New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Symfony 2.3.34, composer update broken by security-core #16500
Comments
I can confirm this for the 2.3.x series. |
Somehow you're getting:
This is wrong because 2.3 is supposed to replace those. In 2.3 the security-acl did not exist yet thus shouldn't be installed, not sure about security-core. Could it be that a vendor package depends on these? To get some more information, can you run |
I also should note that we upgrade our 2.3.x installs by copying the |
@lxg you can probably fix this in your case by setting the dependency to |
I have the same output as @lxg . |
Shouldn't symfony/security-acl be fixed to require symfony/security-core ~2.3|~3.0? |
I guess this will be solved with #16144 is part of the next release because then there is no need for a separate |
@iltar @xabbuh Do you have a rough estimate when this will be released? |
IMO, this should have a high priority as it breaks automated deployment of production environments. At least for us... |
@larspohlmann it shouldn't break deployment, only updates |
We use jenkins with capifony for distributed deployment, which relies on "composer update". So, in our case, it sadly does. |
@larspohlmann you should never run composer update when deploying. The correct command is install. This will install the dependencies in your lock file instead of always the newest. |
Thanks for the advice. This might help us to avoid more trouble in the future. |
And, you should also commit your composer.lock file! |
@iltar For us, it does break builds with |
How is this not a high priority if this breaks symfony running |
@fredpo You simply should never use |
@xabbuh I've never stated I deployed with |
@fredpo Of course this is a bug. But it is not urgent as you notice it in your development environment, update your dependencies and commit the updated lock file. So nothing breaks in the deployed applications. |
A workaround would be to add this requirement to the
This is of course not the solution, but it keeps your |
@derrabus Thanks, this looks like a valid a workaround; at least our build process does no longer produce errors/warnings. |
closing here as 2.3.35 was released today |
@xabbuh thanks! Confirming that 2.3.35 does no longer break our builds. |
Hello community,
there seems to be a problem with the composer update for Symfony 2.3.
This has been happening for the past ca. 3 days.
Later in the process
Followed by many similar warnings...
Part of my composer.json:
The text was updated successfully, but these errors were encountered: