Composer install & update issue (requires php ^7.0 -> your php version (8.0.3))

Question

We are starting to use PHP 8 on new projects. But we are also migrating old projects to the new PHP 8. Problems occur when installing dependencies.

Because PHP 8 is relatively new, there are still many third-party packages that depend on older versions of PHP (mostly only due to outdated configuration).

My PHP version:

martin@empire:~$ php -v
PHP 8.0.3 (cli) (built: Mar  5 2021 07:54:13) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.3, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.3, Copyright (c), by Zend Technologies

Example of composer install on Symfony project:

martin@empire:~/projects/twig-example$ composer install
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Your lock file does not contain a compatible set of packages. Please run composer update.

  Problem 1
    - twig/twig is locked to version v2.3.0 and an update of this package was not requested.
    - twig/twig v2.3.0 requires php ^7.0 -> your php version (8.0.3) does not satisfy that requirement.
  Problem 2
    - twig/twig v2.3.0 requires php ^7.0 -> your php version (8.0.3) does not satisfy that requirement.
...

Example composer update on Laravel 8 project:

martin@empire:~/projects/collabquest-api$ composer update
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - jwilsson/spotify-web-api-php[3.6.0, ..., 3.6.2] require php ^7.0 -> your php version (8.0.3) does not satisfy that requirement.
    - Root composer.json requires jwilsson/spotify-web-api-php ^3.6 -> satisfiable by jwilsson/spotify-web-api-php[3.6.0, 3.6.1, 3.6.2].

What is the best way to deal with this issue and solve this dependency problem?

...is there anything unclear about the error message? Why not update the packages to versions that are compatible with PHP 8 if you want to use PHP 8? — Nico Haase, Mar 22 '21 at 06:52
The problem was that we also use packages that do not yet have an update for PHP 8. And therefore this problem occurred with dependencies. It was also not possible to degrade the PHP version of the whole project, because we have already used the features of PHP 8 in our code. We solved it temporarily with the switch "--ignore-platform-req=php" — Martin Osusky, Mar 22 '21 at 07:01
Is there any, like: **any**, reason to use such an old version of Twig? Why not update it? — Nico Haase, Mar 22 '21 at 08:47
@MartinOsusky please, if you have a solution add it in the answer section and not inside your question (specially when the solution is absolutely a wrong tip ;) ). — gp_sflover, Mar 22 '21 at 09:21
@gp_sflover I added a day ago, now I'm just responding to comments :) — Martin Osusky, Mar 22 '21 at 12:16
@NicoHaase No there isn't. But I will just repeat what I have mentioned several times that, unfortunately, I use packages that create dependencies on old packages ... The problem itself is not in the packages referenced by the project itself, but in the packages referenced by nested dependencies. The definitive solution is to gradually get rid of such "toxic" packages, but it takes plenty of time. — Martin Osusky, Mar 22 '21 at 12:26
Yes, that takes a lot of time. To be safe the next time, you should always run your CI pipelines with the same PHP version you are using in production, such that you immediately get notified when such incompatibilities occur — Nico Haase, Mar 22 '21 at 14:29

Martin Osusky · Answer 1 · 2021-03-22T12:55:40.890

2

Update:

Definitive solution

Use newer packages that are PHP 8 ready. Most packages are up to date.

If some explicitly require lower versions of PHP, find a replacement. Or fork them and update.

You can use the following as a temporary solution:

Temporary quick solution

Composer has the following possibilities:

--ignore-platform-req=IGNORE-PLATFORM-REQ        Ignore a specific platform requirement (php & ext- packages). (multiple values allowed)
--ignore-platform-reqs                           Ignore all platform requirements (php & ext- packages).

Usage:

# for composer install
composer --ignore-platform-req=php install

# for composer update
composer --ignore-platform-req=php update

# also works for require etc.

Most packages use PHP version 7.x.x or lower, which is backward compatible with version 8. So no issue should arise.

Update: There is also the possibility of forcing the version directly in the composer.json. However, this option was not usable for us, because we have already used a special syntax and features of php version 8 in the code. Even so, we already had version conflicts, whether we forced version 7 or 8 of PHP to the project.

Example of forcing version in composer.json:

{
    "config": {
       "platform": {
           "php": "7.0.0"
       }
    }
}

Use it only when you are sure that it does not cause any problems.

edited Mar 22 '21 at 12:55

answered Mar 21 '21 at 16:19

Martin Osusky

820
1
6
15

1

There is also a platforms section in composer.json that allows you to set the PHP version for composer to use thus eliminating the need for the additional ignore arguments. – Cerad Mar 21 '21 at 16:31
@Cerad But you don't want and of course you can't change composer.json on all vendor packages. – Martin Osusky Mar 21 '21 at 16:38
@Cerad you mean { "config": { "platform": { "php": "7.0.0" } } } The problem is that the developer forgets, and even if the packages are updated, theoretically there may be a problem with the dependency of PHP versions in the future. And most importantly, then there are the packages that need php8 and also the old ones that need php7 .. and that doesn't solve the problem in the end – Martin Osusky Mar 21 '21 at 16:44
Your choice of course though I don't really see how ignoring the dependencies actually solves 'the problem'. In any event the real question is why the packages in question have not been tweaked to install under PHP 8. It's been over three months now. All it takes is minor adjustment to composer.json, a quick test and then hit the publish button. Personally I would not use any packages that have not yet been updated. Or the very least I would fork them and make the adjustment myself. – Cerad Mar 21 '21 at 17:38
I fully agree with you and that is why I would NOT recommend a permanent solution, which is based on the forced version in composer.json, but just temporarily ignoring the PHP version dependences. So that the developer can install the project and then take the following steps. (Replace problem packages or fork them and modify). – Martin Osusky Mar 21 '21 at 17:45
I don't see any need for such hacks. `twig/twig` in v2.3.0 is (today exactly!) four years old, and there's no reason to use it anymore if you can update to anything later. Since v2.13.0 (released in July 2020), there's support for any later version of PHP – Nico Haase Mar 22 '21 at 08:46
@NicoHaase I agree, but I will just repeat what I have mentioned several times that, unfortunately, I use packages that create dependencies on old packages ... The problem itself is not in the packages referenced by the project itself, but in the packages referenced by nested dependencies. The definitive solution is to gradually get rid of such "toxic" packages, but it takes plenty of time. – Martin Osusky Mar 22 '21 at 12:25

score 0 · Answer 2 · answered Mar 21 '21 at 17:36

0

downgrade your php version until packages that depend on it make an update , or you must replace it with another, I have the same problem and I used the first solution.

answered Mar 21 '21 at 17:36

Ibraheem Neotron

11

I understand, downgrade is no longer possible with us, because we already have a lot of functionalities using octal features. – Martin Osusky Mar 21 '21 at 19:00

Composer install & update issue (requires php ^7.0 -> your php version (8.0.3))

2 Answers2

Definitive solution

Temporary quick solution

Linked