-
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimum PHP version change in minor is breaking dependents #33
Comments
k. But the fact of the matter is that it actually breaks stuff. I very much strongly disagree with the Why dropping PHP support in a minor version is not a BC break statement. I had code that works. And not it stops working. That's a breaking change. From the page you linked:
Bumping the PHP version resulted in exactly the same problem. It cannot be updated. |
@PeeHaa dependency version bumps are not BC breaks. Also see https://github.com/mojombo/semver/blob/df7bd79bda7d7fe6da20d0724fe0111678cbaa8f/semver.md#what-should-i-do-if-i-update-my-own-dependencies-without-changing-the-public-api |
The code still works - you are just on the previous version of this particular dependency, as the SAT dependency solver of composer doesn't upgrade to a next minor. You will still get critical fixes in |
But they are. For my reasoning see the exact same discussion I had 2 weeks ago igorw/evenement#39. The TL;DR is igorw/evenement#39 (comment) The dependents do the right thing by targeting updates to at most minor which should not break things. Yet it breaks things. |
@PeeHaa PHP's API is not our API - we are just depending on it as with any of the many dependencies or dev-dependencies of this package. If you run 5.x, you will just get 1.0.x installed, according to SAT semantics. |
The failure in question is caused by a This kind of error can happen in many scenarios:
That's exactly what the |
FWIW I see what you people are doing (after a lengthy conversation with @Ocramius). I just don't agree with it and it will fail for more people :-) Last thing you will ever hear me about this in this issue: I cannot ship a .lock file anymore with my project so that:
Sorry for me keep going at it. I just can see the problems that come from this decision. Thanks for your patience o/ |
The problem here is that people use Composer in a wrong way, not that PHP version requirement was bumped. We can just hope this will educate more people and they'll learn that using different versions on dev/ci/staging/production a dangerous idea... |
How can I make sure people downloading my project from github are installing the known and tested dependencies? Everybody keep telling me I am composering wrong, but nobody can give me a sane solution for how to composer right when I want people to install the tested deps. Now I am really done trying to convince people :-) I have heard and understood your side and I have said what I wanted. |
You can't, because you tested it with specific environments and preset
dependencies, and you don't control the user's environment.
This is a very normal issue, and we discussed it. A `composer install`
without lock file would probably resolve to the best possible set of
dependencies when the deployment environment is unknown, but the risks are
there.
…On 1 Aug 2017 8:47 PM, "Pieter Hordijk" ***@***.***> wrote:
How can I make sure people downloading my project from github and
installing the known and tested dependencies?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAJakCuVmUMjcUCqFESQx4xt_oQEQ0dmks5sT3LYgaJpZM4Opze3>
.
|
@PeeHaa as mentioned on the blog post you can define the platform on composer.json, this will make the resolver work properly. |
Edit: see @alcaeus comment below. |
@mikefrancis or, alternatively, you don't commit a lock file that was generated on 7.1 if you're going to run code on 7.0. As suggested in the blog post, the correct way to handle these platform differences is by using the |
@alcaeus that's a much better solution |
Locking single dependencies is also not the correct approach: if you know your deployment environment, lock onto that. Otherwise don't lock at all ( = you don't know the deployment system specifics) |
@alcaeus that only works sanely if there aren't any other packages pulling this same thing. |
@PeeHaa |
I don't have a library. I have a project. |
We already discussed this: if you have a project, provide a lock file that
works on all versions, or none at all if you cannot guarantee that.
…On 2 Aug 2017 1:28 PM, "Pieter Hordijk" ***@***.***> wrote:
I don't have a library. I have a project.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#33 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAJakB5HNPR1WTW7jJmmX9cFn4YagnRNks5sUF1pgaJpZM4Opze3>
.
|
I know. We already discussed. Just noting that said solution may not be a solution, because people refuse to see it for some reason. Anyway unsubbed from thread. Sorry for bothering you all :-) |
I am using phpunit on PHP 7.0.n. The last PHP version bump breaks this sebastianbergmann/phpunit-mock-objects#371
If we could not bump minimum PHP versions in minors that would be great. ❤️
The text was updated successfully, but these errors were encountered: