-
-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Composer 2.2, running composer update uses incorrect composer source file somehow #10401
Comments
Update, ok confirmed my suspicion, I edited the
And now executing So that's a very bad bug, composer shouldn't use the source files from inside |
Okay I can reproduce this on a vanilla Magento 2.3.7-p2 installation.
|
Yeah, requiring composer/composer itself is a pretty bad idea usually. I don't know why it's required in your case, but I'd say updating it to a version equivalent to your composer.phar, or running Composer exclusively from vendor/bin/composer would be the best way to get around this. We cannot really ignore the vendor dir as it is needed for plugins. |
To update it in the broken project, try |
Yeah that's not going to work I'm afraid. Magento always runs behind with updating their dependencies, and their super slow release cycle isn't helping either (1 release per 6 months).
Magento requires it: https://github.com/magento/magento2/blob/2.3.7-p2/composer.json#L37 I can't update But why is the composer phar/binary not using its own source code, it makes no sense that it would priotise source code in |
It's just a "new" problem because we added a new method there so it's not finding it in the code from vendor. The problem has always existed though. I believe we have already discussed/attempted switching to using internal vendors before project vendors, but the issue is it is sometimes better but sometimes worse. In some cases you may have a plugin requiring the latest symfony/process to function for example, and Composer is typically compatible with a broad range of versions of its dependencies so we can be more flexible than a plugin which does not necessarily expect version X to be loaded. For the composer/composer files themselves perhaps we could load them exclusively from the phar, but I am not entirely sure if this would be safe or break things for a case like what Magento does here. What I'd recommend is that you use vendor/bin/composer instead of a phar, if you have composer in the vendor dir already, it'll avoid any kind of conflicts. |
Thanks for the explanation @Seldaek, that's much appreciated! I wasn't aware of this mechanic and I think I understand it for the dependencies that composer uses. But I don't really understand why it would be necessary for composer's own code. Is there a way to try this out, to exclusively use composer/composer code from the phar instead of from the vendor directory? If it turns out this causes problems in certain situations, maybe a new flag can be introduced in the Thanks! |
There is no way to try this out, and frankly I am not even sure how I'd implement this cleanly.. It'd also end up including files we depend on earlier than the project autoloader is available so it would defeat the point of keeping the project dependencies active IMO. This is a shitty problem I can see that, but there's no easy solution AFAICT. If dependencies are blocking you from updating composer/composer in vendor due to a composer/xdebug-handler require, I suggest creating issues/PRs on these dependencies to get that resolved. |
I don't understand how that's related to |
The problem is Composer 2.1+ requires xdebug-handler ^2, so if some other dependency is blocked with xdebug-handler ^1 it will prevent updating composer/composer to latest in vendor. Magento is the one depending on composer/composer, but they allow ^2 so that's not blocking anything. |
Okay guys, please ignore this xdebug handler thing. This issue is not a support request, it's a bug report. Around this remark:
I just spend an hour experimenting with various versions of composer. After testing various versions of composer, only versions 2.2.0, 2.2.1 and 2.2.2 outputted Now, I also tried to git bisect the composer source code, but because of a weird issue with the
If I have to guess, the most likely candidates are either one of these, but I can't say that with 100% confidence: @Seldaek: is this enough info for you to start considering this as a bug report? Or shall I continue searching to hopefully find even more info? |
Hmm, this might be a bug introduced in laminas/laminas-zendframework-bridge#90 @boesing, @Ocramius: any ideas? Update: downgrading |
I have no idea :D |
I did not even understand what is happening from just reading this issue tbh. Could you please add the laminas package temporarily to your projects {
"replace": {
"laminas/laminas-zendframework-bridge": "*"
}
} |
Sorry, I understand the issue has become quite a mess. The issue is: What I expect to happen, is when I run a globally installed Hope this makes it a bit more clear? |
Ok I see.. Maybe you could try this:
Then try again see if that fixes it? Possibly you'll need to run these commands with --no-plugins to avoid breakage. |
Interesting trick, that seems to work over here! Even without But is that only a workaround, or do you believe - as I do - that there is still a bug in here somewhere? |
Since I think composer needs to somehow isolate itself from being overruled by its own composer dependency. This would be a fix which will solve all this mess I guess. But I think this would also mean a lot of work for composer itself. |
If this package is still causing issues then perhaps I should remove the version check in 54123e4 and simply always exclude it. That's the reason that downgrading it to 1.4.0 fixes the issue. Switching the application autoloader to be appended instead of prepended also fixes it, but that usually causes other issues with PHPUnit and co, which is why we default to prepend. |
OK please confirm if things work with |
Confirmed that the snapshot build fixes the issue! However, this is just a workaround. If another composer module does the same thing we will have the same issue. |
The thing is composer isn't loading it, well it is only loading enough to allow the plug-ins to run. The problem in this case is the plug-in depends on that package which then includes the entire application autoloader and prepends it to the composer one, which ends up messing up the autoload setup. So yes it's possible some other package would do something equally messed up, but I'm hoping people would notice in time to fix it before it becomes as widespread as laminas/laminas-zendframework-bridge now is. The problem in this case is composer changed the way things are included so that broke the assumptions the package made, which is the only reason I'm willing to workaround the issue here. |
Hi,
After doing |
Thanks @Seldaek for all the information and trying to help out here. It does make sense the way you describe it. I might have sounded a bit short or annoyed but note that I'm very grateful for the feedback here and the proposed workarounds! Thanks again! |
@hostep no worries. you threw me off with the composer/composer require because it was in fact not the root cause of the problem, which is why I thought this was a somewhat bogus issue for so long, but glad we figured it out eventually. |
Hi
This is something weird that I encountered after upgrading to composer 2.2.1
I have 2 different Magento2 projects, they both run the same version of Magento (2.3.7-p2) but have different custom dependencies.
In one project I have no problem using composer 2.2.1, but in the other project, I get this error when I try to run
composer update
:So it can't find that
setPlatformRequirementFilter
method inComposer\Installer
. Which is strange because it exists in the phar file.Magento2 does come with
composer/composer
as dependency as well, which is currently at version 2.0.13 and can't be updated further for some reason I haven't looked into yet (in both projects).That version of composer does not have that
setPlatformRequirementFilter
method yet.So my guess is that while executing
composer update
, somehow composer tries to loadComposer\Installer
fromvendor/composer/composer
instead of from thecomposer.phar
file. But only on one project and not in the other, which is very strange ...Any ideas?
The text was updated successfully, but these errors were encountered: