flex icon indicating copy to clipboard operation
flex copied to clipboard

Published 20 hours ago verified publisher icon symfony

PackageSynchronizer changes version of dependencies

Open weaverryan opened this issue 3 years ago • 1 comments
trafficstars

Hi there!

This is pretty easy to replicate:

symfony new flex_package_sync_test
cd flex_package_sync_test
composer require encore
composer require symfony/ux-turbo

# at this point, package.json will contain `@hotwired/turbo` at some version - e.g. `^7.0.0-beta.5`
# CHANGE this to something else - e.g. `^7.1.0`

composer update
# this will change the version back to `^7.0.0-beta.5`

Reported originally to me by @alexander-schranz

weaverryan avatar Dec 03 '21 19:12 weaverryan

This doesn't happen on install anymore, but it does on update. The reason is that PackageJsonSynchronizer works without caring about symfony.lock nor existing constraints. Ignoring existing constraints looks on purpose to me, since that's how updates would work. Ignoring symfony.lock on the contrary doesn't look desired.

I don't know if it's possible to implement mutating package.json as a recipe configurator, but that could be the solution.

Anyone affected up for a PR?

nicolas-grekas avatar Feb 16 '22 15:02 nicolas-grekas