排除软件包在composer中的更新 [英] Exclude a package from updating in composer

问题描述

每当我尝试使用类似composer的方法添加新软件包时，"composer需要软件包名称/软件包" 或使用"composer.phar更新" ，我将更新所有已安装的软件包.作曲家中是否有任何选项可以排除我不需要更新的某些软件包?

Whenever I try to add a new package using composer like "composer require packagename/package" or use "composer.phar update", I am getting all the installed packages updated. Is there any option in composer to exclude some package that I don't need to get updated?

推荐答案

如果您觉得有必要排除某些软件包以使其无法更新，那么我认为这是陷入依赖混乱的开始.您应该立即清理依赖关系，以免恶化.

If you feel the need to exclude some of your packages from being updated, I'd consider this the beginning of getting into a dependency mess. You should clean up your dependencies now before it gets worse.

根据我的经验，最不想更新依赖项的原因是您使用了程序包的分支而不是发行版.您应该尝试彻底解决此问题:

From my experience, the topmost reason not wanting to update a dependency is when you used a branch of a package instead of a released version. You should try to fix this as thoroughly as possible:

• 如果您使用自己的软件包，请为要使用的提交标记发行版本.然后将软件切换为使用该确切版本，或使用通配符版本要求，例如 1.0.* ，〜1.2 或 ^ 1.3.4
• 如果您使用的外部代码无法直接影响，请尝试与该代码的开发人员联系，并要求他们标记版本.标记版本对于维护健全的依赖树很重要.
• 如果您不能让外部开发人员标记版本，请寻找一种自己标记的方法:
• • 将其存储库克隆到Github上，标记一个版本，并包括您的存储库副本，而不是转到packagist.org.
  • 在您的 composer.json 文件中的"type = package"存储库条目中创建必要的元数据.
  • Create the necessary metadata in a "type=package" repository entry in your composer.json file.
  • 或者至少，当依赖于分支时，为它分配一个版本别名，以便稍后在外部项目开始标记其版本时进行更平滑的过渡.请注意，这根本无法解决您当前的问题，但将来可能会有所改善.

  通常，您应该始终能够无条件运行 composer update .如果不是，这是一个警告标志，用于在您自己的 composer.json 文件中未正确声明的依赖项.

  In general, you should always be able to run composer update unconditionally. If not, this is a warning sign for dependencies not properly declared in your own composer.json file.

  不希望更新的第二个原因是，软件包中的不兼容更改被标记为错误修复，而不是主要版本的增加.解决方案很简单:

  The second reason for not wanting to update is incompatible changes in a package that were tagged as a bug fix instead of a major version increase. The solution for this would be simple:

  • 首先，您必须调查这种错误的原因:这真的是不兼容的API更改吗?如果是，请向该软件包的开发人员提出问题.他们应该创建一个新的bug修复版本，并回退或修复该不兼容的更新，如果他们希望保留更改，则应根据更改内容对它进行次要或主要版本增量标记.
  • 但是，如果您错误地使用了他们的代码，而不是以某种方式不使用公共API，则不可能修复错误.您应该尝试通过不使用不应被视为公共API的内容来修复代码.例如，在最新版本的Symfony中，公共API在代码和文档中被明确标记-即使在进行从2.6.x到2.7.x的兼容"版本更新时，使用某些其他内容也会在某些时候中断.
  • 解决此问题的另一种方法是在 composer.json 文件中排除较新的版本:而不是"external/package":〜1.2" d如果发现1.2.5版本破坏了软件，请放置"external/package":〜1.2，！1.2.5" .或者，也许您担心进一步的更新也会破坏您的软件，因此您可以放入"external/package":〜1.2，！> = 1.2.5" .
  • First you'd have to investigate the reason for such an error: Was it really an incompatible API change? If yes, raise an issue with the developers of that package. They should create a new bug fix version with that incompatible update rolled back or fixed, and if they want to keep their change, they should tag it with a minor or major version increment, depending on what they changed.
  • If however you incorrectly used their code, somehow not using the public API, a bug fix is unlikely. You should try fixing your code by not using stuff that is not supposed to be the public API. For example, in recent versions of Symfony, the public API is explicitly tagged in the code and documentation - using something else will break at some point, even when doing "compatible" version updates like from 2.6.x to 2.7.x.
  • Another way to fix it would be to exclude the newer version inside the composer.json file: Instead of "external/package":"~1.2" you'd put "external/package":"~1.2,!1.2.5" if you find that version 1.2.5 broke your software. Or maybe you are afraid of further updates also breaking your software, you'd put in "external/package":"~1.2,!>=1.2.5".

  要添加的另一件事:如果运行 composer require ，则不会获得已安装软件包的更新.它们是固定的.所需的软件包将根据所有已安装的版本进行选择，并且仅当存在与已安装的所有版本兼容的可用版本时，才进行安装.请注意，如果您自己的 composer.json 和新程序包中都依赖于程序包分支，则此方法将无法正常工作.原因是分支名称相同，但是您永远不会知道正在使用哪个提交.也许新软件包使用的是最近提交的第三个软件包的 dev-master ，而您自己的软件是一个很旧的软件包，并且两者之间存在不兼容的更改-如果不使用Composer，这将破坏一切能够检测到它.

  One more thing to add: If you run composer require, you won't get updates for packages that are already installed. They are fixed. The required package will be selected based on all the installed versions, and it will only be installed if there is a version available that is compatible with all the versions already installed. Note that this will not work correctly if there are dependencies on branches of packages in both your own composer.json and the new package. The reason is that the branch name will be the same, but you'll never know which commit was being used. Maybe the new package uses a very recent commit of dev-master of a third package, and your own software a very old one, and there have been incompatible changes in between - this will break things without Composer being able to detect it.

  这篇关于排除软件包在composer中的更新的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！