Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installing with COMPOSER_PREFER_STABLE=0 and --dry-run fails when minimum stability is stable and package is not stable #11112

Closed
localheinz opened this issue Oct 12, 2022 · 1 comment
Labels
Milestone

Comments

@localheinz
Copy link
Contributor

My composer.json:

{}

Output of composer diagnose:

Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK git version 2.37.3
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.4.2
PHP version: 7.4.30
PHP binary path: /opt/homebrew/Cellar/php@7.4/7.4.30_1/bin/php
OpenSSL version: OpenSSL 1.1.1q  5 Jul 2022
cURL version: 7.85.0 libz 1.2.11 ssl (SecureTransport) OpenSSL/1.1.1q
zip: extension present, unzip present, 7-Zip not available

When I run this command:

COMPOSER_PREFER_STABLE=0 composer require --dev --dry-run -vvv roave/security-advisories:dev-latest

I get the following output:

Running 2.4.2 (2022-09-14 16:11:15) with PHP 7.4.30 on Darwin / 21.6.0
Reading ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Loading config file /Users/am/.composer/auth.json
Loading config file ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Checked CA file /opt/homebrew/etc/ca-certificates/cert.pem: valid
Executing command (/Users/am/Sites/composer/composer/.notes): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Reading /Users/am/.composer/composer.json
Loading config file /Users/am/.composer/auth.json
Loading config file /Users/am/.composer/composer.json (/Users/am/.composer/composer.json)
Loading config file /Users/am/.composer/auth.json
Reading /Users/am/.composer/auth.json
Reading /Users/am/.composer/vendor/composer/installed.json
Loading plugin Ergebnis\Composer\Normalize\NormalizePlugin (from ergebnis/composer-normalize, installed globally)
Loading plugin Pyrech\ComposerChangelogs\ChangelogsPlugin (from pyrech/composer-changelogs, installed globally)
./composer.json has been updated
Unloading plugin Pyrech\ComposerChangelogs\ChangelogsPlugin
Unloading plugin Ergebnis\Composer\Normalize\NormalizePlugin
Reading ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Loading config file /Users/am/.composer/auth.json
Loading config file ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Executing command (/Users/am/Sites/composer/composer/.notes): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Reading /Users/am/.composer/composer.json
Loading config file /Users/am/.composer/auth.json
Loading config file /Users/am/.composer/composer.json (/Users/am/.composer/composer.json)
Loading config file /Users/am/.composer/auth.json
Reading /Users/am/.composer/auth.json
Reading /Users/am/.composer/vendor/composer/installed.json
Loading plugin Ergebnis\Composer\Normalize\NormalizePlugin_composer_tmp0 (from ergebnis/composer-normalize, installed globally)
Loading plugin Pyrech\ComposerChangelogs\ChangelogsPlugin_composer_tmp1 (from pyrech/composer-changelogs, installed globally)
Running composer update roave/security-advisories
Loading composer repositories with package information
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/packages.json from cache
Downloading https://repo.packagist.org/packages.json if modified
[304] https://repo.packagist.org/packages.json
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories.json from cache
Downloading https://repo.packagist.org/p2/roave/security-advisories.json if modified
[304] https://repo.packagist.org/p2/roave/security-advisories.json
Built pool.
Running pool optimizer.
Updating dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.000 seconds
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories.json from cache
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories.json from cache
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories~dev.json from cache
Downloading https://repo.packagist.org/p2/roave/security-advisories~dev.json if modified
[304] https://repo.packagist.org/p2/roave/security-advisories~dev.json
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories.json from cache
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories~dev.json from cache
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires roave/security-advisories dev-latest, found roave/security-advisories[dev-latest] but it does not match your minimum-stability.


Installation failed, reverting ./composer.json to its original content.

And I expected this to happen:

Running 2.4.2 (2022-09-14 16:11:15) with PHP 7.4.30 on Darwin / 21.6.0
Reading ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Loading config file /Users/am/.composer/auth.json
Loading config file ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Checked CA file /opt/homebrew/etc/ca-certificates/cert.pem: valid
Executing command (/Users/am/Sites/composer/composer/.notes): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Reading /Users/am/.composer/composer.json
Loading config file /Users/am/.composer/auth.json
Loading config file /Users/am/.composer/composer.json (/Users/am/.composer/composer.json)
Loading config file /Users/am/.composer/auth.json
Reading /Users/am/.composer/auth.json
Reading /Users/am/.composer/vendor/composer/installed.json
Loading plugin Ergebnis\Composer\Normalize\NormalizePlugin (from ergebnis/composer-normalize, installed globally)
Loading plugin Pyrech\ComposerChangelogs\ChangelogsPlugin (from pyrech/composer-changelogs, installed globally)
./composer.json has been updated
Unloading plugin Pyrech\ComposerChangelogs\ChangelogsPlugin
Unloading plugin Ergebnis\Composer\Normalize\NormalizePlugin
Reading ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Loading config file /Users/am/.composer/auth.json
Loading config file ./composer.json (/Users/am/Sites/composer/composer/.notes/composer.json)
Executing command (/Users/am/Sites/composer/composer/.notes): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Reading /Users/am/.composer/composer.json
Loading config file /Users/am/.composer/auth.json
Loading config file /Users/am/.composer/composer.json (/Users/am/.composer/composer.json)
Loading config file /Users/am/.composer/auth.json
Reading /Users/am/.composer/auth.json
Reading /Users/am/.composer/vendor/composer/installed.json
Loading plugin Ergebnis\Composer\Normalize\NormalizePlugin_composer_tmp0 (from ergebnis/composer-normalize, installed globally)
Loading plugin Pyrech\ComposerChangelogs\ChangelogsPlugin_composer_tmp1 (from pyrech/composer-changelogs, installed globally)
Running composer update roave/security-advisories
Loading composer repositories with package information
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/packages.json from cache
Downloading https://repo.packagist.org/packages.json if modified
[304] https://repo.packagist.org/packages.json
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories.json from cache
Downloading https://repo.packagist.org/p2/roave/security-advisories.json if modified
Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories~dev.json from cache
Downloading https://repo.packagist.org/p2/roave/security-advisories~dev.json if modified
[304] https://repo.packagist.org/p2/roave/security-advisories.json
[304] https://repo.packagist.org/p2/roave/security-advisories~dev.json
Built pool.
Running pool optimizer.
Updating dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.000 seconds
Analyzed 103 packages to resolve dependencies
Analyzed 104 rules to resolve dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.000 seconds
Lock file operations: 1 install, 0 updates, 0 removals
Installs: roave/security-advisories:dev-latest 2e0b465
  - Locking roave/security-advisories (dev-latest 2e0b465)
Writing lock file
Installing dependencies from lock file (including require-dev)
Reading ./composer.lock (/Users/am/Sites/composer/composer/.notes/composer.lock)
Package operations: 1 install, 0 updates, 0 removals
Installs: roave/security-advisories:dev-latest 2e0b465
  - Installing roave/security-advisories (dev-latest 2e0b465)
  - Marking roave/security-advisories (9999999-dev 2e0b465) as installed, alias of roave/security-advisories (dev-latest 2e0b465)
> post-package-install: Pyrech\ComposerChangelogs\ChangelogsPlugin_composer_tmp1->postPackageOperation
Downloading https://packagist.org/downloads/
[201] https://packagist.org/downloads/
Generating autoload files
1 package you are using is looking for funding.
Use the `composer fund` command to find out more!
> post-update-cmd: Pyrech\ComposerChangelogs\ChangelogsPlugin_composer_tmp1->postUpdate
Changelogs summary:

 - roave/security-advisories installed in version dev-latest@2e0b465

Reading /Users/am/Library/Caches/composer/repo/https---repo.packagist.org/provider-roave~security-advisories.json from cache
No security vulnerability advisories found

❗ Note that running

COMPOSER_PREFER_STABLE=0 composer require --dev  -vvv roave/security-advisories:dev-latest

works fine, but it installs the dependencies, which I do not want, but (as pointed out above)

COMPOSER_PREFER_STABLE=0 composer require --dev  --dry-run -vvv roave/security-advisories:dev-latest

fails with a stability warning.

I am using the COMPOSER_PREFER_STABLE environment variable, but perhaps what I am actually looking for is something like an --ignore-stability option.

@localheinz localheinz changed the title Installing with COMPOSER_PREFER_STABLE=0 and --dry-run fails Installing with COMPOSER_PREFER_STABLE=0 and --dry-run fails when the minimum stability is stable and package is not stable Oct 12, 2022
@localheinz localheinz changed the title Installing with COMPOSER_PREFER_STABLE=0 and --dry-run fails when the minimum stability is stable and package is not stable Installing with COMPOSER_PREFER_STABLE=0 and --dry-run fails when minimum stability is stable and package is not stable Oct 12, 2022
@Seldaek Seldaek added this to the 2.4 milestone Oct 13, 2022
@Seldaek Seldaek added the Bug label Oct 13, 2022
@Seldaek
Copy link
Member

Seldaek commented Oct 13, 2022

It is in fact unrelated to prefer stable. The issue is that when requiring a package with an explicit dev version like dev-latest, and your minimum-stability is <dev, composer notices you ask explicitly for dev there and it changes the minimum stability for that package to dev. Now in --dry-run the composer.json is not modified, so that does not happen as the constraint isn't there yet when loading the root package. The constraint then gets added to it in memory before passing it to the solver, but the flags weren't being extracted from the new constraints.

emahorvat52 pushed a commit to emahorvat52/composer that referenced this issue Feb 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants