Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When targetting specific commits, depency requirements are not properly resolved #8037

bramus opened this Issue Mar 14, 2019 · 2 comments


None yet
2 participants
Copy link

bramus commented Mar 14, 2019

My composer.json:

    "name": "bramus/test",
    "type": "project",
    "authors": [
            "name": "Bramus",
            "email": ""
    "require": {}

Output of composer diagnose:

Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking rate limit: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
Checking composer version: OK
Composer version: 1.8.4
PHP version: 7.3.2
PHP binary path: /usr/local/Cellar/php/7.3.2/bin/php

When I run this command:

composer require devristo/phpws:dev-master#5c495fa15555c8a4eb40c000e28ab6205d72e7f7

I get the following output:

./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 21 installs, 0 updates, 0 removals
  - Installing react/promise (v2.7.1): Loading from cache
  - Installing react/event-loop (v0.4.3): Loading from cache
  - Installing react/promise-timer (v1.5.0): Loading from cache
  - Installing evenement/evenement (v2.1.0): Loading from cache
  - Installing react/stream (v0.4.6): Loading from cache
  - Installing react/cache (v0.5.0): Loading from cache
  - Installing react/dns (v0.4.16): Loading from cache
  - Installing react/socket (v0.5.1): Loading from cache
  - Installing react/socket-client (v0.5.3): Loading from cache
  - Installing zendframework/zend-stdlib (3.2.1): Downloading (100%)         
  - Installing psr/container (1.0.0): Downloading (100%)         
  - Installing container-interop/container-interop (1.2.0): Downloading (100%)         
  - Installing zendframework/zend-validator (2.12.0): Downloading (100%)         
  - Installing zendframework/zend-escaper (2.6.0): Downloading (100%)         
  - Installing zendframework/zend-uri (2.7.0): Downloading (100%)         
  - Installing zendframework/zend-loader (2.6.0): Downloading (100%)         
  - Installing zendframework/zend-http (2.10.0): Downloading (100%)         
  - Installing zendframework/zend-servicemanager (3.4.0): Downloading (100%)         
  - Installing psr/log (1.1.0): Loading from cache
  - Installing zendframework/zend-log (2.10.0): Downloading (100%)         
  - Installing devristo/phpws (dev-master 5c495fa): Cloning 5c495fa155 from cache
react/event-loop suggests installing ext-libevent (>=0.1.0)
react/event-loop suggests installing ext-event (~1.0)
react/event-loop suggests installing ext-libev (*)
zendframework/zend-validator suggests installing psr/http-message (psr/http-message, required when validating PSR-7 UploadedFileInterface instances via the Upload and UploadFile validators)
zendframework/zend-validator suggests installing zendframework/zend-db (Zend\Db component, required by the (No)RecordExists validator)
zendframework/zend-validator suggests installing zendframework/zend-filter (Zend\Filter component, required by the Digits validator)
zendframework/zend-validator suggests installing zendframework/zend-i18n (Zend\I18n component to allow translation of validation error messages)
zendframework/zend-validator suggests installing zendframework/zend-math (Zend\Math component, required by the Csrf validator)
zendframework/zend-validator suggests installing zendframework/zend-i18n-resources (Translations of validator messages)
zendframework/zend-validator suggests installing zendframework/zend-session (Zend\Session component, ^2.8; required by the Csrf validator)
zendframework/zend-http suggests installing paragonie/certainty (For automated management of cacert.pem)
zendframework/zend-servicemanager suggests installing ocramius/proxy-manager (ProxyManager 1.* to handle lazy initialization of services)
zendframework/zend-log suggests installing ext-mongo (mongo extension to use Mongo writer)
zendframework/zend-log suggests installing ext-mongodb (mongodb extension to use MongoDB writer)
zendframework/zend-log suggests installing zendframework/zend-console (Zend\Console component to use the RequestID log processor)
zendframework/zend-log suggests installing zendframework/zend-db (Zend\Db component to use the database log writer)
zendframework/zend-log suggests installing zendframework/zend-mail (Zend\Mail component to use the email log writer)
Package react/socket-client is abandoned, you should avoid using it. Use react/socket instead.
Writing lock file
Generating autoload files

And I expected this to happen:

In this output I see that the versions for the packages react/socket and react/socket-client are versions 0.5.* whilst I expected versions 0.4.* to be installed.

When I look at the composer.json file of specific commit that I am targetting, it has these requirements:

        "react/socket": "0.4.*",
        "react/stream": "0.4.*",

I expected that Composer would respect these.

It seems however that Composer is using the requirements that are defined in the composer.json currently at HEAD instead:

        "react/socket": "0.5.*",
        "react/socket-client": "0.5.*",

The reason that I am targetteing this specific commit of devristo/phpws, is namely that it requires the 0.4.* versions of its required packages.

@alcohol alcohol closed this Mar 15, 2019


This comment has been minimized.

Copy link

bramus commented Mar 15, 2019

Thanks for the clarification. #TIL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.