You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I used composer patch-add to add a patch, which succeeded, but some other packages got updated at the same time, which rather surprised me!
In my case, the package I was patching was drupal/toolbar_language_switcher and the following packages got updated:
phpdocumentor/type-resolver
phpstan/phpdoc-parser
phpunit/phpunit
psr/http-factory
symfony/var-dumper
This seems amazing to me - even if these updates are allowed within the version constraints in composer.json, and even if those packages might be dependencies of the patched package (direct or indirect), surely adding a patch should only affect the patched package. I see that PatchAddCommand::execute() uses ->setUpdateAllowTransitiveDependencies(Request::UPDATE_LISTED_WITH_TRANSITIVE_DEPS_NO_ROOT_REQUIRE), could that just use Request::UPDATE_ONLY_LISTED instead? Though even that could unintentionally update the patched package itself too, I imagine? But that would at least reduces the potential problem.
FWIW, I avoided the issue by adding --no-update to my composer patch-add command, and then just ran composer update --lock, to successfully apply just the patch.
The text was updated successfully, but these errors were encountered:
I used
composer patch-addto add a patch, which succeeded, but some other packages got updated at the same time, which rather surprised me!In my case, the package I was patching was
drupal/toolbar_language_switcherand the following packages got updated:This seems amazing to me - even if these updates are allowed within the version constraints in composer.json, and even if those packages might be dependencies of the patched package (direct or indirect), surely adding a patch should only affect the patched package. I see that
PatchAddCommand::execute()uses->setUpdateAllowTransitiveDependencies(Request::UPDATE_LISTED_WITH_TRANSITIVE_DEPS_NO_ROOT_REQUIRE), could that just useRequest::UPDATE_ONLY_LISTEDinstead? Though even that could unintentionally update the patched package itself too, I imagine? But that would at least reduces the potential problem.FWIW, I avoided the issue by adding
--no-updateto mycomposer patch-addcommand, and then just rancomposer update --lock, to successfully apply just the patch.The text was updated successfully, but these errors were encountered: