Quick Start: Composer `require` command blocked by symfony/security-guard package

Question

Quick Start: Composer `require` command blocked by symfony/security-guard package

Closed this issue 3 years ago · 1 comments

The Quick Start's composer require command is halted due to constraints in symfony/security-guard package.

If I remove that package, the download completes:

$ composer require -n annotations asset doctrine encore form logger maker profiler security security-guard stof/doctrine-extensions-bundle twig validator var-dumper
Using version ^6.2 for sensio/framework-extra-bundle
Using version ^2.2 for symfony/orm-pack
Using version ^1.14 for symfony/webpack-encore-bundle
Using version ^3.8 for symfony/monolog-bundle
Using version ^1.42 for symfony/maker-bundle
Using version ^1.0 for symfony/profiler-pack
Using version ^1.7 for stof/doctrine-extensions-bundle
Using version ^1.0 for symfony/twig-pack
symfony/maker-bundle is currently present in the require-dev key and you ran the command without the --dev flag, which would move it to the require key.
./composer.json has been updated
Running composer update sensio/framework-extra-bundle symfony/asset symfony/orm-pack symfony/webpack-encore-bundle symfony/form symfony/monolog-bundle symfony/maker-bundle symfony/profiler-pack symfony/security-bundle symfony/security-guard stof/doctrine-extensions-bundle symfony/twig-pack symfony/validator symfony/var-dumper
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires symfony/security-guard 6.0.*, found symfony/security-guard[v2.8.0-BETA1, ..., 2.8.x-dev, v3.0.0-BETA1, ..., 3.4.x-dev, v4.0.0-BETA1, ..., 4.4.x-dev, v5.0.0-BETA1, ..., 5.4.x-dev] but it does not match the constraint.

You can also try re-running composer require with an explicit version constraint, e.g. "composer require sensio/framework-extra-bundle:*" to figure out if any version is installable, or "composer require sensio/framework-extra-bundle:^2.1" if you know which you need.

Installation failed, reverting ./composer.json and ./composer.lock to their original content.

Without security-guard package, it completes

$ composer require -n annotations asset doctrine encore form logger maker profiler security stof/doctrine-extensions-bundle twig validator var-dumper
Using version ^6.2 for sensio/framework-extra-bundle
Using version ^2.2 for symfony/orm-pack
[...]
Generating optimized autoload files
108 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Answer 1 · 2022-05-15T14:06:42.000Z

Actually, it seems to work well, I must have done something wrong ...

On a side note, I get this question after composer create-project, so perhaps a -n or -y should be added to the command, to let it complete automatically?

The recipe for this package contains some Docker configuration.

    This may create/update docker-compose.yml or update Dockerfile (if it exists).

    Do you want to include Docker configuration from recipes?
    [y] Yes
    [n] No
    [p] Yes permanently, never ask again for this project
    [x] No permanently, never ask again for this project
    (defaults to y):