diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-05-03 16:23:40 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-05-03 16:23:40 +0900 |
| commit | d84024fb179e3ebb55573971a329cb6ff72d7fa0 (patch) | |
| tree | e7742e916c66c5e7cebb136453db9412fefb530b /crates/mozart/src/commands/remove.rs | |
| parent | 87f5bcdc2d0e5fbec3848de3865d6c0d47d623ea (diff) | |
| download | php-mozart-d84024fb179e3ebb55573971a329cb6ff72d7fa0.tar.gz php-mozart-d84024fb179e3ebb55573971a329cb6ff72d7fa0.tar.zst php-mozart-d84024fb179e3ebb55573971a329cb6ff72d7fa0.zip | |
fix(resolver): seed locked packages into pool and honour root-require barrier
Mirror Composer's PoolBuilder/Request semantics for partial updates: each
non-allow-listed locked package becomes a non-fixed pool entry restricted to
its locked version, so `replace`-providing peers cannot silently displace
it. Path-repo packages are exempt — Composer always reloads them from disk.
Threading `--with-dependencies` through `expand_with_direct_dependencies`
now performs transitive expansion with a root-require barrier matching
UPDATE_LISTED_WITH_TRANSITIVE_DEPS_NO_ROOT_REQUIRE, so root requires stay
locked when reached via a transitive dep.
Newly green: remove_does_nothing_if_removal_requires_update_of_dep,
update_allow_list_removes_unused, github_issues_4795,
partial_update_with_deps_warns_root.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Diffstat (limited to 'crates/mozart/src/commands/remove.rs')
| -rw-r--r-- | crates/mozart/src/commands/remove.rs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/crates/mozart/src/commands/remove.rs b/crates/mozart/src/commands/remove.rs index 15b3586..9c5f7fa 100644 --- a/crates/mozart/src/commands/remove.rs +++ b/crates/mozart/src/commands/remove.rs @@ -1,5 +1,5 @@ use clap::Args; -use indexmap::IndexMap; +use indexmap::{IndexMap, IndexSet}; use mozart_core::console::Verbosity; use mozart_core::console_format; use mozart_core::package; @@ -275,6 +275,7 @@ pub async fn execute( .map(|(k, v)| (k.clone(), v.clone())) .collect(), locked_package_names: indexmap::IndexSet::new(), + locked_packages: Vec::new(), }; // Print header messages @@ -340,7 +341,7 @@ pub async fn execute( super::update::expand_with_all_dependencies(removed_names, lock) } else { // Default: freed packages + their direct dependencies - super::update::expand_with_direct_dependencies(removed_names, lock) + super::update::expand_with_direct_dependencies(removed_names, lock, &IndexSet::new()) }; // For --minimal-changes, additionally pin packages beyond the allow list @@ -552,6 +553,7 @@ async fn remove_unused( .map(|(k, v)| (k.clone(), v.clone())) .collect(), locked_package_names: indexmap::IndexSet::new(), + locked_packages: Vec::new(), }; console.info("Resolving dependencies to detect unused packages..."); @@ -905,6 +907,7 @@ mod tests { root_replace: IndexMap::new(), root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), + locked_packages: Vec::new(), }; let resolved = resolve(&request) .await @@ -961,6 +964,7 @@ mod tests { root_replace: IndexMap::new(), root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), + locked_packages: Vec::new(), }; let resolved2 = resolve(&request2) .await |