我正在尝试执行 composer 更新 <package> 但收到以下错误:

I am trying to perform a composer update <package> but getting the following error:

请求的包<包>(锁定在<tag>，需要作为<version>) 可以满足 <package>[<tag>] 但这些冲突符合您的要求或最低稳定性.

The requested package <package> (locked at <tag>, required as <version>) is satisfiable by <package>[<tag>] but these conflict with your requirements or minimum-stability.

同时，标签 <tag> 仅作为字符串存在于我的 composer.lock 文件中，我认为它只是由 composer update 修改，而不是回读.

Meanwhile, the tag <tag> exists as a string only in my composer.lock file, which I thought was only modified by composer update, not read back.

我尝试运行 composer why-not <package>，但它的输出并没有真正解释问题:

I tried running composer why-not <package>, but its output didn't really explain the issue:

<其他版本>需要<包>()

<program> <other-version> requires <package> (<version>)

在这种情况下，锁定"是什么意思?我该如何解决这个问题?

What does 'locked at' mean in this context and how do I solve the issue?

推荐答案

当你为 composer update 指定一个包名时(例如 composer update somevendor/somepackage)，你'告诉 Composer 你想更新那个包并把其他所有东西都保留在当前版本 - 你想锁定"它们所在的所有其他软件包，只需更新一个.

When you specify a package name to composer update (e.g. composer update somevendor/somepackage), you're telling Composer that you want to update that package and leave everything else at the current version - you want to "lock" all the other packages where they are, and just update one.

只有当您指定的新版本的软件包与那些已安装的软件包兼容时，这才有效.如果新版本需要其他东西的更新版本，或者列出它与之冲突"，一个特定的版本，Composer 只会告诉你它做不到.

That will only work if the new version of the package you specify is compatible with those already installed packages. If the new version requires a newer version of something else, or lists that it "conflicts with" a particular version, Composer will simply tell you that it can't do it.

其他包被锁定"的版本存储在 composer.lock 文件中，但您不应该手动编辑该文件.

The versions that the other packages are "locked at" are stored in the composer.lock file, but you should never edit that file by hand.

您有几种方法可以告诉 Composer 它允许更新哪些包:

You have a few ways to tell Composer which packages it's allowed to update:

一次更新多个特定包以解决特定问题:composer update somevendor/somepackage somethingelse/somedependency更新所选包及其所有依赖项除了您直接在 composer.json 中列出的那些:composer update somevendor/somepackage --with-dependencies更新选定的包及其所有依赖项:composer update somevendor/somepackage --with-all-dependencies只需更新所有内容:composer update 完全没有参数 Update more than one specific package at a time to resolve the specific problem: composer update somevendor/somepackage somethingelse/somedependency Update the selected package and all its dependencies except the ones you've listed directly in your composer.json: composer update somevendor/somepackage --with-dependencies Update the selected package and all its dependencies: composer update somevendor/somepackage --with-all-dependencies Just update everything: composer update with no arguments at all

所有这些命令仍将遵循您在 composer.json 中手动指定的版本约束，您只是在命令行上向 Composer 提供了附加说明允许更新哪些软件包以满足这些限制.

All of these commands will still respect the version constraints you've specified manually in composer.json, you are just giving Composer additional instructions on the command-line about which packages it's allowed to update to meet those constraints.

就我个人而言，我主张只运行不带参数的 composer update:如果您想更严格地控​​制何时更新某些内容，您总是可以在 composer.json.

Personally, I would advocate just running composer update with no arguments: if you want tighter control over when something gets updated, you can always list a more specific constraint in composer.json.