New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Composer 1.10.11 chokes on constraints like "^2.0@dev" in unrelated projects #9191
Comments
I can confirm this error and it is breaking builds running on Travis: https://travis-ci.com/github/WordPress/WordPress-Coding-Standards/jobs/382426532 |
I'm also having this issue on our travis/local environments using |
Just in case it helps, the much smaller {
"name": "wp-coding-standards/wpcs",
"type": "phpcodesniffer-standard",
"require": {
"php": ">=5.4",
"squizlabs/php_codesniffer": "^3.5.0",
"phpcsstandards/phpcsutils": "^1.0",
"phpcsstandards/phpcsextra": "^1.0"
},
"require-dev": {
"phpcompatibility/php-compatibility": "^9.0",
"phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0",
"phpcsstandards/phpcsdevtools": "^1.0",
"php-parallel-lint/php-parallel-lint": "^1.0",
"php-parallel-lint/php-console-highlighter": "^0.5"
},
"minimum-stability": "dev",
"prefer-stable": true
} The
|
maybe related to this? |
... as there is an issue with Composer 1.10.11, which prevents the `install` from working. For more information: composer/composer#9191
I also don't have |
... as there is an issue with Composer 1.10.11, which prevents the `install` from working. For more information: composer/composer#9191
Hmm.. interesting.. it's not happening for all projects though... A build for a project which has nearly the same dependency setup as WPCS, just passed: https://travis-ci.com/github/PHPCompatibility/PHPCompatibility/jobs/382442079 {
"name" : "phpcompatibility/php-compatibility",
"description" : "A set of sniffs for PHP_CodeSniffer that checks for PHP cross-version compatibility.",
"require" : {
"php" : ">=5.4",
"squizlabs/php_codesniffer" : "^2.6 || ^3.1.0",
"phpcsstandards/phpcsutils" : "^1.0 || dev-develop"
},
"require-dev" : {
"php-parallel-lint/php-parallel-lint": "^1.2.0",
"php-parallel-lint/php-console-highlighter": "^0.5",
"phpunit/phpunit": "~4.5 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || >=9.0 <9.3.0",
"phpcsstandards/phpcsdevtools": "^1.0"
}
} The only real differences are:
|
just installed composer locally in my project and can confirm that the issue goes away when I downgrade |
looks like someone already did: composer/semver/issues/107 |
Regardless of the actual parser bug, it would be nice if composer could simply ignore entries with parse errors instead of refusing to work at all |
I already have version |
Same happening here trying to install Laravel. |
our builds are failing too: Updating dependencies (including require-dev) |
Thanks for the reports and sorry for the trouble. I'm taking a look and will try to release a patch soon. |
Thank you @Seldaek, much appreciated! ❤️ Please let us know if there is any more information you need. |
@Seldaek this issue also appears in cakephp as well: cakephp/app#807 |
A temporary fix for broken builds is to make the following setting in your pipelines: composer self-update 1.10.10 |
I believe this is a composer issue. I have created a clean composer.json only with two projects and removed composer.lock and vendor then ran
Also I grep for
|
@ayoob-lfc #9191 (comment) resolved my issues, with a SilverStripe module. This is another +1 to this being a composer issue |
Update to 1.10.12 fixes it 🎉 sudo composer self-update --1
# Updating to version 1.10.12 (1 channel).
# Downloading (100%)
# Use composer self-update --rollback to return to version 1.10.11 @Seldaek Thank your such fast work so late after full day 👍 👏 |
Sleep well @Seldaek and thank you for the fast turn-around! |
Found one of those. No rush though. Follow up issue with the details: composer/semver#109 |
It doesnt look like .12 fixes it yet:
|
Running Running
Then I updated the package definition from
and ran I'm not so sure how |
@dereuromark your issue is dupe of composer/semver#110 and has a fix already lined up. @dan2k3k4 yes version dev is invalid, it just happened to work before and got normalized as |
Alright 1.10.13 is now out with all the latest fixes.. I ran the version parser on all constraints from packagist.org and it's passing everything except |
Too bad the official docker image is currently stuck at 1.10.12 still… 😢 Thanks for keeping it updated ❤️, but if it would be built automagically on a new release, that'd be most awesome! 🚀 |
Hotfix for composer/composer#9191 because 1.10.13 of the official Composer image is not yet available.
@kdambekalns The updated image should be on its way: composer/docker@aace872 |
Great! But… the 1.10.12 image was built 12 hours ago, but that commit for 1.10.13 was done 22 hours ago. 🤔 |
Strange indeed. Maybe @alcohol knows more? |
1.10.13 Still failing for some of Drupal packages https://www.drupal.org/project/recaptcha/issues/3169913 |
@podarok see #9196 (comment) and #9195 for answers to your two points. You can use |
@Seldaek interesting and not funny. There are no answers. I see here reactive police from the composer team, but proactive should be preferred. Let's make a change, see what is failing and fix failed parts -< this is now Using composer self-update 1.10.10 is not always possible, especially when you have a huge infrastructure. Suggesting a workaround to users when there is a dependency from systems you have no controls about - bad practice. Closing all issues here just because there are admin rights - not funny. |
@ryanaslett @drumm Might have answers/a status update on the Drupal repo situation. I'd definitely like to hear what is going on there to make a more informed decision. If they are about to resolve the issue it's not worth working around it on our end IMO. |
I think the goal should be to have a robust composer that doesn't require changes from the Drupal repo side. Even if those changes should indeed be made. |
@jcnventura the issue in that case is that the drupal repository contains invalid metadata. The error being thrown is precisely coming from making Composer more robust by better detecting broken metadata rather than trating them in a garbage way with undefined result. |
Yes, but this is broken metadata introduced 4 years ago to the package (https://git.drupalcode.org/project/recaptcha/-/commit/00989c480bbab4b40253887e2e3d34bbe14dfe4a), and fixed 13 days later (https://git.drupalcode.org/project/recaptcha/-/commit/5aba53503d75500d7b12ac4945d86b9a7eaaf88f). What composer is now asking is that the project history be altered so that this wrong composer.json is fixed, when there have been multiple later packages that have valid composer.json files. I think that composer should indeed complain about broken composer.json files, but not break every install that requires an older package with broken composer.json. Maybe just totally ignore packages that have broken composer.json files and not allow them to be installed, but be perfectly fine with other versions of the same package that have valid composer.json files? |
Validity of the metadata was defined by what was implemented in the code. Changing composer to be more robust and detect those invalid, yet, previously acceptable situations is a BC break. BC breaks are fine, but hopefully would follow the typical deprecation/warning in the current version -> error in the next Major version. packages.drupal.org has been updated to fix this for recaptcha, and we'll be re-building all of our metadata to ensure that there are not other projects that we serve with formerly valid, now invalid metadata. |
A tag on the
As you can imagine, the lag introduced here could range between several hours and even a few days, since there are some manual steps involved and this is a FOSS project after all. |
Undo the hotfix for composer/composer#9191 because 1.10.13 of the official Composer image is now available.
My
composer.json
:Output of
composer diagnose
:When I run this command:
I get the following output:
And I expected this to happen:
It works fine with all prior versions. A rollback to 1.10.10 makes the error go away
The text was updated successfully, but these errors were encountered: