I think there's something wrong with composer dependencies somewhere. I can't tell you the exact source - I can only tell you what I've observed:
In the beggining, I have this in my composer.json
(only showing doctrine/*
and symfony/security-*
):
"doctrine/annotations": "^1.8",
"doctrine/dbal": "^2.12",
"doctrine/orm": "^2.7",
"symfony/security-bundle": "4.4.*",
...and this is contained in the output of composer show
:
doctrine/persistence 1.3.8
symfony/security-core v4.4.15
Now, if I add "symfony/security-core": "4.4.*",
to composer.json
and run composer update
, this happens:
Lock file operations: 0 installs, 3 updates, 1 removal
- Removing doctrine/reflection (1.2.1)
- Upgrading doctrine/common (2.13.3 => 3.0.2)
- Upgrading doctrine/persistence (1.3.8 => 2.1.0)
- Downgrading symfony/orm-pack (v1.2.0 => v1.1.0)
(which breaks my project, due to https://stackoverflow.com/q/63688919/1668200)
But then, if I also add "doctrine/persistence": "^1.3",
to composer.json
and run composer update
, the downgrade is magically undone:
Lock file operations: 1 install, 3 updates, 0 removals
- Downgrading doctrine/common (3.0.2 => 2.13.3)
- Downgrading doctrine/persistence (2.1.0 => 1.3.8)
- Locking doctrine/reflection (1.2.1)
- Upgrading symfony/orm-pack (v1.1.0 => v1.2.0)