[Issue] Fixes composer.lock file which does not contain web-token/jwt-framewo…

[m2-assistant]

This issue is automatically created based on existing pull request: #32639: Fixes composer.lock file which does not contain web-token/jwt-framewo…

---

…rk package and its dependents even though composer.json does require it.

Description (*)

The composer.lock file in the 2.4-develop branch is incomplete.

MC-38539 introduced the web-token/jwt-framework package in the composer.json file, but somehow nobody thought about updating the composer.lock file as well.
These two files should always be in sync, otherwise dependencies that are needed might not get installed.

The composer.lock file changes in this PR causes the following dependencies to get installed:

  - Installing brick/math (0.9.2)
  - Installing fgrosse/phpasn1 (v2.2.0)
  - Installing psr/event-dispatcher (1.0.0)
  - Installing spomky-labs/aes-key-wrap (v6.0.0)
  - Installing spomky-labs/base64url (v2.0.4)
  - Installing symfony/debug (v4.4.20)
  - Installing symfony/error-handler (v4.4.21)
  - Installing symfony/http-client-contracts (v2.3.1)
  - Installing symfony/http-kernel (v4.4.21)
  - Installing symfony/var-dumper (v5.2.6)
  - Installing web-token/jwt-framework (v2.2.10)

When checking where all these come from, it turns out they are all dependencies of web-token/jwt-framework:

$ composer depends brick/math
web-token/jwt-framework  v2.2.10  requires  brick/math (^0.8.17|^0.9)

$ composer depends fgrosse/phpasn1
web-token/jwt-framework  v2.2.10  requires  fgrosse/phpasn1 (^2.0)

$ composer depends psr/event-dispatcher
web-token/jwt-framework  v2.2.10  requires  psr/event-dispatcher (^1.0)

$ composer depends spomky-labs/aes-key-wrap
web-token/jwt-framework  v2.2.10  requires  spomky-labs/aes-key-wrap (^5.0|^6.0)

$ composer depends spomky-labs/base64url
web-token/jwt-framework  v2.2.10  requires  spomky-labs/base64url (^1.0|^2.0)

$ composer depends symfony/debug
symfony/error-handler  v4.4.21  requires  symfony/debug (^4.4.5)

$ composer depends symfony/error-handler
symfony/http-kernel  v4.4.21  requires  symfony/error-handler (^4.4)

$ composer depends symfony/http-client-contracts
symfony/http-kernel  v4.4.21  requires  symfony/http-client-contracts (^1.1|^2)

$ composer depends symfony/http-kernel
web-token/jwt-framework  v2.2.10  requires  symfony/http-kernel (^4.2|^5.0)

$ composer depends symfony/var-dumper
symfony/error-handler  v4.4.21  requires  symfony/var-dumper (^4.4|^5.0)

It would be appreciated if this PR gets merged as soon as possible so that when people try to modify something else in the composer files, they don't get confused with the current situation.
I don't mind if Magento core devs want to fix this internally themselves and this PR gets closed, I just want to see this fixed ASAP, thanks! 🙂

Related Pull Requests

Fixed Issues (if relevant)

None

Manual testing scenarios (*)

1. Run composer install
2. Expected to not see a warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run 'composer update' or 'composer update <package name>'.
3. Expected to get the package web-token/jwt-framework and its dependencies installed

Questions or comments

Can we add a static test that checks for the warning The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. It is recommended that you run 'composer update' or 'composer update <package name>'. after calling composer validate in order to prevent this from happening in the future?

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• All automated tests passed successfully (all builds are green)