Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

composer bump doesn't bump libraries marked with unbound version constraints #11179

Closed
ethanclevenger91 opened this issue Nov 8, 2022 · 1 comment
Labels
Milestone

Comments

@ethanclevenger91
Copy link
Contributor

My composer.json:

{
    "name": "roots/bedrock",
    "type": "project",
    "license": "MIT",
    "description": "WordPress boilerplate with modern development tools, easier configuration, and an improved folder structure",
    "homepage": "https://roots.io/bedrock/",
    "authors": [
        {
            "name": "Scott Walkinshaw",
            "email": "scott.walkinshaw@gmail.com",
            "homepage": "https://github.com/swalkinshaw"
        },
        {
            "name": "Ben Word",
            "email": "ben@benword.com",
            "homepage": "https://github.com/retlehs"
        }
    ],
    "keywords": [
        "bedrock",
        "composer",
        "roots",
        "wordpress",
        "wp",
        "wp-config"
    ],
    "support": {
        "issues": "https://github.com/roots/bedrock/issues",
        "forum": "https://discourse.roots.io/category/bedrock"
    },
    "config": {
        "preferred-install": "dist",
        "allow-plugins": {
            "composer/installers": true,
            "roots/wordpress-core-installer": true
        }
    },
    "repositories": {
        "sterner-stuff/made-of-sterner-stuff": {
            "type": "vcs",
            "url": "git@github.com:sterner-stuff/made-of-sterner-stuff.git"
        },
		"sterner-stuff/kinsta-mu-plugin": {
			"type": "vcs",
			"url": "git@github.com:sterner-stuff/kinsta-mu-plugin.git"
		},
        "0": {
            "type": "composer",
            "url": "https://wpackagist.org"
        },
        "package-peak": {
            "type": "composer",
            "url": "https://packagepeak.app/packages.json"
        },
        "deliciousbrains": {
            "type": "composer",
            "url": "https://composer.deliciousbrains.com"
        },
        "woocommerce/action-scheduler": {
            "type": "vcs",
            "url": "git@github.com:woocommerce/action-scheduler.git"
        },
        "fresa": {
            "type": "vcs",
            "url": "git@github.com:ethanclevenger91/fresa.git"
        },
        "sterner-stuff/advanced-custom-fields-pro": {
            "type": "vcs",
            "url": "git@github.com:sterner-stuff/advanced-custom-fields-pro.git"
        },
        "rocketgenius/gravityforms": {
            "type": "vcs",
            "url": "git@github.com:sterner-stuff/gravityforms.git"
        }
    },
    "require": {
        "php": "^8.0",
        "composer/installers": "^2.2",
        "vlucas/phpdotenv": "^5.5",
        "oscarotero/env": "^2.1",
        "roots/bedrock-autoloader": "^1.0.4",
        "roots/wordpress": ">=5.2",
        "roots/wp-config": "^1.0.0",
        "roots/wp-password-bcrypt": "^1.1",
        "wpackagist-plugin/mailgun": "^1.8.5",
        "wpackagist-plugin/redirection": ">=5.1",
        "wpackagist-plugin/tiny-compress-images": "^3.4.1",
        "sterner-stuff/made-of-sterner-stuff": "*",
        "deliciousbrains-plugin/wp-migrate-db-pro": "*",
        "deliciousbrains-plugin/wp-offload-media": "*",
        "wpackagist-plugin/all-in-one-seo-pack": "^4.2.6.1",
        "wpackagist-plugin/enable-media-replace": "^4.0",
        "wpackagist-plugin/cookie-law-info": "^3.0.3",
        "wpackagist-plugin/pixelyoursite": "^9.2",
        "wpackagist-plugin/polylang": "^3.2.8",
        "wpackagist-plugin/woocommerce": "^7.0",
        "wpackagist-plugin/wp-store-locator": "*",
        "wpackagist-plugin/add-to-any": "*",
        "wpackagist-plugin/simple-custom-post-order": "*",
        "wpackagist-plugin/relevanssi": "*",
        "wpackagist-plugin/capability-manager-enhanced": "*",
        "wpackagist-plugin/flippingbook": ">=1.3.1",
        "wpackagist-plugin/advanced-excerpt": ">=4.2",
        "league/csv": ">=9.3",
        "box/spout": "^3.3",
        "woocommerce/action-scheduler": "^3.5.2",
        "wpackagist-plugin/user-switching": ">=1.5",
        "stevenmaguire/oauth2-salesforce": "^2.0.1",
        "wpackagist-plugin/transients-manager": ">=1.8",
        "jplhomer/fresa": "dev-master",
        "wpackagist-plugin/jetpack": ">=8.6",
        "wpackagist-plugin/woocommerce-services": ">=1.23",
        "the-wp-instinct-team/woo-vehicle-parts-finder": "^3.5",
        "wpackagist-plugin/taxonomy-terms-order": ">=1.5.7",
        "wpackagist-plugin/duplicate-post": ">=4.1",
        "wp-media/wp-rocket": ">=3.8",
        "wp-media/wp-rocket-cli": ">=1.3",
        "elliotcondon/advanced-custom-fields-pro": ">=5.9",
        "beaver-builder/bb-plugin-pro": ">=2.4.2",
        "beaver-builder/bb-theme-builder": ">=1.3",
        "wpackagist-plugin/gravityformscli": ">=1.4",
        "wpackagist-plugin/gutenberg": "^14.4",
        "wpackagist-plugin/acf-gravityforms-add-on": ">=1.2",
        "wpackagist-plugin/zero-spam": ">=5.0",
        "wpackagist-plugin/gravity-forms-zero-spam": ">=1.1",
        "wpackagist-plugin/stream": "*",
        "wpackagist-plugin/woocommerce-gateway-stripe": ">=5.9",
        "kinsta/kinsta-mu-plugins": "dev-sterner-stuff",
        "rocketgenius/gravityforms": ">=2.6.1",
        "wpackagist-plugin/google-site-kit": ">=1.74",
        "wpackagist-plugin/official-facebook-pixel": ">=3.0"
    },
    "require-dev": {
        "squizlabs/php_codesniffer": "^3.7.1",
        "roave/security-advisories": "dev-master",
        "wpackagist-plugin/debug-bar-list-dependencies": ">=1.1",
        "wpackagist-plugin/query-monitor": ">=3.3",
        "symfony/var-dumper": "^6.0.14",
        "wpackagist-plugin/what-the-file": ">=1.5",
        "wpackagist-plugin/wp-crontrol": ">=1.8"
    },
    "extra": {
        "installer-paths": {
            "web/app/mu-plugins/{$name}/": [
                "type:wordpress-muplugin",
                "woocommerce/action-scheduler"
            ],
            "web/app/plugins/{$name}/": [
                "type:wordpress-plugin"
            ],
            "web/app/themes/{$name}/": [
                "type:wordpress-theme"
            ]
        },
        "wordpress-install-dir": "web/wp"
    },
    "autoload": {
        "psr-4": {
            "ExGuard\\Plugin\\": "web/app/plugins/sterner-stuff-ex-guard/src/",
            "ExGuard\\Theme\\": "web/app/themes/ex-guard-mix/includes/"
        }
    },
    "scripts": {
        "post-root-package-install": [
            "php -r \"copy('.env.example', '.env');\""
        ],
        "test": [
            "phpcs"
        ]
    }
}

Output of composer diagnose:

Checking composer.json: WARNING
require.roots/wordpress : unbound version constraints (>=5.2) should be avoided
require.wpackagist-plugin/redirection : unbound version constraints (>=5.1) should be avoided
require.sterner-stuff/made-of-sterner-stuff : unbound version constraints (*) should be avoided
require.deliciousbrains-plugin/wp-migrate-db-pro : unbound version constraints (*) should be avoided
require.deliciousbrains-plugin/wp-offload-media : unbound version constraints (*) should be avoided
require.wpackagist-plugin/wp-store-locator : unbound version constraints (*) should be avoided
require.wpackagist-plugin/add-to-any : unbound version constraints (*) should be avoided
require.wpackagist-plugin/simple-custom-post-order : unbound version constraints (*) should be avoided
require.wpackagist-plugin/relevanssi : unbound version constraints (*) should be avoided
require.wpackagist-plugin/capability-manager-enhanced : unbound version constraints (*) should be avoided
require.wpackagist-plugin/flippingbook : unbound version constraints (>=1.3.1) should be avoided
require.wpackagist-plugin/advanced-excerpt : unbound version constraints (>=4.2) should be avoided
require.league/csv : unbound version constraints (>=9.3) should be avoided
require.wpackagist-plugin/user-switching : unbound version constraints (>=1.5) should be avoided
require.wpackagist-plugin/transients-manager : unbound version constraints (>=1.8) should be avoided
require.wpackagist-plugin/jetpack : unbound version constraints (>=8.6) should be avoided
require.wpackagist-plugin/woocommerce-services : unbound version constraints (>=1.23) should be avoided
require.wpackagist-plugin/taxonomy-terms-order : unbound version constraints (>=1.5.7) should be avoided
require.wpackagist-plugin/duplicate-post : unbound version constraints (>=4.1) should be avoided
require.wp-media/wp-rocket : unbound version constraints (>=3.8) should be avoided
require.wp-media/wp-rocket-cli : unbound version constraints (>=1.3) should be avoided
require.elliotcondon/advanced-custom-fields-pro : unbound version constraints (>=5.9) should be avoided
require.beaver-builder/bb-plugin-pro : unbound version constraints (>=2.4.2) should be avoided
require.beaver-builder/bb-theme-builder : unbound version constraints (>=1.3) should be avoided
require.wpackagist-plugin/gravityformscli : unbound version constraints (>=1.4) should be avoided
require.wpackagist-plugin/acf-gravityforms-add-on : unbound version constraints (>=1.2) should be avoided
require.wpackagist-plugin/zero-spam : unbound version constraints (>=5.0) should be avoided
require.wpackagist-plugin/gravity-forms-zero-spam : unbound version constraints (>=1.1) should be avoided
require.wpackagist-plugin/stream : unbound version constraints (*) should be avoided
require.wpackagist-plugin/woocommerce-gateway-stripe : unbound version constraints (>=5.9) should be avoided
require.rocketgenius/gravityforms : unbound version constraints (>=2.6.1) should be avoided
require.wpackagist-plugin/google-site-kit : unbound version constraints (>=1.74) should be avoided
require.wpackagist-plugin/official-facebook-pixel : unbound version constraints (>=3.0) should be avoided
Checking platform settings: OK
Checking git settings: OK git version 2.38.1
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: You are not running the latest stable version, run `composer self-update` to update (2.4.2 => 2.4.4)
Composer version: 2.4.2
PHP version: 8.0.17
PHP binary path: C:\Users\Ethan\bin\php\php.exe
OpenSSL version: OpenSSL 1.1.1m  14 Dec 2021
cURL version: 7.76.1 libz 1.2.11 ssl OpenSSL/1.1.1m
zip: extension present, unzip present, 7-Zip present (7z)

When I run this command: composer bump

I get the following output:

Loading composer repositories with package information
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 0 updates, 0 removals
Package box/spout is abandoned, you should avoid using it. No replacement was suggested.
Generating autoload files
27 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found

Also - libraries w/ bound version constraints are bumped as expected.

And I expected this to happen:

Libraries with versioned, but unbound, constraints would also be bumped.

Basically, I understand why "*" might not be replaced with a version number since it has no lower bound, but something like >=5.1 would presumably be bumped if applicable because it at least has a lower bound.

@Seldaek
Copy link
Member

Seldaek commented Nov 13, 2022

I'd need to check how easy but yes bumping >=x to >=y sounds ok.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants