问题
Trying to perform a composer update <package> but getting the following error:
The requested package <package> (locked at <tag>, required as dev-<branchXY>) is satisfiable by <package>[<tag>] but these conflict with your requirements or minimum-stability.
Meanwhile, the tag <tag> exists as a string only in my composer.lock file, of which I thought it was only modified by composer update but not read.
What does 'locked at' mean in this context and how do I solve the issue?
composer why-not <package> says:
<program> 3.0.8.1 requires <package> (dev-<branch>)
which is not very helpful to me
回答1:
The package is locked means the commit-hash of the last commit on the branch used with version-constraint dev-<branch> was saved during the last run of composer update in the lock-file to ensure deterministic (reproducible) builds upon deployment.
This commit-hash or tag is written to your lock-file (composer.lock) if you:
- run
composer update [<package>]
... or ...
- run
composer installwith acomposer.jsonpresent but not a lock-file in composer's current directory which does auto-generate the lock-file
来源:https://stackoverflow.com/questions/57414286/what-means-locked-at-tag-in-composer