Composer attempts to perform impossible updates
cs278 opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
Composer
Package manager version
Composer 2.x
Language version
PHP 8.3
Manifest location and content before the Dependabot update
Condensed this to the relevant requirements.
{
"require": {
"league/csv": "^7.1",
"symfony/var-exporter": "5.4.*"
}
}
dependabot.yml content
version: 2
updates:
- package-ecosystem: composer
directory: /
versioning-strategy: lockfile-only
schedule:
interval: weekly
commit-message:
prefix: composer
include: scope
labels: []
registries:
- example.com
Updated dependency
league/csv
: 7.2.0
-> 9.16.0
symfony/var-exporter
: 5.4.40
-> ERROR
What you expected to see, versus what you actually saw
league/csv
should not have been updated as we only permit lock file updates, dependabot updated the lock file but left the composer.json
file alone producing a lock file that is incompatible with the requirements.
symfony/var-exporter
should not have been updated as it's already on the latest version permitted by our composer.json
file.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Dependabot logs:
league/csv
Last weeks update:
updater | 2024/06/10 18:47:41 INFO <job_839836292> Checking if league/csv 7.2.0 needs updating
proxy | 2024/06/10 18:47:41 [281] GET https://example.com:443/packages.json
proxy | 2024/06/10 18:47:41 [281] * authenticating composer registry request (host: example.com)
proxy | 2024/06/10 18:47:41 [281] 200 https://example.com:443/packages.json
proxy | 2024/06/10 18:47:41 [283] GET https://repo.packagist.org:443/p2/league/csv.json
proxy | 2024/06/10 18:47:41 [283] 200 https://repo.packagist.org:443/p2/league/csv.json
updater | 2024/06/10 18:47:41 INFO <job_839836292> Latest version is 9.16.0
proxy | 2024/06/10 18:47:42 [285] GET https://example.com:443/packages.json
proxy | 2024/06/10 18:47:42 [285] * authenticating composer registry request (host: example.com)
proxy | 2024/06/10 18:47:42 [285] 304 https://example.com:443/packages.json
proxy | 2024/06/10 18:47:42 [287] GET https://repo.packagist.org:443/packages.json
proxy | 2024/06/10 18:47:42 [287] 304 https://repo.packagist.org:443/packages.json
proxy | 2024/06/10 18:47:42 [289] GET https://repo.packagist.org:443/p2/league/csv.json
proxy | 2024/06/10 18:47:42 [289] 200 https://repo.packagist.org:443/p2/league/csv.json
updater | 2024/06/10 18:47:42 INFO <job_839836292> Requirements to unlock update_not_possible
updater | 2024/06/10 18:47:42 INFO <job_839836292> Requirements update strategy lockfile_only
updater | 2024/06/10 18:47:42 INFO <job_839836292> No update possible for league/csv 7.2.0
This weeks update:
updater | 2024/06/17 18:27:21 INFO <job_843097663> Checking if league/csv 7.2.0 needs updating
proxy | 2024/06/17 18:27:21 [280] GET https://example.com:443/packages.json
proxy | 2024/06/17 18:27:21 [280] * authenticating composer registry request (host: example.com)
proxy | 2024/06/17 18:27:22 [280] 200 https://example.com:443/packages.json
proxy | 2024/06/17 18:27:22 [282] GET https://repo.packagist.org:443/p2/league/csv.json
proxy | 2024/06/17 18:27:22 [282] 200 https://repo.packagist.org:443/p2/league/csv.json
updater | 2024/06/17 18:27:22 INFO <job_843097663> Latest version is 9.16.0
proxy | 2024/06/17 18:27:22 [284] GET https://example.com:443/packages.json
proxy | 2024/06/17 18:27:22 [284] * authenticating composer registry request (host: example.com)
proxy | 2024/06/17 18:27:22 [284] 304 https://example.com:443/packages.json
proxy | 2024/06/17 18:27:22 [286] GET https://repo.packagist.org:443/packages.json
proxy | 2024/06/17 18:27:23 [286] 304 https://repo.packagist.org:443/packages.json
proxy | 2024/06/17 18:27:23 [288] GET https://repo.packagist.org:443/p2/league/csv.json
proxy | 2024/06/17 18:27:23 [288] 200 https://repo.packagist.org:443/p2/league/csv.json
updater | 2024/06/17 18:27:23 INFO <job_843097663> Requirements to unlock none
updater | 2024/06/17 18:27:23 INFO <job_843097663> Requirements update strategy lockfile_only
updater | 2024/06/17 18:27:23 INFO <job_843097663> Updating league/csv from 7.2.0 to 9.16.0
proxy | 2024/06/17 18:27:23 [290] GET https://example.com:443/packages.json
proxy | 2024/06/17 18:27:23 [290] * authenticating composer registry request (host: example.com)
proxy | 2024/06/17 18:27:24 [290] 304 https://example.com:443/packages.json
proxy | 2024/06/17 18:27:24 [292] GET https://repo.packagist.org:443/packages.json
proxy | 2024/06/17 18:27:24 [292] 304 https://repo.packagist.org:443/packages.json
proxy | 2024/06/17 18:27:24 [294] GET https://repo.packagist.org:443/p2/league/csv.json
proxy | 2024/06/17 18:27:24 [294] 304 https://repo.packagist.org:443/p2/league/csv.json
updater | 2024/06/17 18:27:24 INFO <job_843097663> Submitting league/csv pull request for creation
symfony/var-exporter
Last weeks update:
updater | 2024/06/10 18:47:27 INFO <job_839836292> Checking if symfony/var-exporter 5.4.40 needs updating
proxy | 2024/06/10 18:47:27 [015] GET https://example.com:443/packages.json
proxy | 2024/06/10 18:47:27 [015] * authenticating composer registry request (host: example.com)
proxy | 2024/06/10 18:47:30 [015] 200 https://example.com:443/packages.json
proxy | 2024/06/10 18:47:30 [019] GET https://repo.packagist.org:443/p2/symfony/var-exporter.json
proxy | 2024/06/10 18:47:31 [019] 200 https://repo.packagist.org:443/p2/symfony/var-exporter.json
updater | 2024/06/10 18:47:31 INFO <job_839836292> Latest version is 7.1.1
proxy | 2024/06/10 18:47:31 [021] GET https://example.com:443/packages.json
proxy | 2024/06/10 18:47:31 [021] * authenticating composer registry request (host: example.com)
proxy | 2024/06/10 18:47:32 [021] 200 https://example.com:443/packages.json
proxy | 2024/06/10 18:47:32 [023] GET https://repo.packagist.org:443/packages.json
proxy | 2024/06/10 18:47:32 [023] 304 https://repo.packagist.org:443/packages.json
proxy | 2024/06/10 18:47:32 [025] GET https://repo.packagist.org:443/p2/symfony/var-exporter.json
proxy | 2024/06/10 18:47:32 [025] 200 https://repo.packagist.org:443/p2/symfony/var-exporter.json
proxy | 2024/06/10 18:47:32 [027] GET https://example.com:443/p2/example/php-baseline.json
proxy | 2024/06/10 18:47:32 [027] * authenticating composer registry request (host: example.com)
proxy | 2024/06/10 18:47:33 [027] 200 https://example.com:443/p2/example/php-baseline.json
proxy | 2024/06/10 18:47:33 [036] GET https://repo.packagist.org:443/p2/symfony/polyfill-php80.json
proxy | 2024/06/10 18:47:33 [037] GET https://repo.packagist.org:443/p2/symfony/polyfill-intl-idn.json
proxy | 2024/06/10 18:47:33 [038] GET https://repo.packagist.org:443/p2/symfony/polyfill-php73.json
proxy | 2024/06/10 18:47:33 [039] GET https://repo.packagist.org:443/p2/symfony/polyfill-ctype.json
proxy | 2024/06/10 18:47:33 [040] GET https://repo.packagist.org:443/p2/symfony/polyfill-php81.json
proxy | 2024/06/10 18:47:33 [041] GET https://repo.packagist.org:443/p2/symfony/polyfill-mbstring.json
proxy | 2024/06/10 18:47:33 [042] GET https://repo.packagist.org:443/p2/symfony/polyfill-intl-icu.json
proxy | 2024/06/10 18:47:33 [043] GET https://repo.packagist.org:443/p2/symfony/polyfill-intl-grapheme.json
proxy | 2024/06/10 18:47:33 [036] 200 https://repo.packagist.org:443/p2/symfony/polyfill-php80.json
proxy | 2024/06/10 18:47:33 [045] GET https://repo.packagist.org:443/p2/symfony/polyfill-intl-normalizer.json
proxy | 2024/06/10 18:47:33 [037] 200 https://repo.packagist.org:443/p2/symfony/polyfill-intl-idn.json
proxy | 2024/06/10 18:47:33 [047] GET https://repo.packagist.org:443/p2/symfony/polyfill-php72.json
proxy | 2024/06/10 18:47:33 [038] 200 https://repo.packagist.org:443/p2/symfony/polyfill-php73.json
proxy | 2024/06/10 18:47:33 [039] 200 https://repo.packagist.org:443/p2/symfony/polyfill-ctype.json
proxy | 2024/06/10 18:47:33 [040] 200 https://repo.packagist.org:443/p2/symfony/polyfill-php81.json
proxy | 2024/06/10 18:47:33 [041] 200 https://repo.packagist.org:443/p2/symfony/polyfill-mbstring.json
proxy | 2024/06/10 18:47:33 [042] 200 https://repo.packagist.org:443/p2/symfony/polyfill-intl-icu.json
proxy | 2024/06/10 18:47:33 [043] 200 https://repo.packagist.org:443/p2/symfony/polyfill-intl-grapheme.json
proxy | 2024/06/10 18:47:33 [047] 200 https://repo.packagist.org:443/p2/symfony/polyfill-php72.json
proxy | 2024/06/10 18:47:33 [045] 200 https://repo.packagist.org:443/p2/symfony/polyfill-intl-normalizer.json
proxy | 2024/06/10 18:47:33 [050] GET https://repo.packagist.org:443/p2/symfony/polyfill-php70.json
proxy | 2024/06/10 18:47:33 [051] GET https://repo.packagist.org:443/p2/symfony/intl.json
proxy | 2024/06/10 18:47:33 [050] 200 https://repo.packagist.org:443/p2/symfony/polyfill-php70.json
proxy | 2024/06/10 18:47:33 [051] 200 https://repo.packagist.org:443/p2/symfony/intl.json
proxy | 2024/06/10 18:47:33 [054] GET https://repo.packagist.org:443/p2/paragonie/random_compat.json
proxy | 2024/06/10 18:47:33 [055] GET https://repo.packagist.org:443/p2/symfony/deprecation-contracts.json
proxy | 2024/06/10 18:47:33 [054] 200 https://repo.packagist.org:443/p2/paragonie/random_compat.json
proxy | 2024/06/10 18:47:33 [055] 200 https://repo.packagist.org:443/p2/symfony/deprecation-contracts.json
updater | 2024/06/10 18:47:33 INFO <job_839836292> Requirements to unlock update_not_possible
updater | 2024/06/10 18:47:33 INFO <job_839836292> Requirements update strategy lockfile_only
updater | 2024/06/10 18:47:33 INFO <job_839836292> No update possible for symfony/var-exporter 5.4.40
This weeks update:
updater | 2024/06/17 18:26:08 INFO <job_843097663> Checking if symfony/var-exporter 5.4.40 needs updating
proxy | 2024/06/17 18:26:08 [015] GET https://example.com:443/packages.json
proxy | 2024/06/17 18:26:08 [015] * authenticating composer registry request (host: example.com)
proxy | 2024/06/17 18:26:11 [015] 200 https://example.com:443/packages.json
proxy | 2024/06/17 18:26:11 [019] GET https://repo.packagist.org:443/p2/symfony/var-exporter.json
proxy | 2024/06/17 18:26:12 [019] 200 https://repo.packagist.org:443/p2/symfony/var-exporter.json
updater | 2024/06/17 18:26:12 INFO <job_843097663> Latest version is 7.1.1
proxy | 2024/06/17 18:26:13 [021] GET https://example.com:443/packages.json
proxy | 2024/06/17 18:26:13 [021] * authenticating composer registry request (host: example.com)
proxy | 2024/06/17 18:26:14 [021] 200 https://example.com:443/packages.json
proxy | 2024/06/17 18:26:14 [023] GET https://repo.packagist.org:443/packages.json
proxy | 2024/06/17 18:26:14 [023] 200 https://repo.packagist.org:443/packages.json
proxy | 2024/06/17 18:26:14 [025] GET https://repo.packagist.org:443/p2/symfony/var-exporter.json
proxy | 2024/06/17 18:26:14 [025] 200 https://repo.packagist.org:443/p2/symfony/var-exporter.json
updater | 2024/06/17 18:26:14 ERROR <job_843097663> Your requirements could not be resolved to an installable set of packages.
updater | Problem 1
updater | - Root composer.json requires symfony/var-exporter 7.1.1 (exact version match: 7.1.1 or 7.1.1.0), found symfony/var-exporter[v7.1.1] but these were not loaded, likely because it conflicts with another require.
updater | Problem 2
updater | - symfony/cache v5.4.40 requires symfony/var-exporter ^4.4|^5.0|^6.0 -> found symfony/var-exporter[v4.4.0, ..., v4.4.43, v5.0.0, ..., v5.4.40, v6.0.0, ..., v6.4.8] but it conflicts with your root composer.json require (7.1.1).
updater | - symfony/expression-language v5.4.40 requires symfony/cache ^4.4|^5.0|^6.0 -> satisfiable by symfony/cache[v5.4.40].
updater | - symfony/expression-language is locked to version v5.4.40 and an update of this package was not requested.
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/shared_helpers.rb:189:in `run_helper_subprocess'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker/version_resolver.rb:143:in `block in run_update_checker'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/shared_helpers.rb:265:in `with_git_configured'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker/version_resolver.rb:142:in `run_update_checker'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker/version_resolver.rb:85:in `block in fetch_latest_resolvable_version_string'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/shared_helpers.rb:81:in `block in in_a_temporary_directory'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/shared_helpers.rb:81:in `chdir'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/shared_helpers.rb:81:in `in_a_temporary_directory'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker/version_resolver.rb:83:in `fetch_latest_resolvable_version_string'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker/version_resolver.rb:68:in `fetch_latest_resolvable_version'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker/version_resolver.rb:55:in `latest_resolvable_version'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/composer/lib/dependabot/composer/update_checker.rb:63:in `latest_resolvable_version_with_no_unlock'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:330:in `numeric_version_can_update?'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:278:in `version_can_update?'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/common/lib/dependabot/update_checkers/base.rb:94:in `can_update?'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `bind_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/call_validation.rb:270:in `validate_call'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/sorbet-runtime-0.5.11415/lib/types/private/methods/_methods.rb:277:in `block in _on_method_added'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:216:in `requirements_to_unlock'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:94:in `check_and_create_pull_request'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:64:in `check_and_create_pr_with_error_handling'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:39:in `block in perform'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:39:in `each'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater/operations/update_all_versions.rb:39:in `perform'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/updater.rb:45:in `run'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:44:in `block in perform_job'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `block in in_span'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `block in with_span'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/context.rb:87:in `with_value'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace.rb:70:in `with_span'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/opentelemetry-api-1.2.3/lib/opentelemetry/trace/tracer.rb:37:in `in_span'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/update_files_command.rb:18:in `perform_job'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> /home/dependabot/dependabot-updater/lib/dependabot/base_command.rb:37:in `run'
updater | 2024/06/17 18:26:14 ERROR <job_843097663> bin/update_files.rb:46:in `<main>'
updater | 2024/06/17 18:26:14 INFO <job_843097663> Requirements to unlock update_not_possible
updater | 2024/06/17 18:26:14 INFO <job_843097663> Requirements update strategy lockfile_only
updater | 2024/06/17 18:26:14 INFO <job_843097663> No update possible for symfony/var-exporter 5.4.40
Smallest manifest that reproduces the issue
No response