Dependabot-core: PHP platform requirements ignored

Thanks for the detailed bug report @ChristophWurst. I'll see what I can do.

Digging into this, I think things are a little more complicated:

• Specifying a platform in your composer.json tricks composer into thinking you have the specified version of PHP installed on your machine
• It doesn't, however affect resolution. There's not much in the way of documentation out there (here)

You can replicate the above using the following composer.json, which should resolve to a version of illuminate/support < 5.5 (since that version introduces a PHP 7 dependency) but doesn't:

{
    "require": {
        "erusev/parsedown": "^1.6.0",
        "illuminate/support": "^5.2.0"
    },
    "platform": {
        "php": "5.6"
    }
}

Before working on a workaround in Dependabot I'm going to open an issue on Composer and check that the above is desired behaviour. My hunch is that it isn't - Composer is giving a different resolution when you specify your platform in the composer.json than it would if you actually had that platform installed.

Oops - scratch that, I was specifying the platform incorrectly! Actually, the composer.json should be:

{
    "require": {
        "erusev/parsedown": "^1.6.0",
        "illuminate/support": "^5.2.0"
    },
    "config": {
        "platform": {
            "php": "5.6"
        }
    }
}

The above does the right thing with composer install but not with composer install --ignore-platform-reqs. Less clear whether that's a bug or not, but I'm still going to ask the guys at Composer.

OK, after a bunch of digging I've got a failing spec for this and a couple of leads on how to fix it. I need to work on some other stuff now, but will come back to this when I can. I'd also welcome any help from anyone who knows PHP better than I do.

I made a start in https://github.com/dependabot/dependabot-core/pull/527