Documented install command fails
aaemnnosttv opened this issue · comments
The documented install command composer require --dev wp-cli/wp-cli-tests will fail if your project's composer.json does not use a minimum-stability: dev due to its dependency on roave/security-advisories:dev-master.
Instead, installing in this context produces an error like this:
Your requirements could not be resolved to an installable set of packages.
Problem 1
- wp-cli/wp-cli-tests v2.0.9 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.8 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.7 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.6 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.5 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.4 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.3 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.2 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.13 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.12 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.11 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.10 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.1 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- wp-cli/wp-cli-tests v2.0.0 requires roave/security-advisories dev-master -> satisfiable by roave/security-advisories[dev-master] but these conflict with your requirements or minimum-stability.
- Installation request for wp-cli/wp-cli-tests ^2.0 -> satisfiable by wp-cli/wp-cli-tests[v2.0.0, v2.0.1, v2.0.10, v2.0.11, v2.0.12, v2.0.13, v2.0.2, v2.0.3, v2.0.4, v2.0.5, v2.0.6, v2.0.7, v2.0.8, v2.0.9].
A few solutions:
- Remove this as a dependency since it only exists as a
dev-masterbut add it to the package'ssuggestto request it to be installed at the package level - Document the dependency and add the package to the install command
composer require --dev wp-cli/wp-cli-tests roave/security-advisories:dev-master - Document requiring your package's
minimum-stabilityshould bedev(withprefer-stable: true)
Thoughts?
I think we should:
- Remove the requirement on
roave/security-advisories:dev-masterfrom all packages except forwp-cli-bundleandwp-cli(because all other package versions are locked by these two for all internal usage). - add a
suggestonroave/security-advisories:dev-masterforwp-cli-tests(because this pulls in a lot of external dependencies and might be used by third-party packages).
Fixed this via #70 by turning the roave/security-advisories:dev-master regular dependency into a development dependency, which it should have been all along.