Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update composer.lock #1285

Merged
merged 1 commit into from
Apr 21, 2022
Merged

Update composer.lock #1285

merged 1 commit into from
Apr 21, 2022

Conversation

nagmat84
Copy link
Collaborator

@kamil4 has thankfully fixed the long-standing bug about invalid EXIF dates in https://github.com/LycheeOrg/php-exif. This PR updates our dependencies such that his bug fix also finds it way into Lychee.

@nagmat84 nagmat84 requested review from d7415 and kamil4 April 21, 2022 18:02
@sonarcloud
Copy link

sonarcloud bot commented Apr 21, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@codecov
Copy link

codecov bot commented Apr 21, 2022

Codecov Report

Merging #1285 (0679642) into master (db0c51f) will decrease coverage by 0.96%.
The diff coverage is n/a.

kamil4
kamil4 approved these changes Apr 21, 2022
View reviewed changes
Copy link
Contributor

@kamil4 kamil4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've always assumed that Lychee picks up the latest commit of php-exif, based on

Lychee/composer.json

Line 31 in e75ea76

"lychee-org/php-exif": "dev-master",

So that's not happening without updating composer.lock? Bummer...

@nagmat84
Copy link
Collaborator Author

I've always assumed that Lychee picks up the latest commit of php-exif, based on

Lychee/composer.json

Line 31 in e75ea76

"lychee-org/php-exif": "dev-master",

So that's not happening without updating composer.lock? Bummer...

What do you mean by "happening". Nothing is happening there. The composer.json only describes what we would like to have. Then we (as the developers) need to the run ./composer update which creates the file composer.lock.

Composer resolves all the dependency descriptions in all composer.json of all dependencies recursively and tries to find an optimal solution. For example, if we have a dependencies A and B in our dependency tree and both want another dependency C, but A wants C in version 1.1-1.3 and B wants C in version 1.5-1.7, then composer fill fail and complain. The found solution is written into composer.lock and persisted.

Our users only must run composer install. Composer install reads composer.lock and always installs the exact set of dependencies which has been committed by us.

TLTR: Whenever we change anything about our dependencies or just want a newer version, we must run composer update and commit the resulting composer.lock. composer.json is not used for installation.

@nagmat84 nagmat84 merged commit 601b5b7 into master Apr 21, 2022
@delete-merged-branch delete-merged-branch bot deleted the update_dependencies branch April 21, 2022 19:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kamil4 kamil4 kamil4 approved these changes

@d7415 d7415 Awaiting requested review from d7415

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nagmat84 @kamil4