Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't use commit ref notation in composer.json #92

Closed
1 of 4 tasks
danepowell opened this issue Jul 1, 2019 · 1 comment · Fixed by #96
Closed
1 of 4 tasks

Don't use commit ref notation in composer.json #92

danepowell opened this issue Jul 1, 2019 · 1 comment · Fixed by #96

Comments

@danepowell
Copy link

danepowell commented Jul 1, 2019

How is drupal-check installed?

  • drupal-check is installed using the phar
  • drupal-check is installed globally via Composer
  • drupal-check is installed globally using consolidation/cgr
  • drupal-check is installed as a dependency to my project

Environment:

  • OS: Linux
  • PHP Version: 7.2
  • Drupal core: 8.x.x

Describe the bug
This package depends on phpstan 0.11.x-dev#bf4e560:

"phpstan/phpstan": "0.11.x-dev#bf4e560b898dd77e5d4b22978e5fddece3d7a364",

However, in general when you composer require mglaman/drupal-check you will not get that version. You will get the latest commit of phpstan on 0.11.x. This could lead to a lot of undefined behavior and unpredictable results.

It's well-documented that using commit refs doesn't behave as you might expect when calculating dependencies. I think it would be better to either pin to a stable release, or depend on the dev branch with no commit (which still isn't good but at least doesn't pretend to be predictable.)

To reproduce this, simply create a new composer.json with minimum stability of dev, then composer require mglaman/drupal-check:1.0.11. Notice that the latest commit (HEAD) of phpstan is downloaded, instead of bf4e560.

I found this while trying to troubleshoot a bear of a dependency conflict between phpstan and something else, leading to a bunch of errors like the following. I don't think they are related to this issue, but it was an annoying red herring.
Fatal error: Declaration of Nette\DI\Config\Adapters\NeonAdapter::load($file) must be compatible with Nette\DI\Config\Adapter::load(string $file): array

@mglaman
Copy link
Owner

mglaman commented Jul 9, 2019

The reasoning is explained in https://glamanate.com/blog/deprecation-message-support-phpstan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants