-
-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't use commit ref notation in composer.json #92
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How is drupal-check installed?
Environment:
Describe the bug
This package depends on phpstan 0.11.x-dev#bf4e560:
drupal-check/composer.json
Line 16 in 5e42214
However, in general when you
composer require mglaman/drupal-check
you will not get that version. You will get the latest commit of phpstan on 0.11.x. This could lead to a lot of undefined behavior and unpredictable results.It's well-documented that using commit refs doesn't behave as you might expect when calculating dependencies. I think it would be better to either pin to a stable release, or depend on the dev branch with no commit (which still isn't good but at least doesn't pretend to be predictable.)
To reproduce this, simply create a new composer.json with minimum stability of dev, then
composer require mglaman/drupal-check:1.0.11
. Notice that the latest commit (HEAD) of phpstan is downloaded, instead of bf4e560.I found this while trying to troubleshoot a bear of a dependency conflict between phpstan and something else, leading to a bunch of errors like the following. I don't think they are related to this issue, but it was an annoying red herring.
Fatal error: Declaration of Nette\DI\Config\Adapters\NeonAdapter::load($file) must be compatible with Nette\DI\Config\Adapter::load(string $file): array
The text was updated successfully, but these errors were encountered: