Add liuggio/fastest

[michaelhagedon]

Motivation

We're trying to speed up PHPUnit tests and using liuggio/fastest works! But dev dependencies for Quickstart seem to go in this repo.

Proposed Resolution

Add that dependency into composer.json in this repo.

[michaelhagedon]

It seems that pheromone/phpcs-security-audit doesn't have the right branch / tag:

$ composer require liuggio/fastest
Using version ^1.7 for liuggio/fastest
./composer.json has been updated
Running composer update liuggio/fastest
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires pheromone/phpcs-security-audit dev-main, found pheromone/phpcs-security-audit[dev-master, dev-revert-25-patch-1, 1.0.0, 1.0.2, 1.0.3, 1.x-dev, 2.0.0, 2.0.1] but it does not match the constraint.

Installation failed, reverting ./composer.json to its original content.

If I switch that dependency to dev-master, it conflicts with phpcodesniffer-composer-installer:

$ composer require liuggio/fastest
Using version ^1.7 for liuggio/fastest
./composer.json has been updated
Running composer update liuggio/fastest
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires pheromone/phpcs-security-audit dev-master -> satisfiable by pheromone/phpcs-security-audit[dev-master].
    - pheromone/phpcs-security-audit dev-master requires dealerdirect/phpcodesniffer-composer-installer ^0.4.1 || ^0.5 || ^0.6 -> found dealerdirect/phpcodesniffer-composer-installer[v0.4.1, ..., v0.6.2] but it conflicts with your root composer.json require (0.7.0).


Installation failed, reverting ./composer.json to its original content.

Is this package working?

[joeparsons]

@michaelhagedon We use a fork of the canonical pheromone/phpcs-security-audit package because we're waiting on the package maintainer to merge a PR that fixes a Composer 2.0 compatibility issue (FloeDesignTechnologies/phpcs-security-audit/pull/82).

We add our fork as a composer repository in the az-quickstart-scaffolding repo here:
https://github.com/az-digital/az-quickstart-scaffolding/blob/main/composer.json#L22-L26

We could probably add it as a repository to this project's composer.json file as well so that composer CLI commands can be used to maintain this file. I think we didn't do that previously because the repositories key in composer.json files is "only available to the root package and the repositories defined in your dependencies will not be loaded" but I don't think it would do any harm to have it in this package's composer.json file as well.

[michaelhagedon]

@joeparsons Ah, OK, thanks that helps a ton. I forgot to ask if there was something else in the environment that was making this work.

I'll try adding the repo directly to az-quickstart-dev, maybe with a comment so that we remember to clean it up in both places whenever that PR gets merged.

Though based on the discussion in FloeDesignTechnologies/phpcs-security-audit/issues/47, we may want to try other forks at some point.

[michaelhagedon]

K done, except for the bit about adding a comment because JSON. 🤦