wp-cli/process package conflicts with roave/security-advisories package on some security issue #6236
Description
I've already directed such problem to Symfony repo, but they didn't took it, so:
Description
I'm trying to update roave/security-advisories to latest version, but it seems that WP-CLI bundle is in conflict with it by transitive requirements:
➜ myproject git:(renovate) ✗ composer req roave/security-advisories:dev-latest --dev
./composer.json has been updated
Running composer update roave/security-advisories
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].
- wp-cli/wp-cli-bundle is locked to version v2.12.0 and an update of this package was not requested.
- roave/security-advisories dev-latest conflicts with symfony/process <5.4.51|>=6,<6.4.33|>=7,<7.1.7|>=7.3,<7.3.11|>=7.4,<7.4.5|>=8,<8.0.5 (wp-cli/process v5.9.99 replaces symfony/process ^5.4.47).
- wp-cli/wp-cli-bundle v2.12.0 requires wp-cli/process 5.9.99 -> satisfiable by wp-cli/process[v5.9.99].
Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.
Installation failed, reverting ./composer.json and ./composer.lock to their original content. How to reproduce
Add require section to composer.json:
"require": {
"roave/security-advisories": "dev-latest",
"wp-cli/wp-cli-bundle": "2.12.0"
},Possible Solution
Bump wp-cli/process "replaces" version to an actual one (^5.4.51 for today)