So, I recently updated my symfony project to the 4.3 version, and since it caused problems, I downgraded it to 4.2.9. But despite my efforts, and various options of composer, it keeps installing its dependencies on 4.3, (twig, security, yaml...) Even though its composer.json file shows clearly that it should use the same version. I removed vendor, cleared the cache, removed composer.lock and symfony.lock used the --no-cache option, specifically set the symfony version in composer to 4.2.9 precisely, but it always install the 4.3, which is kinda frustrating. If I checkout an old composer.lock and make an install, it works, but the update will still install 4.3, even though I set 4.2.9 in the json for symfony.
Is there a way out ? Thanks
I'm using
composer update --no-cache --dry-run
to see what we be installed without actually installing it
And this is my composer.json
{
"type": "project",
"license": "proprietary",
"require": {
"php": "^7.1.3",
"ext-iconv": "*",
"friendsofsymfony/jsrouting-bundle": "^2.3",
"sensio/framework-extra-bundle": "^5.1",
"symfony/console": "^4.0",
"symfony/flex": "^1.0",
"symfony/form": "^4.0",
"symfony/framework-bundle": "4.2.9",
"symfony/lts": "^4@dev",
"symfony/monolog-bundle": "^3.3",
"symfony/orm-pack": "^1.0",
"symfony/security-bundle": "^4.1",
"symfony/translation": "^4.0",
"symfony/twig-bundle": "^4.0",
"symfony/validator": "^4.0",
"symfony/webpack-encore-pack": "^1.0",
"symfony/yaml": "^4.0"
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.0",
"sensiolabs/security-checker": "^5.0",
"symfony/debug-bundle": "^4.1",
"symfony/dotenv": "^4.0",
"symfony/maker-bundle": "^1.9",
"symfony/profiler-pack": "^1.0",
"symfony/web-server-bundle": "^4.0"
},
"config": {
"preferred-install": {
"*": "dist"
},
"sort-packages": true
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"App\\Tests\\": "tests/"
}
},
"replace": {
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php71": "*",
"symfony/polyfill-php70": "*",
"symfony/polyfill-php56": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install --symlink --relative %PUBLIC_DIR%": "symfony-cmd",
"security-checker security:check": "script"
},
"post-install-cmd": [
"@auto-scripts"
],
"post-update-cmd": [
"@auto-scripts"
]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "4.2.9"
}
}
}
Note: I'm not talking about the dependencies of my own composer.json, but the ones installed by symfony, such as http-foundation or http-kernel.