diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-05-03 16:23:40 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-05-03 16:23:40 +0900 |
| commit | d84024fb179e3ebb55573971a329cb6ff72d7fa0 (patch) | |
| tree | e7742e916c66c5e7cebb136453db9412fefb530b /crates/mozart/src/commands/require.rs | |
| parent | 87f5bcdc2d0e5fbec3848de3865d6c0d47d623ea (diff) | |
| download | php-mozart-d84024fb179e3ebb55573971a329cb6ff72d7fa0.tar.gz php-mozart-d84024fb179e3ebb55573971a329cb6ff72d7fa0.tar.zst php-mozart-d84024fb179e3ebb55573971a329cb6ff72d7fa0.zip | |
fix(resolver): seed locked packages into pool and honour root-require barrier
Mirror Composer's PoolBuilder/Request semantics for partial updates: each
non-allow-listed locked package becomes a non-fixed pool entry restricted to
its locked version, so `replace`-providing peers cannot silently displace
it. Path-repo packages are exempt — Composer always reloads them from disk.
Threading `--with-dependencies` through `expand_with_direct_dependencies`
now performs transitive expansion with a root-require barrier matching
UPDATE_LISTED_WITH_TRANSITIVE_DEPS_NO_ROOT_REQUIRE, so root requires stay
locked when reached via a transitive dep.
Newly green: remove_does_nothing_if_removal_requires_update_of_dep,
update_allow_list_removes_unused, github_issues_4795,
partial_update_with_deps_warns_root.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Diffstat (limited to 'crates/mozart/src/commands/require.rs')
| -rw-r--r-- | crates/mozart/src/commands/require.rs | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crates/mozart/src/commands/require.rs b/crates/mozart/src/commands/require.rs index 6a2917b..caf88c1 100644 --- a/crates/mozart/src/commands/require.rs +++ b/crates/mozart/src/commands/require.rs @@ -1,5 +1,5 @@ use clap::Args; -use indexmap::IndexMap; +use indexmap::{IndexMap, IndexSet}; use mozart_core::console::Verbosity; use mozart_core::console_format; use mozart_core::package::{self, Stability}; @@ -663,6 +663,7 @@ pub async fn execute( .map(|(k, v)| (k.clone(), v.clone())) .collect(), locked_package_names: indexmap::IndexSet::new(), + locked_packages: Vec::new(), }; // Print header messages @@ -731,7 +732,7 @@ pub async fn execute( let allow_list = if with_all_deps { super::update::expand_with_all_dependencies(newly_required, lock) } else if with_deps { - super::update::expand_with_direct_dependencies(newly_required, lock) + super::update::expand_with_direct_dependencies(newly_required, lock, &IndexSet::new()) } else { // Default for `require`: only the newly added packages are allowed to change. additions.iter().map(|(name, _, _)| name.clone()).collect() @@ -1064,6 +1065,7 @@ mod tests { root_replace: IndexMap::new(), root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), + locked_packages: Vec::new(), }; let resolved = resolver::resolve(&request) @@ -1138,6 +1140,7 @@ mod tests { root_replace: IndexMap::new(), root_conflict: IndexMap::new(), locked_package_names: IndexSet::new(), + locked_packages: Vec::new(), }; let resolved = resolver::resolve(&request) |