Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

composer require --fixed does not use fixed version anymore #11247

Closed
gharlan opened this issue Dec 31, 2022 · 1 comment
Closed

composer require --fixed does not use fixed version anymore #11247

gharlan opened this issue Dec 31, 2022 · 1 comment
Labels
Bug
Milestone
2.5

Comments

@gharlan
Copy link
Contributor

gharlan commented Dec 31, 2022

My composer.json:

{}

Output of composer diagnose:

Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK git version 2.37.1
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.5.1
PHP version: 8.1.13
PHP binary path: /opt/homebrew/Cellar/php@8.1/8.1.13/bin/php
OpenSSL version: OpenSSL 1.1.1s  1 Nov 2022
cURL version: 7.87.0 libz 1.2.11 ssl (SecureTransport) OpenSSL/1.1.1s
zip: extension present, unzip present, 7-Zip not available

When I run this command: 

composer require --dev --fixed vimeo/psalm

I get the following output: 

./composer.json has been updated
Running composer update vimeo/psalm
Loading composer repositories with package information
Updating dependencies
Lock file operations: 31 installs, 0 updates, 0 removals
  - Locking amphp/amp (v2.6.2)
  - Locking amphp/byte-stream (v1.8.1)
  - Locking composer/package-versions-deprecated (1.11.99.5)
  - Locking composer/pcre (3.1.0)
  - Locking composer/semver (3.3.2)
  - Locking composer/xdebug-handler (3.0.3)
  - Locking dnoegel/php-xdg-base-dir (v0.1.1)
  - Locking felixfbecker/advanced-json-rpc (v3.2.1)
  - Locking felixfbecker/language-server-protocol (v1.5.2)
  - Locking fidry/cpu-core-counter (0.4.1)
  - Locking netresearch/jsonmapper (v4.1.0)
  - Locking nikic/php-parser (v4.15.2)
  - Locking phpdocumentor/reflection-common (2.2.0)
  - Locking phpdocumentor/reflection-docblock (5.3.0)
  - Locking phpdocumentor/type-resolver (1.6.2)
  - Locking psr/container (2.0.2)
  - Locking psr/log (3.0.0)
  - Locking sebastian/diff (4.0.4)
  - Locking spatie/array-to-xml (2.17.1)
  - Locking symfony/console (v6.2.3)
  - Locking symfony/deprecation-contracts (v3.2.0)
  - Locking symfony/filesystem (v6.2.0)
  - Locking symfony/polyfill-ctype (v1.27.0)
  - Locking symfony/polyfill-intl-grapheme (v1.27.0)
  - Locking symfony/polyfill-intl-normalizer (v1.27.0)
  - Locking symfony/polyfill-mbstring (v1.27.0)
  - Locking symfony/polyfill-php80 (v1.27.0)
  - Locking symfony/service-contracts (v3.2.0)
  - Locking symfony/string (v6.2.2)
  - Locking vimeo/psalm (5.4.0)
  - Locking webmozart/assert (1.11.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 31 installs, 0 updates, 0 removals
  - Downloading psr/log (3.0.0)
  - Downloading symfony/console (v6.2.3)
  - Downloading sebastian/diff (4.0.4)
  - Downloading felixfbecker/advanced-json-rpc (v3.2.1)
  - Downloading dnoegel/php-xdg-base-dir (v0.1.1)
  - Downloading amphp/byte-stream (v1.8.1)
  - Installing composer/package-versions-deprecated (1.11.99.5): Extracting archive
  - Installing composer/pcre (3.1.0): Extracting archive
  - Installing symfony/polyfill-ctype (v1.27.0): Extracting archive
  - Installing webmozart/assert (1.11.0): Extracting archive
  - Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
  - Installing phpdocumentor/type-resolver (1.6.2): Extracting archive
  - Installing phpdocumentor/reflection-docblock (5.3.0): Extracting archive
  - Installing psr/log (3.0.0): Extracting archive
  - Installing symfony/deprecation-contracts (v3.2.0): Extracting archive
  - Installing psr/container (2.0.2): Extracting archive
  - Installing symfony/service-contracts (v3.2.0): Extracting archive
  - Installing symfony/polyfill-mbstring (v1.27.0): Extracting archive
  - Installing symfony/polyfill-intl-normalizer (v1.27.0): Extracting archive
  - Installing symfony/polyfill-intl-grapheme (v1.27.0): Extracting archive
  - Installing symfony/string (v6.2.2): Extracting archive
  - Installing symfony/polyfill-php80 (v1.27.0): Extracting archive
  - Installing symfony/filesystem (v6.2.0): Extracting archive
  - Installing symfony/console (v6.2.3): Extracting archive
  - Installing spatie/array-to-xml (2.17.1): Extracting archive
  - Installing sebastian/diff (4.0.4): Extracting archive
  - Installing nikic/php-parser (v4.15.2): Extracting archive
  - Installing netresearch/jsonmapper (v4.1.0): Extracting archive
  - Installing fidry/cpu-core-counter (0.4.1): Extracting archive
  - Installing felixfbecker/language-server-protocol (v1.5.2): Extracting archive
  - Installing felixfbecker/advanced-json-rpc (v3.2.1): Extracting archive
  - Installing dnoegel/php-xdg-base-dir (v0.1.1): Extracting archive
  - Installing composer/xdebug-handler (3.0.3): Extracting archive
  - Installing composer/semver (3.3.2): Extracting archive
  - Installing amphp/amp (v2.6.2): Extracting archive
  - Installing amphp/byte-stream (v1.8.1): Extracting archive
  - Installing vimeo/psalm (5.4.0): Extracting archive
4 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
19 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found
Using version ^5.4 for vimeo/psalm

And I expected this to happen:

I expected that a fixed version is used (5.4.0) instead of a version range (^5.4).
@Seldaek Seldaek added this to the 2.5 milestone Jan 13, 2023
@Seldaek Seldaek added the Bug label Jan 13, 2023
@Seldaek
Copy link
Member

Seldaek commented Jan 13, 2023

Looks like a regression due to some changes we did in require command to guess versions better. Should be an easy fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
2.5
Development

No branches or pull requests
2 participants
@Seldaek @gharlan