New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update --lock
should not update packages
#11787
Comments
Turns out the |
@Seldaek: We still have an issue (started happening after composer 2.0.0 I seem to remember) that running I've tried to find steps to reproduce in the past 2 years to try to report the issue here, but never managed to and then just gave up, I think it's related to our custom private Satis repository (which is running a pretty outdated version, we still need to support composer v1 functionality unfortunately). I can never reproduce it with packages that come from packagist.org. I can still reproduce it today with composer version 2.6.6 I have the suspicion that this action wasn't taken yet, but I'm not sure, that's just guessing: #9812 (comment) Sorry for intruding here in this issue, maybe I should create a new one instead? |
Awesome, thanks! |
Hi @Seldaek I can confirm that with composer 2.7.0/2.7.1 this is mostly fixed. But not 100% yet. I notice that if the latest version of a package with I'm for example now seeing this diff in the "magento/module-store": "^101.0.0",
"magento/module-tax": "^100.3.0",
"magento/module-tax-import-export": "^100.3.0",
- "php": "~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.1.0 || ~8.2.0"
+ "php": "~7.2.0 || ~7.3.0 || ~7.4.0 || ~8.1.0 || ~8.2.0 || ~8.3.0"
},
"type": "magento2-component",
"autoload": { Would it be technically possible to also not update these fields when a dev-dependency isn't getting updated? |
Sorry I can not, it only triggers with packages from our private Satis composer repository. |
…ackage to ensure we keep all metadata intact, fixes composer#11787
…ackage to ensure we keep all metadata intact, fixes composer#11787
@hostep ok you can now |
@Seldaek did all the job, props to him as well ! |
I ran
composer update --lock
in order to fix the "Warning: The lock file is not up to date with the latest changes in composer.json..." after removing acweagans/composer-patches
patch in thecomposer.json
.I was expecting to only get a hash change in the
composer.lock
as said in the documentation.But there were also minor changes :
authors
updatestimestamp
andversion
update in a drupal module ("type": "drupal-module" drupal/rest_entity_display:dev-2.0.x > extra > drupal > datestamp + version)abandoned
addition in php-http/guzzle6-adapter:v2.0.2If it's a normal behavior, maybe the doc (https://getcomposer.org/doc/03-cli.md#update-u-upgrade) should be updated. Adding a notice such as "expect also other minor changes on packages metadata) ?
Output of
composer diagnose
:The text was updated successfully, but these errors were encountered: