symfony
`composer outdated -m` doesn't respect `extra.symfony.require`
My composer.json:
{
"require": {
"php": "^8.4",
"symfony/cache": "^7.2.9",
"symfony/console": "^7.2.9",
"symfony/dotenv": "^7.2.9",
"symfony/serializer": "^7.2.9",
"symfony/twig-bundle": "^7.2.9",
"symfony/uid": "^7.2.8",
"symfony/yaml": "^7.2.9"
},
"extra": {
"symfony": {
"require": "7.2.*"
}
}
}
Output of composer diagnose:
not relevant
When I run this command:
symfony composer outdated -m -D "symfony/*"
I get the following output:
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
symfony/cache 7.2.9 7.4.0 Provides extended PSR-6, PSR-16 (and tags) implementations
symfony/console 7.2.9 7.4.0 Eases the creation of beautiful and testable command line interfaces
symfony/debug-bundle 7.2.0 7.4.0 Provides a tight integration of the Symfony VarDumper component and the ServerLogCommand from MonologBridge into the Symfony full-stack framework
symfony/dotenv 7.2.9 7.4.0 Registers environment variables from a .env file
symfony/framework-bundle 7.2.9 7.4.0 Provides a tight integration between Symfony components and the Symfony full-stack framework
symfony/http-client 7.2.9 7.4.0 Provides powerful methods to fetch HTTP resources synchronously or asynchronously
symfony/property-access 7.2.9 7.4.0 Provides functions to read and write from/to an object or array using a simple string notation
symfony/property-info 7.2.9 7.4.0 Extracts information about PHP class' properties using metadata of popular sources
symfony/runtime 7.2.8 7.4.0 Enables decoupling PHP applications from global state
symfony/serializer 7.2.9 7.4.0 Handles serializing and deserializing data structures, including object graphs, into array structures or other formats like XML and JSON.
symfony/stopwatch 7.2.4 7.4.0 Provides a way to profile code
symfony/twig-bundle 7.2.9 7.4.0 Provides a tight integration of Twig into the Symfony full-stack framework
symfony/uid 7.2.8 7.4.0 Provides an object-oriented API to generate and represent UIDs
symfony/web-profiler-bundle 7.2.9 7.4.0 Provides a development tool that gives detailed information about the execution of any request
symfony/yaml 7.2.9 7.4.0 Loads and dumps YAML files
And I expected this to happen:
I expect the version updates available to respect the actual updates for 7.2.* to be the listed versions
You tell about composer update in the issue title, but about composer outdated in the description. Which one is correct?
You tell about composer update in the issue title, but about composer outdated in the description. Which one is correct?
Sorry @nicolas-grekas, I accidentally miswrote the command. ~I'll verify it shortly!~ Verified, and adjusted the title. See also the issue I first started here: https://github.com/composer/composer/issues/12649.
If assistance is desired, I can try to resolve this issue and submit a fix. But I'd like to know first if my finding is a correct one, or that I'm describing an edge case which you think is the expected result. So basically, do you think this is a bug? If so I can help if you want.
Same issue with composer update.
"extra": {
"public-dir": "web/",
"symfony": {
"require": "7.3.*"
}
},
"require": {
"symfony/flex": "~2.2",
"symfony/messenger": "*",
},
Running composer update upgraded everything to 8.0.
@klunejko there is no symfony/flex in the required dependencies. Is it the full reproducer?
@andrew-demb Ah, sorry, no. Didn't post the full list since it's rather long, but flex is included with "symfony/flex": "~2.2".
Is Flex already installed (either globally or in an existing vendor directory) at the time you run composer update ?
Composer plugins cannot impact the dependency resolution if they are not installed yet.
Does anybody else reproduce? If not, we might need a real one - a repo to play with, with step-by-step reproducer. 🙏
About composer outdated: it's expected sticking to 7.2 when 7.4 is out doesn't mean you're up to date with the latest 7.2.
About composer update -m, I'd be happy to have a look at a reproducer!