-
-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature: keep locked package versions #34
Feature: keep locked package versions #34
Conversation
Hey guys, any feedback on this? I think this will speed up migrations to laminas even off those timeframes. |
TBH: I dont get why travis fails due to ocramius package. its not even used in here 🤷♂ |
…ng the old constraints
This will include patched versions after migration. For example: laminas/laminas-diactoros@2.2.1...2.2.1p1
b134fcc
to
ca3c115
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I rebased off of current develop, which removes the dependency on ocramius/package-versions, and allows Travis to build against your branch successfully.
My one question in here: while you can sync the composer.lock
with the packages listed in the composer.json
, this does nothing to ensure that nested dependencies receive the same version; they will be updated to whatever latest version is allowed by the parent package.
Does this seem like a potential issue, or is the primary point to ensure that the explicit dependencies get the same version installed?
Otherwise, this all makes sense; I just want to ensure we message exactly what this does to end-users.
I've thought about that aswell, thats why the code actually just copy & pastes any package from Downside of this is, that one has to remove those packages from his However, I still have to change the docs if I have time for it. Hopefully at the end of this week. |
@boesing Thanks for update. I've added "Awaiting Author Update", so ping us please when the PR is ready to go. |
I've added some documentation in laminas/laminas.github.io#51 I guess I've got anything in there. Feel free to have a look. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
Thanks, @boesing! Merged into develop for 1.1.0 release. |
Description
Hey guys, we want to start with the migration to laminas as soon as possible.
After playing around a bit and talking to other developers of my company, I found out, that we have some projects and teams which follow something like "composer update plan". Thus, they're only updating composer for example 4 times a year.
This made me thinking about what that means about the migration to laminas, as the migration tool drops the
composer.lock
and enforces updating the whole projects dependencies.To avoid possible issues with other packages or incompatibilities with new minor versions (or possible invalid constraints in the projects
composer.json
) and to make a clean upgrade path to laminas possible without upgrading the whole package, I've thought about the--keep-locked-versions
flag in the migration tool.It will actually just copy & paste the locked package versions to the
composer.json
(even if they not directly depended on em due to recursive dependency resolving). After the firstcomposer install
(which is adviced in the migration description), the newcomposer.lock
contains all locked versions from the oldcomposer.lock
and the only thing changed were the packages of laminas/mezzio.After this, one could restore his old constraints in the
composer.json
manually and drop those dependencies, which were never part of thecomposer.json
.What do you think about this feature?
To proof that the migration still works, I created an example migration of one of my projects:
boesing/zend-expressive-cors#7
Love to get feedback. Thanks in advance.