在作曲家中排除更新包 [英] Exclude a package from updating in composer

问题描述

每当我尝试使用 composer 添加一个新包时"composer require packagename/package" 或使用 "composer.phar update"，我正在更新所有已安装的包.作曲家中是否有任何选项可以排除一些我不需要更新的包?

Whenever I try to add a new package using composer like "composer require packagename/package" or use "composer.phar update", I am getting all the installed packages updated. Is there any option in composer to exclude some package that I don't need to get updated?

推荐答案

如果您觉得需要排除某些包的更新，我会认为这是陷入依赖混乱的开始.你应该在事情​​变得更糟之前清理你的依赖关系.

If you feel the need to exclude some of your packages from being updated, I'd consider this the beginning of getting into a dependency mess. You should clean up your dependencies now before it gets worse.

根据我的经验，不想更新依赖项的最主要原因是当您使用包的分支而不是发布版本时.你应该尽可能彻底地解决这个问题:

From my experience, the topmost reason not wanting to update a dependency is when you used a branch of a package instead of a released version. You should try to fix this as thoroughly as possible:

• 如果您使用自己的包，请为您要使用的提交标记发布版本.然后切换您的软件以使用该确切版本，或使用通配符版本要求，如 1.0.*、~1.2 或 ^1.3.4.
• 如果您使用无法直接影响的外部代码，请尝试联系该代码的开发人员并要求他们标记版本.标记版本对于维护健全的依赖关系树很重要.
• 如果你不能让外部开发者标记一个版本，自己想办法标记它:
• • 在 Github 上克隆他们的存储库，标记版本，并包含您的存储库副本，而不是转到 packagist.org.
  • 在 composer.json 文件的type=package"存储库条目中创建必要的元数据.
  • Create the necessary metadata in a "type=package" repository entry in your composer.json file.
  • 或者至少，当依赖于分支时，为它分配一个版本别名，以便稍后在外部项目开始标记其版本时进行更平滑的转换.请注意，这根本不会解决您当前的问题，但它可能会在未来让事情变得更好.

  通常，您应该始终能够无条件地运行 composer update.如果没有，这是一个警告信号，表明您自己的 composer.json 文件中未正确声明依赖项.

  In general, you should always be able to run composer update unconditionally. If not, this is a warning sign for dependencies not properly declared in your own composer.json file.

  不想更新的第二个原因是软件包中的不兼容更改被标记为错误修复而不是主要版本增加.解决方案很简单:

  The second reason for not wanting to update is incompatible changes in a package that were tagged as a bug fix instead of a major version increase. The solution for this would be simple:

  • 首先，您必须调查导致此类错误的原因:这真的是不兼容的 API 更改吗?如果是，请向该软件包的开发人员提出问题.他们应该创建一个新的错误修复版本，并回滚或修复不兼容的更新，如果他们想保留他们的更改，他们应该根据他们所做的更改来标记次要或主要版本增量.
  • 如果您错误地使用了他们的代码，不知何故没有使用公共 API，则不太可能修复错误.您应该尝试通过不使用不应该是公共 API 的东西来修复您的代码.例如，在 Symfony 的最新版本中，公共 API 在代码和文档中被明确标记 - 使用其他东西会在某些时候中断，即使在执行兼容"版本更新(例如从 2.6.x 到 2.7.x)时也是如此.
  • 解决此问题的另一种方法是在 composer.json 文件中排除较新版本:而不是 "external/package":"~1.2" you'如果您发现 1.2.5 版本破坏了您的软件，请输入 "external/package":"~1.2,!1.2.5".或者，也许您害怕进一步的更新也会破坏您的软件，您会放入 "external/package":"~1.2,!>=1.2.5".
  • First you'd have to investigate the reason for such an error: Was it really an incompatible API change? If yes, raise an issue with the developers of that package. They should create a new bug fix version with that incompatible update rolled back or fixed, and if they want to keep their change, they should tag it with a minor or major version increment, depending on what they changed.
  • If however you incorrectly used their code, somehow not using the public API, a bug fix is unlikely. You should try fixing your code by not using stuff that is not supposed to be the public API. For example, in recent versions of Symfony, the public API is explicitly tagged in the code and documentation - using something else will break at some point, even when doing "compatible" version updates like from 2.6.x to 2.7.x.
  • Another way to fix it would be to exclude the newer version inside the composer.json file: Instead of "external/package":"~1.2" you'd put "external/package":"~1.2,!1.2.5" if you find that version 1.2.5 broke your software. Or maybe you are afraid of further updates also breaking your software, you'd put in "external/package":"~1.2,!>=1.2.5".

  还要补充一点:如果您运行 composer require，您将不会获得已安装软件包的更新.它们是固定的.将根据所有已安装的版本选择所需的软件包，并且仅当有可用的版本与已安装的所有版本兼容时才会安装它.请注意，如果您自己的 composer.json 和新包中的包分支都存在依赖关系，这将无法正常工作.原因是分支名称将相同，但您永远不会知道正在使用哪个提交.也许新包使用了第三个包的 dev-master 的最新提交，而您自己的软件是一个非常旧的软件，并且两者之间存在不兼容的更改 - 这会在没有 Composer 的情况下破坏能够检测到它.

  One more thing to add: If you run composer require, you won't get updates for packages that are already installed. They are fixed. The required package will be selected based on all the installed versions, and it will only be installed if there is a version available that is compatible with all the versions already installed. Note that this will not work correctly if there are dependencies on branches of packages in both your own composer.json and the new package. The reason is that the branch name will be the same, but you'll never know which commit was being used. Maybe the new package uses a very recent commit of dev-master of a third package, and your own software a very old one, and there have been incompatible changes in between - this will break things without Composer being able to detect it.

  这篇关于在作曲家中排除更新包的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！