From 354ec5415774e4e6981517df9e696d4edfdb08ed Mon Sep 17 00:00:00 2001
From: Holger Veltrup <veltrup@sitepark.com>
Date: Tue, 14 May 2024 08:52:13 +0200
Subject: [PATCH] feat: Project::getUnstableDependencies consideration of
 transitive dependencies

---
 src/Project.php           | 26 +++++++++++---------------
 src/ReleaseManagement.php |  7 ++++++-
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/src/Project.php b/src/Project.php
index 9058d51..778b46a 100644
--- a/src/Project.php
+++ b/src/Project.php
@@ -4,6 +4,7 @@
 
 namespace SP\Composer\Project;
 
+use Composer\InstalledVersions;
 use Composer\Package\RootPackageInterface;
 use Composer\Semver\Comparator;
 use Composer\Semver\VersionParser;
@@ -200,20 +201,15 @@ public function isRelease(): bool
     public function getUnstableDependencies(array $excludes = []): array
     {
 
-        // TODO: Also check entries from the lock file?
-        // composer show --locked -D -f json
-
-        /* @var $allRequires \Composer\Package\Link[] */
-        $allRequires = array_merge(
-            $this->package->getRequires(),
-            $this->package->getDevRequires()
-        );
-
         $unstable = [];
-        foreach ($allRequires as $req) {
-            $stability = VersionParser::parseStability($req->getPrettyConstraint());
-            if ($stability !== 'stable' && !in_array($req->getTarget(), $excludes, true)) {
-                $unstable[] = $req->getTarget() . ':' . $req->getPrettyConstraint();
+        foreach (InstalledVersions::getInstalledPackages() as $package) {
+            if ($package === $this->package->getName()) {
+                continue;
+            }
+            $version = InstalledVersions::getVersion($package);
+            $stability = VersionParser::parseStability($version);
+            if ($stability !== 'stable' && !in_array($package, $excludes, true)) {
+                $unstable[] = $package . ':' . $version;
             }
         }
 
@@ -223,11 +219,11 @@ public function getUnstableDependencies(array $excludes = []): array
     public function getLatestReleaseVersion(): ?string
     {
         if ($this->isSupportBranch()) {
-            [$major]= $this->parseVersionFromBranch($this->getBranch());
+            [$major] = $this->parseVersionFromBranch($this->getBranch());
             return $this->getLatestReleaseFromMajor((int)$major);
         }
         if ($this->isHotfixBranch()) {
-            [$major, $minor]= $this->parseVersionFromBranch($this->getBranch());
+            [$major, $minor] = $this->parseVersionFromBranch($this->getBranch());
             return $this->getLatestReleaseFromMinor((int)$major, (int)$minor);
         }
 
diff --git a/src/ReleaseManagement.php b/src/ReleaseManagement.php
index 5ca6bbf..7ab2ddf 100644
--- a/src/ReleaseManagement.php
+++ b/src/ReleaseManagement.php
@@ -25,7 +25,12 @@ public function verifyRelease(): void
             'roave/security-advisories'
         ]);
         if (count($unstable) > 0) {
-            throw new \RuntimeException('There are unstable dependencies:' . "\n\n" . implode("\n", $unstable));
+            throw new \RuntimeException(
+                'There are unstable dependencies:' . "\n\n" .
+                implode("\n", $unstable) . "\n\n" .
+                "Show with:\n\n" .
+                "composer show"
+            );
         }
     }