Composer two packages conflicting on dependency version
https://stackoverflow.com//questions/25055161
-
21-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I already have the geoip2 package installed. When I installed it some time ago, it required guzzle 3.* so it installed guzzle 3.9.1 as one of its dependencies.
Now I want to install the predicitonio package, so I added it to my composer.json
"require": {
...
...
"geoip2/geoip2": "0.6.*",
"predictionio/predictionio": "~0.7.1"
}
The issue is predictionio requires guzzle 3.8.0 or 3.8.1, it won't accept the already installed 3.9.1 version.
I believe guzzle 3.8.0 would satisfy both geoip2 and predictionio, so the question is how can I downgrade guzzle, keeping in mind guzzle doesn't appear in my composer.json, only the composer.lock.
Below is the output when I run composer update predictionio/predictionio
Problem 1
- Installation request for predictionio/predictionio ~0.7.1 -> satisfiable by predictionio/predictionio[v0.7.1].
- Conclusion: remove guzzle/guzzle v3.9.1
- predictionio/predictionio v0.7.1 requires guzzle/guzzle ~3.8.0 -> satisfiable by guzzle/guzzle[v3.8.0, v3.8.1].
- Can only install one of: guzzle/guzzle[v3.9.1, v3.8.0].
- Can only install one of: guzzle/guzzle[v3.9.1, v3.8.1].
- Installation request for guzzle/guzzle == 3.9.1.0 -> satisfiable by guzzle/guzzle[v3.9.1].
Solution
You don't need to add Guzzle to your composer.json. All you have to do is updating Guzzle when you add the new package. (this will downgrade Guzzle to match PredictionIO's requirements)
Simply run
composer update predictionio/predictionio guzzle/guzzle
As you can see, you can provide multiple packages to composer update by separating them with a space. This is described in the documentation.
OTHER TIPS
Some hints related to the question:
By running composer update named/package, you only allow this package to be added or it's version increased, but nothing else. The same (but only adding stuff) will happen with composer require named/package:~1.0 (this is a nice way to add stuff without having to mess with the json formatting).
The most simple solution when updating stuff is to only run composer update. Without a package name, ALL packages may be updated.
Updating everything might be a bit risky if you weren't careful with selecting your software packages. Personally I recommend using software that somehow seems to use semantic versioning, which very nicely allows to use the tilde version requirement in Composer. I'd say that everyone should try to use ~X.Y as the version description, because this allows for both patches as well as compatible updates to be installed.
Libraries you use should allow for enough loosely defined versions of THEIR dependencies. In your example, the predictionio/predictionio package requires guzzle/guzzle:~3.8.0 - they probably have reasons to do so, but in turn force everyone that tries to use their software to use Guzzle 3.8.0 or 3.8.1. I doubt the Guzzle maintainers will break backwards compatibility, because they know they create a very important, basic piece of software that is expected to work, and I think they will receive bug reports pretty soon should they break stuff nonetheless. I would very much like to see the dependencies of any library to allow for compatible updates without restriction, i.e. in this case ~3.8 would be much better.
Avoid depending on branches at all cost. If it is unavoidable to use a branch, assign it an alias version number: require: { "named/package": "dev-master as 1.2.2" } If no proper version number can be guessed from earlier releases, start with 0.0.0. That way you can switch to a released version later, which will integrate better into the rest of the version numbers.
If you want to install a specific version of a package, you can simply add this to your composer.json in the require section:
"guzzle/guzzle" : "3.8.0",
And then
composer update guzzle/guzzle
