Browse Source

Merge pull request #4817 from alcohol/repro-4795

Bug #4795
Jordi Boggiano 9 years ago
parent
commit
79ac2cac82

+ 1 - 0
src/Composer/Installer.php

@@ -1195,6 +1195,7 @@ class Installer
 
                     foreach ($requirePackages as $requirePackage) {
                         if (isset($skipPackages[$requirePackage->getName()])) {
+                            $this->io->writeError('<warning>Dependency "' . $requirePackage->getName() . '" is also a root requirement, but is not explicitly whitelisted. Ignoring.</warning>');
                             continue;
                         }
                         $packageQueue->enqueue($requirePackage);

+ 47 - 0
tests/Composer/Test/Fixtures/installer/github-issues-4795.test

@@ -0,0 +1,47 @@
+--TEST--
+
+See Github issue #4795 ( github.com/composer/composer/issues/4795 ).
+
+Composer\Installer::whitelistUpdateDependencies intentionally ignores root requirements even if said package is also a
+dependency of one the requirements that is whitelisted for update.
+
+--COMPOSER--
+{
+    "repositories": [
+        {
+            "type": "package",
+            "package": [
+                { "name": "a", "version": "1.0.0" },
+                { "name": "a", "version": "1.1.0" },
+                { "name": "b", "version": "1.0.0", "require": { "a": "~1.0" } },
+                { "name": "b", "version": "1.1.0", "require": { "a": "~1.1" } },
+                { "name": "c", "version": "1.0.0", "require": { "a": "~1.0" } }
+            ]
+        }
+    ],
+    "require": {
+        "a": "~1.0",
+        "b": "~1.0",
+        "c": "~1.0"
+    }
+}
+
+--INSTALLED--
+[
+    { "name": "a", "version": "1.0.0" },
+    { "name": "b", "version": "1.0.0", "require": { "a": "~1.0" } },
+    { "name": "c", "version": "1.0.0", "require": { "a": "~1.0" } }
+]
+
+--RUN--
+update B --with-dependencies
+
+--EXPECT-OUTPUT--
+<warning>Dependency "a" is also a root requirement, but is not explicitly whitelisted. Ignoring.</warning>
+Loading composer repositories with package information
+Updating dependencies (including require-dev)
+Nothing to install or update
+Writing lock file
+Generating autoload files
+
+--EXPECT--