Upgrading with dependencies forces downgrade to 1.19.0- could be fixed by bumping simplesamlphp/assert version #1800
Comments
|
I probably wouldn't be super worried about this apart from the fact that without a resolution it is easy to loose or not get the security updates released in 1.19.8 and 1.19.1. I guess the most relevant one here is 1.19.1 as the update to 1.19.8 would be presumably be enforced by Drupal Core requirements as well given it would be unlikely for you to have drupalauth/simplesamlphp-module-drupalauth wihout Drupal Core. |
|
I wasn't able to get it to work. Feel free to contribute a solution. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It looks like that updating a site with
simplesamlphp/simplesamlphp at version greater than 1.19.0
with composer update -w or -W (i.e. updating with dependencies)
results in a downgrade to 1.19.0 instead of an upgrade to the latest secure version!
I think I've traced this back to 1.19.1 adds a requirement for
"simplesamlphp/assert": "^0.0.13",
6dcd5b4
However https://github.com/simplesamlphp/composer-module-installer/pull/21/files
adds a requirement for
"simplesamlphp/assert": "^0.8.0"
"^0.0.13" restricts us to versions of assert below 0.1.0.
Would it be possible to loosen this requirement to allow versioning that matches what is required in simplesamlphp/composer-module-installer on the 1.9.x branch.
In the site where I hit this issue I'm getting this module via
drupalauth/simplesamlphp-module-drupalauth
which simply requires the following:
Note for anyone else hitting the issue the work around to get the latest version of simplesamlphp is to restrict the upgrade of simplesamlphp/composer-module-installer to version 1.3.0 by including this as a hard constraint in composer.json -
Alternatively if you need a more recent version of composer-module-installer you could try including simplesamlphp/assert latest version and alias to the 0.8 version.
The text was updated successfully, but these errors were encountered: