我正在将我的 symfony 升级到 6.4。从 6.3 开始,我在 symfony 中更新软件包时看到了此警告:“软件包 laminas/laminas-zendframework-bridge 已被放弃,您应该避免使用它。没有建议替换。”。我尝试使用以下方法查看依赖于它的内容:
composer depends laminas/laminas-zendframework-bridge
结果是:
__root__ dev-master requires laminas/laminas-zendframework-bridge (^1.6)
我不知道这意味着什么。这是否意味着当 laminas 被删除时 root 和 dev-master 将无法工作?我不明白。
所以问题是: 删除这个包安全吗?
Composer.json:
{
"type": "project",
"license": "proprietary",
"require": {
"php": ">=8.2.12",
"ext-ctype": "*",
"ext-iconv": "*",
"composer/package-versions-deprecated": "1.11.99.1",
"doctrine/annotations": "^1.0",
"doctrine/doctrine-bundle": "^2.3",
"doctrine/doctrine-migrations-bundle": "^3.1",
"doctrine/orm": "^2.8",
"laminas/laminas-zendframework-bridge": "^1.6",
"phpdocumentor/reflection-docblock": "^5.2",
"symfony/asset": "6.4.*",
"symfony/console": "6.4.*",
"symfony/dotenv": "6.4.*",
"symfony/expression-language": "6.4.*",
"symfony/flex": "^1.3.1",
"symfony/form": "6.4.*",
"symfony/framework-bundle": "6.4.*",
"symfony/http-client": "6.4.*",
"symfony/intl": "6.4.*",
"symfony/mailer": "6.4.*",
"symfony/monolog-bundle": "^3.7",
"symfony/password-hasher": "6.4.*",
"symfony/process": "6.4.*",
"symfony/property-access": "6.4.*",
"symfony/property-info": "6.4.*",
"symfony/proxy-manager-bridge": "6.4.*",
"symfony/runtime": "6.4.*",
"symfony/security-bundle": "6.4.*",
"symfony/translation": "6.4.*",
"symfony/twig-bundle": "^6.4",
"symfony/validator": "6.4.*",
"symfony/web-link": "6.4.*",
"symfony/webpack-encore-bundle": "^1.11",
"symfony/yaml": "6.4.*",
"symfonycasts/reset-password-bundle": "^1.7",
"symfonycasts/verify-email-bundle": "^1.4",
"twig/extra-bundle": "^2.12|^3.0",
"twig/twig": "^2.12|^3.0"
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.4",
"rector/rector": "^1.2",
"symfony/browser-kit": "^6.4",
"symfony/css-selector": "^6.4",
"symfony/debug-bundle": "^6.4",
"symfony/maker-bundle": "^1.30",
"symfony/phpunit-bridge": "^6.4",
"symfony/stopwatch": "^6.4",
"symfony/var-dumper": "^6.4",
"symfony/web-profiler-bundle": "^6.4"
},
"config": {
"preferred-install": {
"*": "dist"
},
"sort-packages": true,
"allow-plugins": {
"symfony/flex": true,
"symfony/runtime": true
}
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
},
"autoload-dev": {
"psr-4": {
"App\\Tests\\": "tests/"
}
},
"replace": {
"paragonie/random_compat": "2.*",
"symfony/polyfill-ctype": "*",
"symfony/polyfill-iconv": "*",
"symfony/polyfill-php71": "*",
"symfony/polyfill-php70": "*",
"symfony/polyfill-php56": "*"
},
"scripts": {
"auto-scripts": {
"cache:clear": "symfony-cmd",
"assets:install %PUBLIC_DIR%": "symfony-cmd"
},
"post-install-cmd": [
"@auto-scripts"
],
"post-update-cmd": [
"@auto-scripts"
]
},
"conflict": {
"symfony/symfony": "*"
},
"extra": {
"symfony": {
"allow-contrib": false,
"require": "6.4.*"
}
}
}
Symfony 中没有任何内容本质上依赖于
laminas/laminas-zendframework-bridge这个
$ composer depends laminas/laminas-zendframework-bridge __root__ dev-master requires laminas/laminas-zendframework-bridge (^1.6)
仅表示依赖关系存在于“根级别”。意思是,它是在您自己的
composer.json依赖项,由您声明;您的项目中没有其他依赖项声明对此包的依赖项”。 因此有了这些信息,您
应该能够删除该软件包。 但是当然,您应该首先确保您自己的代码没有使用该包。由于你似乎不依赖任何与层层相关的东西,所以你应该是安全的。但请使用常识并测试您的代码。