Fixes composer.lock file which does not contain web-token/jwt-framewo…

[hostep]

…rk package and its dependents even though composer.json does require it.

Description (*)

The composer.lock file in the 2.4-develop branch is incomplete.

MC-38539 introduced the web-token/jwt-framework package in the composer.json file, but somehow nobody thought about updating the composer.lock file as well.
These two files should always be in sync, otherwise dependencies that are needed might not get installed.

The composer.lock file changes in this PR causes the following dependencies to get installed:

  - Installing brick/math (0.9.2)
  - Installing fgrosse/phpasn1 (v2.2.0)
  - Installing psr/event-dispatcher (1.0.0)
  - Installing spomky-labs/aes-key-wrap (v6.0.0)
  - Installing spomky-labs/base64url (v2.0.4)
  - Installing symfony/debug (v4.4.20)
  - Installing symfony/error-handler (v4.4.21)
  - Installing symfony/http-client-contracts (v2.3.1)
  - Installing symfony/http-kernel (v4.4.21)
  - Installing symfony/var-dumper (v5.2.6)
  - Installing web-token/jwt-framework (v2.2.10)

When checking where all these come from, it turns out they are all dependencies of web-token/jwt-framework:

$ composer depends brick/math
web-token/jwt-framework  v2.2.10  requires  brick/math (^0.8.17|^0.9)

$ composer depends fgrosse/phpasn1
web-token/jwt-framework  v2.2.10  requires  fgrosse/phpasn1 (^2.0)

$ composer depends psr/event-dispatcher
web-token/jwt-framework  v2.2.10  requires  psr/event-dispatcher (^1.0)

$ composer depends spomky-labs/aes-key-wrap
web-token/jwt-framework  v2.2.10  requires  spomky-labs/aes-key-wrap (^5.0|^6.0)

$ composer depends spomky-labs/base64url
web-token/jwt-framework  v2.2.10  requires  spomky-labs/base64url (^1.0|^2.0)

$ composer depends symfony/debug
symfony/error-handler  v4.4.21  requires  symfony/debug (^4.4.5)

$ composer depends symfony/error-handler
symfony/http-kernel  v4.4.21  requires  symfony/error-handler (^4.4)

$ composer depends symfony/http-client-contracts
symfony/http-kernel  v4.4.21  requires  symfony/http-client-contracts (^1.1|^2)

$ composer depends symfony/http-kernel
web-token/jwt-framework  v2.2.10  requires  symfony/http-kernel (^4.2|^5.0)

$ composer depends symfony/var-dumper
symfony/error-handler  v4.4.21  requires  symfony/var-dumper (^4.4|^5.0)

It would be appreciated if this PR gets merged as soon as possible so that when people try to modify something else in the composer files, they don't get confused with the current situation.
I don't mind if Magento core devs want to fix this internally themselves and this PR gets closed, I just want to see this fixed ASAP, thanks! 🙂

Related Pull Requests

Fixed Issues (if relevant)

None

Manual testing scenarios (*)

1. Run composer install
2. Expected to not see a warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run 'composer update' or 'composer update <package name>'.
3. Expected to get the package web-token/jwt-framework and its dependencies installed

Questions or comments

Can we add a static test that checks for the warning The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run 'composer update' or 'composer update <package name>'. after calling composer validate in order to prevent this from happening in the future?

Note about documenting this in the release notes

This ticket doesn't need to be mentioned in the release notes, it makes no sense, thanks! 🙂

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)

Resolved issues:

1. resolves [Issue] Fixes composer.lock file which does not contain web-token/jwt-framewo… #32644: Fixes composer.lock file which does not contain web-token/jwt-framewo…

[m2-assistant]

Hi @hostep. Thank you for your contribution
Here are some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

• @magento give me test instance - deploy test instance based on PR changes
• @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE,
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here

ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review.

For more details, please, review the Magento Contributor Guide documentation.

⚠️ According to the Magento Contribution requirements, all Pull Requests must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[ihor-sviziev]

@gabrieldagama @sidolov probably this should be p0 priority issue

[sidolov]

@magento run all tests

[ihor-sviziev]

✔ Approved.

Failing tests looks not related to changes from this PR.

[magento-engcom-team]

Hi @ihor-sviziev, thank you for the review.
ENGCOM-8980 has been created to process this Pull Request

[engcom-Oscar]

@magento create issue

[engcom-Oscar]

✔️ QA passed

Was checked case from Manual testing scenarios
❌ Before:

✔️ After:

[ihor-sviziev]

@magento run Functional Tests B2B

[gabrieldagama]

@magento run all tests

[m2-assistant]

Hi @hostep, thank you for your contribution!
Please, complete Contribution Survey, it will take less than a minute.
Your feedback will help us to improve contribution process.

[hostep]

Thanks @gabrieldagama!

What about my remark, does it make sense to add something like that in your static tests?

Can we add a static test that checks for the warning The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run 'composer update' or 'composer update <package name>'. after calling composer validate in order to prevent this from happening in the future?