Asked  8 Months ago    Answers:  5   Viewed   34 times

I am trying to perform a composer update <package> but getting the following error:

The requested package <package> (locked at <tag>, required as <version>) is satisfiable by <package>[<tag>] but these conflict with your requirements or minimum-stability.

Meanwhile, the tag <tag> exists as a string only in my composer.lock file, which I thought was only modified by composer update, not read back.

I tried running composer why-not <package>, but its output didn't really explain the issue:

<program> <other-version> requires <package> (<version>)

What does 'locked at' mean in this context and how do I solve the issue?



When you specify a package name to composer update (e.g. composer update somevendor/somepackage), you're telling Composer that you want to update that package and leave everything else at the current version - you want to "lock" all the other packages where they are, and just update one.

That will only work if the new version of the package you specify is compatible with those already installed packages. If the new version requires a newer version of something else, or lists that it "conflicts with" a particular version, Composer will simply tell you that it can't do it.

The versions that the other packages are "locked at" are stored in the composer.lock file, but you should never edit that file by hand.

You have a few ways to tell Composer which packages it's allowed to update:

  • Update more than one specific package at a time to resolve the specific problem: composer update somevendor/somepackage somethingelse/somedependency
  • Update the selected package and all its dependencies except the ones you've listed directly in your composer.json: composer update somevendor/somepackage --with-dependencies
  • Update the selected package and all its dependencies: composer update somevendor/somepackage --with-all-dependencies
  • Just update everything: composer update with no arguments at all

All of these commands will still respect the version constraints you've specified manually in composer.json, you are just giving Composer additional instructions on the command-line about which packages it's allowed to update to meet those constraints.

Personally, I would advocate just running composer update with no arguments: if you want tighter control over when something gets updated, you can always list a more specific constraint in composer.json.

Wednesday, March 31, 2021
answered 8 Months ago

Solution #1 - add ext-zip to your required section of composer.json:

    "require" : {
        "ext-zip": "*"

Solution #2 - install php-zip extension:


Uncomment this line in your php.ini



sudo apt-get install php-zip


sudo apt-get install php7.0-zip (make sure you typed YOUR php version, you can check your version by doing php -v command)

Then, you need to restart your web server.

sudo service apache2 restart

Wednesday, March 31, 2021
answered 8 Months ago

This issue was actually the proxy variables. While the console was picking up the changes, PHP required a system restart to pick it up. So unsetting the environment variables and restarting allowed the Composer installer to retrieve the required files. Thanks Seldaek for your recommendation to check the proxy.

Saturday, May 29, 2021
answered 5 Months ago

It's a balance, not a contradiction

DAMP and DRY are not contradictory, rather they balance two different aspects of a code's maintainability. Maintainable code (code that is easy to change) is the ultimate goal here.

DAMP (Descriptive And Meaningful Phrases) promotes the readability of the code.

To maintain code, you first need to understand the code. To understand it, you have to read it. Consider for a moment how much time you spend reading code. It's a lot. DAMP increases maintainability by reducing the time necessary to read and understand the code.

DRY (Don't repeat yourself) promotes the orthogonality of the code.

Removing duplication ensures that every concept in the system has a single authoritative representation in the code. A change to a single business concept results in a single change to the code. DRY increases maintainability by isolating change (risk) to only those parts of the system that must change.

So, why is duplication more acceptable in tests?

Tests often contain inherent duplication because they are testing the same thing over and over again, only with slightly different input values or setup code. However, unlike production code, this duplication is usually isolated only to the scenarios within a single test fixture/file. Because of this, the duplication is minimal and obvious, which means it poses less risk to the project than other types of duplication.

Furthermore, removing this kind of duplication reduces the readability of the tests. The details that were previously duplicated in each test are now hidden away in some new method or class. To get the full picture of the test, you now have to mentally put all these pieces back together.

Therefore, since test code duplication often carries less risk, and promotes readability, its easy to see how it is considered acceptable.

As a principle, favor DRY in production code, favor DAMP in test code. While both are equally important, with a little wisdom you can tip the balance in your favor.

Tuesday, June 1, 2021
answered 5 Months ago

What does the 'At sign' mean in yaml config for azure pipeline

Yes, it represents the task version. More precisely, the major version.

According the document Tasks:

In YAML, you specify the major version using @ in the task name. For example, to pin to version 2 of the task


what is the difference between CopyFiles@1 and CopyFiles@2

I am afraid no one can completely list the exact difference between the two versions task. This is a general iterative process of software development. When we release the initial version, we will continue to repeat our products based on user feedback. When we decide to add a major version, we will release the next major version. This is the origin of V2.

And from the history of CopyFilesV2, we could to know the know the iterations and differences between different Minor or Patch versions.

So, the difference between CopyFiles@1 and CopyFiles@2 should be the fixes of multiple issues and the improvement of functionality.

Hope this helps.

Sunday, August 22, 2021
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :