Updating a single dependency with Composer - composer-php

I'm using Composer and upon the last install, got the message:
Package guzzle/guzzle is abandoned, you should avoid using it. Use
guzzlehttp/guzzle instead.
I went to my composer.lock file and saw that some of my packages were using guzzle/guzzle while other packages were using guzzlehttp/guzzle:
"require-dev": {
"amphp/artax": "*#dev",
"ext-curl": "*",
"guzzle/guzzle": "*",
A few questions come to mind:
Is there any way to update those packages with guzzlehttp/guzzle?
And if I did do this, wouldn't it be possible that the packages which use guzzle/guzzle no longer qorks?
Would the best course of action be to wait for the package author to change the dependency to guzzlehttp/guzzle and then re-install?

I think the best way is to wait for the original package author to change that and then update that package in your project.
A way for you to change it yourself could be to fork that package and test all the stuff yourself.
But I see no need to change that if your project works fine. It's just a message that guzzle/guzzle is no longer maintained, but that doesn't mean that it is not working anymore. Just a suggestion to use guzzlehttp/guzzle as this is the latest maintained version now.

Related

Package abandoned how to remove it?

I tried to remove an abandoned package from my project but got the following warning in my shell:
Package jakub-onderka/php-console-color is abandoned, you should avoid using it. Use php-parallel-lint/php-console-color instead.
Package jakub-onderka/php-console-highlighter is abandoned, you should avoid using it. Use php-parallel-lint/php-console-highlighter instead.
I've already installed the new packages but the warning still continues to show. How can I get rid of this warning?
Thank you in advance!
These packages are used by nunomaduro/collision which is a Laravel dependency.
The package creator Tweeted out the issue was fixed on April 4th 2020*
Therefore, a composer update should bring in the new version of collision without the dependency and remove the warning.
Please note: These packages may also be used by other composer packages you are using so there's no guarantee this will work.
* Tweet: https://twitter.com/enunomaduro/status/1246531267023290370
One can normally find out what is depending on an outdated package with this command:
composer depends --tree jakub-onderka/php-console-color
In this case it might show something like this:
jakub-onderka/php-console-color v0.2
└──jakub-onderka/php-console-highlighter v0.4 (requires jakub-onderka/php-console-color ~0.2)
└──psy/psysh v0.9.9 (requires jakub-onderka/php-console-highlighter 0.3.*|0.4.*)
└──laravel/tinker v1.0.8 (requires psy/psysh 0.7.*|0.8.*|0.9.*)
└──your/project (requires laravel/tinker ^1.0)
Please ignore warnings until it has been removed as a package dependency from the collision package
see: https://laracasts.com/discuss/channels/laravel/jakub-onderka-package-abandoned-warnings

Installing only new packages from composer.json

I'm trying to make composer update only newly added packages to composer.json i.e when I manually add a package dependency to the composer.json file, it should update the composer.lock file only for the new package; the rest of the packages should be at the same version as before. I tried running composer update --lock but I don't think it does what I'm trying to achieve and it took a lot of time to finish. I checked the commands on composer's documentation but can't find one to achieve my wish. Any advice or workaround will be appreciated.
Note: I'm using Laravel Forge, so there is a 2 minutes deployment limit.
In order to install only new packages with composer you should run
composer install
Because composer update will install your new packages but will update and all the other already installed packages.
You can specify the name of the package as an argument to the update command. This will perform a partial update: composer update the-package/you-want-to-update
I think your question is related to your (guessed) current workflow: To add a new package you edit the composer.json file and then run composer update - wishing to only add/update that new file.
If that is true, here is the solution:
composer require new/package will add the newest possible version (taking into account the currently installed packages) of the new package. Benefits: Only one command line, and no fiddling with JSON content.
If you already know which version you want, you could also run composer require new/package:^2.1.25#beta (or whatever version and stability level you want - this example is exaggerating a bit). If this version is incompatible with existing packages, nothing will get installed, everything will get rolled back, and you get an error message.

Composer is not updating package to newest version

tl;dr: I'm having troubles forcing Composer to get latest changes to my local package. It seems, that problem is caused by latest change not being part of any release in packages repository.
I'm using yii2-language-picker in my project and have added it with instructions given in docs:
php composer.phar require --prefer-dist lajax/yii2-language-picker "1.*"
Recently extension's author has made a change. However, this change is not part of any release, because it is 1 commit after latest release. If I'm not mistaken (I'm quite new to Composer), this causes Composer to not update my local package -- after composer update or composer install I'm getting Nothing to install or update.
Because that latest change is not a part of any relase, I was suggested to edit composer.json file, change "lajax/yii2-language-picker": "1.*" in required section to "lajax/yii2-language-picker": "*" and issue another composer update.
I have also completely removed this package and installed it again with both "1.*" and "**".
None of these brought any effects. Composer still claims, that there is nothing to install or update.
What can be causing this situation? Is there anything I can do in this case, or the only option I'm left with is to sit down and wait until package / repository author will make that change part of another release?
I tried to manually update this package, but after composer status I'm getting No local changes and I'm woried, that all these changes will be lost, once actual package update will be released. Should I make any local changes in this situation or should I sit and wait?
Changing 1.* to dev-master probably solves your problem.

composer | laravel 5 - Updating dependencies but the framework itself

I am using pre-beta release of Laravel 5 for my project.
I found out that the app skeleton of Laravel 5 was changed in the github repo and since it is a development version, that is expected to change quite frequently.
My question is, can I update only the specific dependencies using composer and not the framework itself? So that I don't have to worry about the changing app structure until I am ready to make changes?
Here is how the composer.json dependencies look:
"require": {
"laravel/framework": "~5.0"
},
"require-dev": {
"phpunit/phpunit": "~4.0",
"way/generators": "~3.0",
"fzaninotto/faker": "~1.5#dev"
},
Thank you.
While the composer update package package ... answer is a good one, another thing you might be able to do is change your Laravel require spec to a specific commit. The Composer documentation mentions how to do this, and I've done it myself on a project (though not with laravel, on my own packages which are also in a breaking/dev state).
"require": {
"laravel/framework": "dev-master#49e3c77b518547bb661b1de4fda64a3ae0c5c505",
...
}
I'd hope that, because laravel/framework 'replaces' the various illuminate/* packages, that any reliance on these (as long as the spec is 5.0-esque) that this would work without downloading the illuminate packages twice.
Doing it this way you can lock your laravel/framework (or any package) at a given commit, but still allow the standard composer update to work.
To find out what commit you're already on, if your laravel/framework dependency spec is a dev one then the vendor/laravel/framework/ directory itself should be a git repo, so just do git status in there to get the HEAD ref. Alternatively, look in composer.lock for the laravel/framework entry's source.reference value.
Composer allows you to do specific package upgrades. I used this literally the other night to upgrade a single package to fix a bug, but I didn't want to change anything else.
composer update <package1> <package2> <...>
So in your case
composer update phpunit/phpunit way/generators fzaninotto/faker
It might be more complicated when you have lots of packages - but it is a solution that works.
Yes, you can simply call
composer update vendor/package
without updating your whole project.
It will work for the packages pulled by yourself and for the dependencies
You can't really. If you use Laravel 5 this is a thing you need to deal with, development versions come with this backdraw.

What is the proper way to incorporate additional packages into Laravel?

I am attempting to integrate this package: https://bitbucket.org/cerbero/oauth/wiki/Home
Also seen her on Packagist: https://packagist.org/packages/cerbero/oauth
The documentation from BitBucket says:
Installation
Be sure minimum-stability is set to dev in your composer.json, then run:
composer require cerbero/oauth:2.1.0
So I include the package after Laravel like this:
"require": {
"laravel/framework": "4.2.*",
"cerbero/oauth": "dev-master"
},
Then I run the composer command and get this error:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Installation request for cerbero/oauth 2.1.0 -> satisfiable by cerbero/oauth[2.1.0].
- cerbero/oauth 2.1.0 requires google/apiclient 1.0.3-beta -> no matching package found.
Potential causes:
- A typo in the package name
- The package is not available in a stable-enough version according to your minimum-stability setting
see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.
It states that it also requires google/apiclient. So I go to packagist and get the info and paste it into the require section of composer.json. Then another missing dependency pops up so I add that one. The cycle continues for a while. Isn't packagist supposed to handle the dependencies automatically? I am new to packagists but I haven't had issues going through other Laravel tutorials that requires packages. What is the proper way to include this Cerbero package into my application? Any advice would be appreciated.
Composer does take care of dependencies for you, in your current settings, it tries to resolve all dependencies required for your package cerbero/oauth, google/apiclient being one of them. However the dependencies tried to resolve into non-stable package, and in your composer.json file somewhere, it must have stated
"minimum-stability": "stable"
The solution is then pretty clear, according to the error message you see, just set the minimum-stability to dev instead of stable.

Resources