travis-ci.org/github/AOEpeople/crawler/jobs/738603105#L1138
The issue with composer require was reported and fixed in PR 9336 on Composer's GitHub repository. It will be in Composer 2.0.2 just about to be released now. So you can upgrade to 2.0.2 and it should resolve your problem.
To explain why your workaround failed:
composer require nimut/typo3-complete:$TYPO3_VERSION edits the composer.json file to add "nimut/typo3-complete": "^$TYPO3_VERSION". Then it runs composer update nimut/typo3-complete, or (on Composer 1.x or 2.0.2+) a plain composer update if no lock file exists yet.
If you run a composer install without a lock file first, this executes a composer update because there is no lock file. The subsequent composer require then still edits the json file and now runs composer update nimut/typo3-complete because there is a lock file. Even with all the dependency options enabled, this may have a different outcome or even a conflict from running a plain composer update as you are restricting the update to only the new package and its dependencies.
i need to use this package mrjgreen/db-sync, i'm using laravel version 5.8.
When i try to install it on my project through composer, it returns the following error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Conclusion: don't install mrjgreen/db-sync v3.3.0
- Conclusion: remove symfony/console v4.4.3
- Installation request for mrjgreen/db-sync ^3.3 -> satisfiable by mrjgreen/db-sync[v3.3.0, v3.x-dev].
- Conclusion: don't install symfony/console v4.4.3
I tried to remove symfony/console, but it gives me this message:
"symfony/console is not required in your composer.json and has not been
removed"
and it won't remove it. Any idea of how can i solve this?. Or a similar package that it's compatible with this laravel version. (i need to sync two tables but using a where parameter). Thanks in advance.
The last release of the package you are using was in May 2017 (two and a half years ago at the time of writing). It was built against specific versions of the symfony packages, and since you are now using a younger version of Laravel with different dependencies (which also uses symfony), you are getting a conflict of libraries.
There's no easy solution for you other than find another library to do what you need, fork the library you are trying to use and build your own against the modern dependencies (which should be straight forward if it has a full set of tests), or build your own.
I had this issue as well. I removed laravel/valet and laravel/installer, then installed again and it worked.
composer global remove laravel/valet
Then
composer global remove laravel/installer
Then
composer global require laravel/installer
I am trying to import Google's Text-To-Speech library
composer require google/cloud-text-to-speech
But I get this error
Using version ^0.4.4 for google/cloud-text-to-speech
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for google/cloud-text-to-speech ^0.4.4 -> satisfiable by google/cloud-text-to-speech[v0.4.4].
- Conclusion: don't install google/gax 0.37.0
- google/cloud-text-to-speech v0.4.4 requires google/gax ^1.0 -> satisfiable by google/gax[1.0.0, 1.0.1, 1.0.2, 1.0.3].
- Can only install one of: google/gax[1.0.0, 0.37.0].
- Can only install one of: google/gax[1.0.1, 0.37.0].
- Can only install one of: google/gax[1.0.2, 0.37.0].
- Can only install one of: google/gax[1.0.3, 0.37.0].
- Installation request for google/gax (locked at 0.37.0) -> satisfiable by google/gax[0.37.0].
Installation failed, reverting ./composer.json to its original content.
How can I fix this? Is there any available libraries to download without using Composer?
It looks like either you or another dependency in your project also requires google/gax, but in an older version. You can find out why google/gax is locked at version 0.37.0 using the why command:
composer why google/gax
This should tell you wether it's installed as a root dependency, meaning you explicitly installed it or which other dependency requires it.
Then you have to find out whether there is a newer version of that dependency, so you can upgrade that dependency to be able to use a newer version of google/gax. If you determine updating it is safe just add both extensions to the require command or update the dependency first and then try requiring google/cloud-text-to-speech again.
Composer also provides a way to automatically update all dependencies for you, but this obviously risks introducing breaking changes from the updates, so use this with proper care:
--update-with-dependencies Allows inherited dependencies to be updated, except those that are root requirements.
--update-with-all-dependencies Allows all inherited dependencies to be updated, including those that are root requirements.
So running:
composer require --update-with-all-dependencies google/cloud-text-to-speech
should update your application in a way that it supports the required version of google/gax in order to install google/cloud-text-to-speech. This will likely result in other dependencies being updated and you can check the output to see which ones were affected.
I did composer update recently. But new version of my dependencies what I got I completely don't like. I would say that I don't like dependency of my dependencies, it's more precise. Is there any way to roll back, except fetching from git history composer.lock?
There is no direct way of downgrading a dependency of a dependency; it takes some work:
Require the package in the desired version
composer require aws/aws-sdk-php=3.158.17
The dependency will be downgraded. It also gets added to composer.json which we don't want, because our application does not depend on it.
Simply removing the dependency with "composer remove" will upgrade the package to the lastest version which we don't want.
So instead, manually remove the require line from composer.json and run composer update nothing to update the hash in composer.lock.
I've had a similar problem with laravel/passport =7.5.1, that depends on league/oauth2-server ^7.0, that requires lcobucci/jwt ^3.2.2. And at the time, lcobucci/jwt was updated to latest 3.4 version. But this sudden update introduces the bug, so everyone has to downgrade it to 3.3.*.
You can override the version of nested dependency needed or apply another version number constraint by simply putting it in require section of your top-level composer.json:
"require": {
...
"lcobucci/jwt": "3.3.*"
}
Then don't forget to run composer update lcobucci/jwt, so it installs the right version of nested dependency and updates the record in composer.lock.
Today it is better to put the version to 3.4 and also install mbstring on your system with the command:
sudo apt-get install php-mbstring
If you are under ubuntu and finally do a composer update lcobucci / jwt just like you say.
Let's say I have a composer.json file with locked dependencies:
{
"require" : {
"zendframework/zendframework" : "2.4.2"
},
"require-dev": {
"phpunit/phpunit": "4.6.6"
}
}
I want to do that because would like to update dependencies manually, so I won't be in a situation where my build fails or other developers experience issues I don't have because Composer installed a different version of the package.
Is there a good way to use Composer to list all newer versions of the locked packages, perhaps something like composer discover, where I get output: zendframework/zendframework is locked at version 2.4.2 (or 2.4.* or whatever), but there are versions 2.5.0, 2.5.1, and 2.6.0 available*?
Is any existing command capable of providing that kind of information?
Basically, I'm more about the newer versions being shown to me, so I can know what dependency to update manually. Committing the composer.lock isn't really the solution because that won't show me what to update (and my composer.json is locked at specific versions, so composer.lock won't differ anyway).
In order to do what you want, commit the composer.lock file and make sure everyone runs composer install to install the deps. This way, everyone has exact the same version/commit of each package.
You can then run composer update to get newer versions. This will update the packages and the composer.lock file, which you can commit and push, so everyone has the same versions again (after they run composer install).
This is not exactly what you are suggesting. But you can run
composer update --dry-run
to see what happens when composer updates your dependencies. This only shows you the latest version a package could be updated to, but not the versions in between:
composer update --dry-run
Loading composer repositories with package information
Updating dependencies (including require-dev)
- Updating symfony/translation (v2.5.5) to symfony/translation (v2.5.11)
- Updating symfony/security-core (v2.5.5) to symfony/security-core (v2.5.11)
- Updating symfony/routing (v2.5.5) to symfony/routing (v2.5.11)
- Updating symfony/process (v2.5.5) to symfony/process (v2.5.11)
- Updating symfony/http-foundation (v2.5.5) to symfony/http-foundation (v2.5.11)
The simplest way would probably just to run:
composer outdated
and get a list of the outdated dependencies. The output looks roughly like this:
As has been said by others, composer does what you tell it, and will only install the versions specified from the .lock file, or update to new versions (as specified within the range of the given version).
There are outside website services that will let you know that packages have been updated though - such as Versioneye.com. You can follow a number of packages, and it will let you know when any of them have been updated, so you can update the composer file as you wish.
To show the latest version of the packages, use show with -l/--latest parameter, e.g.
composer show -l
-l, --latest Show the latest version
To see the tree of dependencies, use -t/--tree parameter, e.g.
composer show -t
-t, --tree List the dependencies as a tree
To list all available version for the given package, run:
composer show -a zendframework/zendframework
Note: Change zendframework/zendframework with your package name.
Notes:
For global, add global right after composer.
For help, run: composer global help show.