Feature: keep locked package versions #34
Conversation
boesing
requested review from
weierophinney and
michalbundyra
and removed request for
weierophinney
|
Hey guys, any feedback on this? I think this will speed up migrations to laminas even off those timeframes. |
|
TBH: I dont get why travis fails due to ocramius package. its not even used in here 🤷♂ |
…ng the old constraints
This will include patched versions after migration. For example: laminas/laminas-diactoros@2.2.1...2.2.1p1
weierophinney
force-pushed
the
feature/keep-locked-package-versions
branch
from
b134fcc
to
ca3c115
Compare
There was a problem hiding this comment.
I rebased off of current develop, which removes the dependency on ocramius/package-versions, and allows Travis to build against your branch successfully.
My one question in here: while you can sync the composer.lock with the packages listed in the composer.json, this does nothing to ensure that nested dependencies receive the same version; they will be updated to whatever latest version is allowed by the parent package.
Does this seem like a potential issue, or is the primary point to ensure that the explicit dependencies get the same version installed?
Otherwise, this all makes sense; I just want to ensure we message exactly what this does to end-users.
|
I've thought about that aswell, thats why the code actually just copy & pastes any package from Downside of this is, that one has to remove those packages from his However, I still have to change the docs if I have time for it. Hopefully at the end of this week. |
|
@boesing Thanks for update. I've added "Awaiting Author Update", so ping us please when the PR is ready to go. |
|
I've added some documentation in laminas/laminas.github.io#51 I guess I've got anything in there. Feel free to have a look. |
|
Thanks, @boesing! Merged into develop for 1.1.0 release. |
Description
Hey guys, we want to start with the migration to laminas as soon as possible.
After playing around a bit and talking to other developers of my company, I found out, that we have some projects and teams which follow something like "composer update plan". Thus, they're only updating composer for example 4 times a year.
This made me thinking about what that means about the migration to laminas, as the migration tool drops the
composer.lockand enforces updating the whole projects dependencies.To avoid possible issues with other packages or incompatibilities with new minor versions (or possible invalid constraints in the projects
composer.json) and to make a clean upgrade path to laminas possible without upgrading the whole package, I've thought about the--keep-locked-versionsflag in the migration tool.It will actually just copy & paste the locked package versions to the
composer.json(even if they not directly depended on em due to recursive dependency resolving). After the firstcomposer install(which is adviced in the migration description), the newcomposer.lockcontains all locked versions from the oldcomposer.lockand the only thing changed were the packages of laminas/mezzio.After this, one could restore his old constraints in the
composer.jsonmanually and drop those dependencies, which were never part of thecomposer.json.What do you think about this feature?
To proof that the migration still works, I created an example migration of one of my projects:
boesing/zend-expressive-cors#7
Love to get feedback. Thanks in advance.