mercredi 5 avril 2023

How can I avoid update some dependencies when I run composer update?

I'm taking over a website coded in laravel 5.6.40

I have to make a lots of updates on this project (laravel 5.6 to 5.7 then 5.7 to 5.8 etc...)

At first I want to upgrade it to 5.7.*

This website is using private packages and I don't have the repositories access.

So there is my composer.json file :

{
    "name": "laravel/laravel",
    "description": "The Laravel Framework.",
    "keywords": ["framework", "laravel"],
    "license": "MIT",
    "type": "project",
    "repositories": [
        {
            "type": "vcs",
            "url":  "git@github.com:WW/Admin_pkg.git"
        },
        {
            "type": "vcs",
            "url":  "git@github.com:WW/Assets_pkg.git"
        },
        {
            "type": "vcs",
            "url":  "git@github.com:WW/Metatags_pkg.git"
        },
        {
            "type": "vcs",
            "url":  "git@github.com:WW/Navigation_pkg.git"
        },
        {
            "type": "vcs",
            "url":  "git@github.com:WW/Notification_pkg.git"
        }
    ],
    "require": {
        "php": "^7.1.3",
        "ext-json": "*",
        "ext-openssl": "*",
        "doctrine/dbal": "^2.7",
        "fideloper/proxy": "^4.0",
        "guzzlehttp/guzzle": "^6.3",
        "laravel/framework": "5.7.*",
        "laravel/tinker": "^1.0",
        "msurguy/honeypot": "dev-master",
        "spatie/laravel-backup": "^5.12",
        "ww/admin": "^3.0",
        "ww/assets": "^1.0",
        "ww/metatags": "^1.0",
        "ww/navigation": "^3.0",
        "ww/notification": "^1.1"
    },
    "require-dev": {
        "barryvdh/laravel-debugbar": "^3.1",
        "barryvdh/laravel-ide-helper": "^2.4",
        "filp/whoops": "^2.0",
        "fzaninotto/faker": "^1.4",
        "mockery/mockery": "^1.0",
        "nunomaduro/collision": "^2.0",
        "phpunit/phpunit": "^7.0"
    },
    "autoload": {
        "classmap": [
            "database/seeds",
            "database/factories"
        ],
        "psr-4": {
            "App\\": "app/"
        }
    },
    "autoload-dev": {
        "psr-4": {
            "Tests\\": "tests/"
        }
    },
    "extra": {
        "laravel": {
            "dont-discover": [
            ]
        }
    },
    "scripts": {
        "post-root-package-install": [
            "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
        ],
        "post-create-project-cmd": [
            "@php artisan key:generate"
        ],
        "post-autoload-dump": [
            "Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
            "@php artisan package:discover",
            "@composer run-script publish:admin"
        ],
        "publish:admin": [
            "@php artisan vendor:publish --provider=\"WebLogin\\Admin\\AdminServiceProvider\" --tag=public --force --no-interaction"
        ]
    },
    "config": {
        "preferred-install": "dist",
        "sort-packages": true,
        "optimize-autoloader": true,
        "allow-plugins": {
            "kylekatarnls/update-helper": true
        }
    },
    "minimum-stability": "dev",
    "prefer-stable": true
}

On the first time I only change "laravel/framework": "5.6.*" to "laravel/framework": "5.7.*" and run composer update

This is the result :

When working with _public_ GitHub repositories only, head to https://github.com/settings/tokens/new?scopes=&description=Composer+on+SRV02WEB+2023-04-05+1000 to retrieve a token.
This token will have read-only permission for public information only.
When you need to access _private_ GitHub repositories as well, go to https://github.com/settings/tokens/new?scopes=repo&description=Composer+on+SRV02WEB+2023-04-05+1000
Note that such tokens have broad read/write permissions on your behalf, even if not needed by Composer.
Tokens will be stored in plain text in "/home/myproject/.config/composer/auth.json" for future use by Composer.
For additional information, check https://getcomposer.org/doc/articles/authentication-for-private-packages.md#github-oauth
Token (hidden): 

I don't have this token so I pass and it aborting. I understand that he tries to access to the repositories.

Secondly I try to remove from composer.json the repositories part and run again composer update

The result :

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires ww/admin ^3.0, found ww/admin[v3.0.0] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
  Problem 2
    - Root composer.json requires ww/assets ^1.0, found ww/assets[v1.0.4] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
  Problem 3
    - Root composer.json requires ww/metatags ^1.0, found ww/metatags[v1.0.1] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
  Problem 4
    - Root composer.json requires ww/navigation ^3.0, found ww/navigation[v3.0.0] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.
  Problem 5
    - Root composer.json requires ww/notification ^1.1, found ww/notification[v1.1.4] in the lock file but not in remote repositories, make sure you avoid updating this package to keep the one from the lock file.

Effectively I don't want to update these but just keeping the ww vendor file that is already installed.

I understands that it recommends to avoid updating these packages but how can I do it?

EDIT : The main problem is that the project uses private packages that I've not access to.

I already have these packages installed on the project but I can't update it (due to private repos).

Someone advise me that if I have the vendor folder of these packages I can move it to the application level and use it locally.

I made some research and follow this https://laraveldaily.com/post/how-to-create-a-laravel-5-package-in-10-easy-steps to move the vendor/package folder.

Now composer update is running fine for these packages.



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire