I'm taking over a website coded in laravel 5.6.40
I have to make a lots of updates on this project (laravel 5.6 to 5.7 then 5.7 to 5.8 etc...)
At first I want to upgrade it to 5.7.*
This website is using private packages and I don't have the repositories access.
So there is my composer.json file :
{
"name": "laravel/laravel",
"description": "The Laravel Framework.",
"keywords": ["framework", "laravel"],
"license": "MIT",
"type": "project",
"repositories": [
{
"type": "vcs",
"url": "git@github.com:WW/Admin_pkg.git"
},
{
"type": "vcs",
"url": "git@github.com:WW/Assets_pkg.git"
},
{
"type": "vcs",
"url": "git@github.com:WW/Metatags_pkg.git"
},
{
"type": "vcs",
"url": "git@github.com:WW/Navigation_pkg.git"
},
{
"type": "vcs",
"url": "git@github.com:WW/Notification_pkg.git"
}
],
"require": {
"php": "^7.1.3",
"ext-json": "*",
"ext-openssl": "*",
"doctrine/dbal": "^2.7",
"fideloper/proxy": "^4.0",
"guzzlehttp/guzzle": "^6.3",
"laravel/framework": "5.7.*",
"laravel/tinker": "^1.0",
"msurguy/honeypot": "dev-master",
"spatie/laravel-backup": "^5.12",
"ww/admin": "^3.0",
"ww/assets": "^1.0",
"ww/metatags": "^1.0",
"ww/navigation": "^3.0",
"ww/notification": "^1.1"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.1",
"barryvdh/laravel-ide-helper": "^2.4",
"filp/whoops": "^2.0",
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^2.0",
"phpunit/phpunit": "^7.0"
},
"autoload": {
"classmap": [
"database/seeds",
"database/factories"
],
"psr-4": {
"App\\": "app/"
}
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": [
]
}
},
"scripts": {
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate"
],
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover",
"@composer run-script publish:admin"
],
"publish:admin": [
"@php artisan vendor:publish --provider=\"WebLogin\\Admin\\AdminServiceProvider\" --tag=public --force --no-interaction"
]
},
"config": {
"preferred-install": "dist",
"sort-packages": true,
"optimize-autoloader": true,
"allow-plugins": {
"kylekatarnls/update-helper": true
}
},
"minimum-stability": "dev",
"prefer-stable": true
}
On the first time I only change "laravel/framework": "5.6.*"
to "laravel/framework": "5.7.*"
and run composer update
This is the result :
When working with _public_ GitHub repositories only, head to https://github.com/settings/tokens/new?scopes=&description=Composer+on+SRV02WEB+2023-04-05+1000 to retrieve a token.
This token will have read-only permission for public information only.
When you need to access _private_ GitHub repositories as well, go to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+SRV02WEB+2023-04-05+1000
Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.
Tokens will be stored in plain text in "/home/myproject/.config/composer/auth.json" for future use by Composer.
For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
Token (hidden):
I don't have this token so I pass and it aborting. I understand that he tries to access to the repositories.
Secondly I try to remove from composer.json the repositories part and run again composer update
The result :
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires ww/admin ^3.0, found ww/admin[v3.0.0] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
Problem 2
- Root composer.json requires ww/assets ^1.0, found ww/assets[v1.0.4] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
Problem 3
- Root composer.json requires ww/metatags ^1.0, found ww/metatags[v1.0.1] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
Problem 4
- Root composer.json requires ww/navigation ^3.0, found ww/navigation[v3.0.0] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
Problem 5
- Root composer.json requires ww/notification ^1.1, found ww/notification[v1.1.4] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
Effectively I don't want to update these but just keeping the ww vendor file that is already installed.
I understands that it recommends to avoid updating these packages but how can I do it?
EDIT : The main problem is that the project uses private packages that I've not access to.
I already have these packages installed on the project but I can't update it (due to private repos).
Someone advise me that if I have the vendor folder of these packages I can move it to the application level and use it locally.
I made some research and follow this https://laraveldaily.com/post/how-to-create-a-laravel-5-package-in-10-easy-steps to move the vendor/package folder.
Now composer update
is running fine for these packages.
via
Chebli Mohamed