Skip to content
This repository has been archived by the owner on Jan 25, 2022. It is now read-only.

Make drupal/core dependency less restrictive? #3

Open
hawkeyetwolf opened this issue Apr 25, 2018 · 10 comments
Open

Make drupal/core dependency less restrictive? #3

hawkeyetwolf opened this issue Apr 25, 2018 · 10 comments

Comments

@hawkeyetwolf
Copy link

Because the dependency on drupal/core is pegged to an exact version (e.g., 8.5.2), it is not possible to upgrade to the next version of drupal core (e.g., for a security upgrade) until the next version of webflo/drupal-core-require-dev has also been released. This is okay as long as you, @webflo, or another delegated party is right on top of the drupal core release cycles (and I'm sure you will be—great job so far!), but I wonder if it would be wise to make the drupal/core requirement less restrictive (e.g., ^8.5.2)? That would allow upgrading even if this package gets delayed, for any reason.
@dxii
Copy link

dxii commented Apr 25, 2018
edited
Loading

@derekderaps workaround is either running this command, composer require --dev webflo/drupal-core-require-dev ~8.5.2 or composer update drupal/core webflo/drupal-core-require-dev --with-dependencies

@hawkeyetwolf
Copy link
Author

hawkeyetwolf commented Apr 25, 2018
edited
Loading

@dxii, the 8.5.3 tag of this project was created about 15-30 minutes after the Drupal core release came out, so you should not be seeing this error anymore. However, on one of my sites, the standard update command wouldn't work until I had changed the dependency versions. This doesn't make sense, and wasn't necessary on other sites of mine, but here you go in case it's helpful:

composer require --no-update drupal/core:~8.5.3
composer require --dev --no-update webflo/drupal-core-require-dev:~8.5.3
composer update drupal/core webflo/drupal-core-require-dev --with-dependencies

@ryan-hovland
Copy link

This bug also causes a much more problematic issue on production sites built via composer install --no-dev

When you go to update core via composer update drupal/core --with-dependencies --no-dev core does not update.

If you check why-not composer why-not drupal/core:8.5.3 then it lies to you There is no installed package depending on "drupal/core" in versions not matching 8.5.3

If you check your composer.lock file there is an entry for webflo/drupal-core-require-dev which includes "require": { "drupal/core": "8.5.2" } even though you never installed anything from require-dev

The only way to update core at this point is to run composer update drupal/core webflo/drupal-core-require-dev --with-dependencies --no-dev which installs drupal/core but not webflo/drupal-core-require-dev

I have verified this on a fresh install using composer create-project drupal-composer/drupal-project:8.x-dev some-dir --stability dev --no-interaction --no-dev

This was referenced May 2, 2018
Closed
Open
@hansfn
Copy link

hansfn commented May 4, 2018
edited
Loading

Maybe not spot on for this issue, but how did we end up with

composer update drupal/core webflo/drupal-core-require-dev --with-dependencies

for updating Drupal core instead of just

composer update drupal/core --with-dependencies

This is not very user-friendly.

@geerlingguy
Copy link

Today I'm trying to upgrade my Raspberry Pi Dramble codebase to Drupal 8.6.0, but when I run composer update or the full recommended command as in the comment above, it sticks to 8.5.7. Running composer prohibits:

$ composer prohibits drupal/core:8.6.0
drupal-composer/drupal-project  dev-master  requires  drupal/core (~8.5.3)  
webflo/drupal-core-require-dev  8.5.7       requires  drupal/core (8.5.7)

@zuuperman
Copy link

Update the version of webflo/drupal-core-require-dev. The 8.6 tag is already out:

Update composer.json:
"require-dev": { "webflo/drupal-core-require-dev": "~8.6" },

After that execute
composer update drupal/core webflo/drupal-core-require-dev --with-dependencies --no-dev

@geerlingguy
Copy link

@zuuperman - It looks like the defaults were to use ~8.5.3 for drupal core and something similarly restrictive for this dependency (the tilde plus the minor version inclusion means it won't ever allow updating beyond 8.5.x!). I changed those following the example of this recently merged PR (drupal-composer/drupal-project#424) and did another composer update and things started working.

@kevinquillen
Copy link

composer update drupal/core webflo/drupal-core-require-dev --with-dependencies

I had to do the same thing today to go from 8.6.9 to 8.6.10. It's not very clear or easy to figure out why you cannot update a minor version without that command.

@joewhitsitt joewhitsitt mentioned this issue May 9, 2019
Closed
@ergophobe
Copy link

ergophobe commented May 22, 2019
edited
Loading

Just ran into the same thing with 8.6.15 to 8.6.16. Agree that it would be nice if this were less restrictive

I decided that it's easier to just remove the dependency from my project composer.json and then just add it in if I need to write and run tests.

@ditsbroefs
Copy link

Can not currently update to 8.7.12 security update.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@hansfn @kevinquillen @geerlingguy @zuuperman @hawkeyetwolf @ergophobe @dxii @ryan-hovland @ditsbroefs