Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
335 views
in Technique[技术] by (71.8m points)

php - What does "locked at" <tag> mean when running "composer update <package>"?

I am trying to perform a composer update <package> but getting the following error:

The requested package <package> (locked at <tag>, required as <version>) is satisfiable by <package>[<tag>] but these conflict with your requirements or minimum-stability.

Meanwhile, the tag <tag> exists as a string only in my composer.lock file, which I thought was only modified by composer update, not read back.

I tried running composer why-not <package>, but its output didn't really explain the issue:

<program> <other-version> requires <package> (<version>)

What does 'locked at' mean in this context and how do I solve the issue?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The package is locked means the commit-hash of the last commit on the branch used with version-constraint dev-<branch> was saved during the last run of composer update in the lock-file to ensure deterministic (reproducible) builds upon deployment.

This commit-hash or tag is written to your lock-file (composer.lock) if you:

  1. run composer update [<package>]

... or ...

  1. run composer install with a composer.json present but not a lock-file in composer's current directory which does auto-generate the lock-file

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...