composer.lock not alligned with composer.json

[vinise]

The composer.lock seems outdated and does not correspond to composer json

For ex :
"guzzlehttp/guzzle": "^7.4.0" VS "version": "6.3.3" in lock
https://github.com/getbrevo/brevo-php/blob/main/composer.json#L25C9-L25C38
https://github.com/getbrevo/brevo-php/blob/main/composer.lock#L11

This is minor but create issues with multiple security tools such as snyk

[leberknecht]

Ping?

[leberknecht]

Hm, i thought "ok, i will just fork this, update the .lock and make a PR" ...you wont believe what happens next:

(venv) ~/dev/brevo-php(main|✚1…) % composer install
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires friendsofphp/php-cs-fixer ~1.12 -> satisfiable by friendsofphp/php-cs-fixer[v1.12.0, ..., v1.13.3].
    - friendsofphp/php-cs-fixer[v1.12.0, ..., v1.13.3] require php ^5.3.6 || >=7.0 <7.2 -> your php version (8.3.10) does not satisfy that requirement.

yes, php 5.