Locked packages are basically like removable fixed packages, so we still
only load one version, but we do not require their installation unless
something the user needs requires their use. So they automatically get
removed if they are no longer needed on any update.
The only automatic conflict we have results from packages using the same name
either by literally having the same name and being different versions or they
replace the same name, so
- removed all types of obsolete rules
- simplified rule generation significantly
- got rid of provide filtering in the pool
- fixed some language in error handling
- Introduce separate Lock and LocalRepo transactions, one for changes
to the lock file, one for changes to locally installed packages based
on lock file
- Remove various hacks to keep dev dependencies updated and
incorporated the functionality into the transaction classes
- Remove installed repo, there are now local repo, locked repo and
platform repo
- Remove access to local repo from solver, only supply locked packages
- Update can now be run to modify the lock file but not install packages
to local repo
Pool construction depends on the install request now, so only required
packages get loaded, add some structure for future asynchronously
loading composer repositories
Breaking change for the plugin interface so bumping the version of
composer-plugin-api to 2.0.0
First step for a refactoring of the package metadata loading mechanism
Conflict rules are not added in the solver based on the packages loaded in the
solver by require rules, instead of loading remote metadata for them. This has
2 benefits:
- it reduces the number of conflict rules in the solver in case of conflict
rules targetting packages which are not required
- it fixes the behavior of replaces, which is meant to conflict with all
versions of the replaced package, without introducing a performance
regression (this behavior was changed when optimizing composer in the past).