2.0 requires "peekmo/jsonpath": "dev-feature_pathing_retention",

[ruudk]

Hi!

Why does 2.0 require a dev package?

This way, I cannot install the package because of my minimal stability setting.

[mattermack]

There are two packages needed to solve particular cases.

1. TreeWalker - this is needed for Pact-PHP 1.1.X and the 1.1 pact specification. Pact-PHP 1.0.X did not need the modification to JSON Walker. A bug fix, which was following an implementation from a PR, was merged into dev-master but not explicitly tagged as stable. From the Composer documentation, this alone requires a dev stability level.

Due to the dev- prefix, this is known to be a dev version, and dev versions have "dev" stability

2. JSONPath has an open pull request for functionality needed to hit the 2.0 pact specification. For Pact-PHP 2.0, there is an extra need on the explicitly "repository" node on the Composer.json in the README.md. I followed the recommendations of Composer to add a VCS for this common use case.

The most common one is maintaining your own fork of a third party library. If you are using a certain library for your project and you decide to change something in the library, you will want your project to use the patched version.

When these libraries are either replaced or tagged appropriately, this package will not require the "dev" stability level.

You may have a better understanding on Composer than I but I think your concern can be mitigated by the prefer-stable flag.

When this is enabled, Composer will prefer more stable packages over unstable ones when finding compatible stable packages is possible. If you require a dev version or only alphas are available for a package, those will still be selected granted that the minimum-stability allows for it.

{ "prefer-stable": true, "minimum-stability": "dev", "repositories": [ { "type": "vcs", "url": "https://github.com/mattermack/JsonPath" } ], "require": { "mattersight/phppact": "^2.0" } }

[ruudk]

The issue is, that this stable package now depends on a dev release... something that shouldn't have happened.

It's now impossible to use this 2.0 package in a stable way.

[ruudk]

Lowering the minimum-stability is not what you want to do as it will grab other dev versions when you run composer update as well.

If upstream packages were not yet released and tagged, 2.0 of this lib couldn't have been released.

[mattermack]

Isn't "minimum-stability : dev" mitigated by "prefer-stable : true"? If that is insufficient, we could untag this as 2.X and stick with dev-master.

[ruudk]

Not sure, I tried it yesterday and it started downloading the whole internet as dev-master ;)

It's not a big deal, but maybe good to tag a new release whenever these dependencies are merged and tagged.