Github 上 composer/composer 的最新 issue 回應 https://github.com/composer/composer/issues Github 上 composer/composer 的最新 issue 回應 en-us Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-608075827 @roygoldman thanks for clarifying, I wasn't familiar with that detail of the sorting algorithm. I'm satisfied that if we just get unit tests on this then a more extensive rework isn't necessary for now. https://github.com/composer/composer/pull/8723#issuecomment-608075827 Fri, 03 Apr 2020 04:06:40 +0800 Re: Composer would not downgrade a dependency on require https://github.com/composer/composer/issues/7329#issuecomment-608071679 This is fixed now by #8717 https://github.com/composer/composer/issues/7329#issuecomment-608071679 Fri, 03 Apr 2020 03:57:02 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-608051714 @Seldaek Side note regarding the Travis status from the build not being reported back to this PR: A logout and re-login on Travis helped me to resolve this issue. Maybe this helps here as well.<br /> <br /> I'll come up with some unit test for the PackageSorter then https://github.com/composer/composer/pull/8723#issuecomment-608051714 Fri, 03 Apr 2020 03:13:02 +0800 Re: Github funding info is not properly refreshed when coming from the global repo https://github.com/composer/composer/issues/8732#issuecomment-607917479 Refs #8731 https://github.com/composer/composer/issues/8732#issuecomment-607917479 Thu, 02 Apr 2020 23:30:25 +0800 Re: Funding doesn't properly handle missing "url" https://github.com/composer/composer/issues/8731#issuecomment-607912057 Well, packagist rejects the update now. But the validation was added after the invalid data was entered. https://github.com/composer/composer/issues/8731#issuecomment-607912057 Thu, 02 Apr 2020 23:21:47 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-607882480 @roygoldman I think you might be right, and as per https://github.com/composer/composer/pull/8723#issuecomment-606606957 all I wish for really is to have tests proving this so we can make sure it's correct and especially doesn't get broken in the future. https://github.com/composer/composer/pull/8723#issuecomment-607882480 Thu, 02 Apr 2020 22:32:09 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-607875495 To clarify a few bits of my understanding, my issue in #8320 is focused more on the plugin loading order, and reordering the packages likely wouldn't solve those issues. Before the change in #2644, I was able to effect the plugin loading order by adding my project earlier in the root dependency list. I don't think fixing the sorting will cause a significant effect on #8320, but I'll try and test it out today.<br /> <br /> > That would be really bad. So this should also be part of the test case: i.e. ensuring that if acquia/blt depends on composer/installers, composer/installers gets loaded prior to acquia/blt even if 1000 other packages depend on acquia/blt<br /> <br /> Regarding sort order, [based on the code](https://github.com/composer/composer/blob/d4150cafc46ccea244ec6fc4ea7519a0afe85aee/src/Composer/Util/PackageSorter.php#L30), `composer/installers` should always get loaded before `acquia/blt`, which is determined by subtracting the `acquia/blt` weight from `composer/installers'`. For example if blt has a weight of 1000, then installer's should be `1 - 1000` or `-999`. Items are then sorted in lowest to highest order. This should in theory, however do to the fact that packages are sorted starting from the root, if `composer/installers` is only required by `acquia/blt` then installer's is only reached by way of blt, who's weight will be evaluated as `0` resulting in `composer/installers` being weight 1, which only by convince is lower then blt's 1000. This algorithm should result in packages which are "required" by the most packages being loaded earlier then packages which only required once. This should also enforce that any package which is a dependency should get loaded earlier then any dependents, so I'm unsure there is an issue with the algorithm.<br /> <br /> I think the issue here is that the referenced [refactoring of the package sorter](https://github.com/composer/composer/commit/266a41e0464c8ccf23949e3794189dc4ccf3caba) broke the sorting algorithm, right? The proposed changes in this pr should bring us back to a correctly sorted package list. https://github.com/composer/composer/pull/8723#issuecomment-607875495 Thu, 02 Apr 2020 22:20:05 +0800 Re: Funding doesn't properly handle missing "url" https://github.com/composer/composer/issues/8731#issuecomment-607875118 Some validation there wouldn't hurt though, as this is data from external sources and you can't be sure about its formatting. https://github.com/composer/composer/issues/8731#issuecomment-607875118 Thu, 02 Apr 2020 22:19:24 +0800 Re: Funding doesn't properly handle missing "url" https://github.com/composer/composer/issues/8731#issuecomment-607870927 It looks like there is an issue with Github. Sentry fixed their URL in https://github.com/getsentry/.github/blob/master/FUNDING.yml but when I force an update of the package on packagist, it still see the old value. https://github.com/composer/composer/issues/8731#issuecomment-607870927 Thu, 02 Apr 2020 22:12:06 +0800 Re: Experiment: External Dependency Solver https://github.com/composer/composer/issues/6685#issuecomment-607868121 Sadly I think resources aren't going to permit to finish this for 2.0, so moving it off the core milestone. https://github.com/composer/composer/issues/6685#issuecomment-607868121 Thu, 02 Apr 2020 22:06:55 +0800 Re: Locked indirect dependency breaks installing additional packages https://github.com/composer/composer/issues/8355#issuecomment-607851105 Okay so after discussing this further, there are just too many unpredictable consequences to automatically marking additional packages for an update if you're updating just one package. So instead we're now displaying a clear message at the end if we detect a problem likely to be fixable in this way:<br /> <br /> ```<br /> Loading composer repositories with package information<br /> Updating dependencies<br /> Your requirements could not be resolved to an installable set of packages.<br /> <br /> Problem 1<br /> - current/dep is locked to version 1.0.0 and an update of this package was not requested.<br /> - new/pkg 1.0.0 can not be installed as that would require removing current/dep 1.0.0. new/pkg replaces current/dep and can thus not coexist with it.<br /> - Root composer.json requires new/pkg 1.* -> satisfiable by new/pkg[1.0.0].<br /> <br /> Use the option --with-all-dependencies to allow updates and removals for packages currently locked to specific versions.<br /> ```<br /> <br /> So the problem in this issue can be resolved by using `composer require symfony/symfony:^4.4 --[update-]with-dependencies`. https://github.com/composer/composer/issues/8355#issuecomment-607851105 Thu, 02 Apr 2020 21:35:55 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-607834609 > Another thing to consider with weighing, is that there can be circular dependencies, in that case it can be tricky to determine an order, and a general "which is most required" can be a good result perhaps.<br /> <br /> Very good point. If we're going to change this for Composer 2.0 only anyway, how about introducing new directives for plugin execution order and autoload build order (or maybe only one of them)? I'm not sure though if this helps to clear up things or increases complexity even more. https://github.com/composer/composer/pull/8723#issuecomment-607834609 Thu, 02 Apr 2020 21:06:15 +0800 Re: Locked indirect dependency breaks installing additional packages https://github.com/composer/composer/issues/8355#issuecomment-607830656 @andig allowlist (formerly whitelist) is what we call the list of packages which you supply as arguments to a composer update command (e.g. composer update foo/bar baz/qux, the allowlist would be foo/bar, baz/qux). If you run composer require foo/bar, it actually edits composer.json require to add foo/bar and then runs composer update foo/bar, so a partial update with a single element allowlist [foo/bar] https://github.com/composer/composer/issues/8355#issuecomment-607830656 Thu, 02 Apr 2020 20:58:55 +0800 Re: Locked indirect dependency breaks installing additional packages https://github.com/composer/composer/issues/8355#issuecomment-607827477 Just to be sure: these `whitelist` `allowlist-packages` are composer-internal structures, nothing that would need to be considered in `composer.json`? From user side these are indirect dependencies that I wouldn't care about. https://github.com/composer/composer/issues/8355#issuecomment-607827477 Thu, 02 Apr 2020 20:52:56 +0800 Re: Locked indirect dependency breaks installing additional packages https://github.com/composer/composer/issues/8355#issuecomment-607807367 My understanding was that we wanted to change this behavior if you use --update-with-dependencies, but indeed I can't really come up with a scenario where I wouldn't want this to happen. I'll make another PR. https://github.com/composer/composer/issues/8355#issuecomment-607807367 Thu, 02 Apr 2020 20:10:54 +0800 Re: Update whitelisting does not correctly whitelist dependencies of new packages to be installed https://github.com/composer/composer/issues/5438#issuecomment-607806957 Fixed by #8717 https://github.com/composer/composer/issues/5438#issuecomment-607806957 Thu, 02 Apr 2020 20:10:01 +0800 Re: Locked indirect dependency breaks installing additional packages https://github.com/composer/composer/issues/8355#issuecomment-607805413 @naderman even after your PR, this still fails to update:<br /> <br /> ```<br /> composer require php-pm/httpkernel-adapter<br /> [... installing successfully...]<br /> composer require symfony/symfony:^4.4<br /> <br /> Problem 1<br /> - Only one of these can be installed: symfony/symfony[v4.4.0, v4.4.1, v4.4.2, v4.4.3, v4.4.4, v4.4.5, v4.4.6, v4.4.7], symfony/console[v4.4.7]. symfony/symfony replaces symfony<br /> /console and can thus not coexist with it.<br /> - symfony/console is locked to version v4.4.7 and an update of this package was not requested.<br /> - Root composer.json requires symfony/symfony ^4.4 -> satisfiable by symfony/symfony[v4.4.7, v4.4.6, v4.4.5, v4.4.4, v4.4.3, v4.4.2, v4.4.1, v4.4.0].<br /> ```<br /> <br /> It works if I add --update-with-dependencies (btw still should add the --with-dependencies alias, but I can do that, note to self..), but I thought according to the above we agreed it should always happen for packages replaced by allowlist-packages, since they can't possibly be installed if the replaced one doesn't get removed? https://github.com/composer/composer/issues/8355#issuecomment-607805413 Thu, 02 Apr 2020 20:06:39 +0800 Re: Composer v2: Pool/Solver/Repo/Installer Tasks https://github.com/composer/composer/issues/7630#issuecomment-607768684 The only item left here is to now try and build further optimizations into the pool builder, which is tracked in separate issues and can also continue to be improved upon in future 2.x releases without breaking BC or changing any interfaces. Ticket e.g. https://github.com/composer/composer/pull/8295 https://github.com/composer/composer/issues/7630#issuecomment-607768684 Thu, 02 Apr 2020 18:44:45 +0800 Re: Why is Composer Install Failing All of the Sudden? https://github.com/composer/composer/issues/8710#issuecomment-607710536 If you have an invalid token, you still get the message. You can delete your global token like this:<br /> <br /> ```sh<br /> composer config -g --unset github-oauth.github.com<br /> ``` https://github.com/composer/composer/issues/8710#issuecomment-607710536 Thu, 02 Apr 2020 16:48:39 +0800 Re: Move processing of partial update argument list into the pool builder https://github.com/composer/composer/pull/8717#issuecomment-607535229 Also fixed the lock file generation to only lock composer.json aliases which are actually in use in the lock file. This prevents a partial update from adding aliases to the lock file for packages which were not updated and did not previously have the alias. Currently the alias wouldn't have been used in resolution, it would have only gotten written to the lock file, resulting in the next partial update using the alias as input, which could potentially have lead to hard to debug issues. https://github.com/composer/composer/pull/8717#issuecomment-607535229 Thu, 02 Apr 2020 07:15:33 +0800 Re: Unable to install Laravel through composer 400 bad request on http https://github.com/composer/composer/issues/4261#issuecomment-607526964 same with you. and i found the way to resolve it (for window 10) on internet. <br /> 1 - go to folder PATH\xampp\apache <br /> and run makecert.bat<br /> 2 - add this script to composer.json file<br /> <br /> <br /> "repositories": [<br /> {<br /> "type": "composer",<br /> "url": "https://packagist.org"<br /> },<br /> {<br /> "packagist": false<br /> }<br /> ] https://github.com/composer/composer/issues/4261#issuecomment-607526964 Thu, 02 Apr 2020 06:47:10 +0800 Re: Composer 1.10.1 Not Following Redirects? https://github.com/composer/composer/issues/8725#issuecomment-607400318 Been playing with this today and can no longer get the redirect issue to occur in version 1.10.1 so I'll close this ticket. https://github.com/composer/composer/issues/8725#issuecomment-607400318 Thu, 02 Apr 2020 01:55:08 +0800 Re: Ecosystem Upgrade: Composer Plugin Readiness for 2.0 https://github.com/composer/composer/issues/8726#issuecomment-607331614 @Seldaek Suggestion: make this a "pinned" issue ;-) https://github.com/composer/composer/issues/8726#issuecomment-607331614 Wed, 01 Apr 2020 23:50:50 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-607321662 Yeah I'd rather hold it up and get a correct solution into 2.0 if it comes to that, than switching the order around again in a point release.<br /> <br /> Another thing to consider with weighing, is that there can be circular dependencies, in that case it can be tricky to determine an order, and a general "which is most required" can be a good result perhaps.<br /> <br /> This is also used to sort autoload rules IIRC, which has slightly different effect than with installs where mostly plugins matter. For autoloading it's more about sorting "files" autoload rules. Might be outdated info tho I haven't checked.. Just brain dumping here in case that helps. https://github.com/composer/composer/pull/8723#issuecomment-607321662 Wed, 01 Apr 2020 23:34:26 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-607316277 Yeah, I think the dependency sorter needs to change to ensure that packages with dependencies get loaded only after those dependencies are loaded. Otherwise I don't know how we prevent issues like #8085 <br /> <br /> The algorithm to do this wouldn't be so hard to implement, I don't think. Let me know if you think this is a good idea and/or want help. For most users, it's possible that packages would more or less be sorted the same way, since I expect the number of dependencies roughly correlates with the actual dependency tree.<br /> <br /> I know this PR is more strictly a bug fix so I don't necessarily want to hold it up, but I do want to ensure it's not going to cause a regression like #8320 https://github.com/composer/composer/pull/8723#issuecomment-607316277 Wed, 01 Apr 2020 23:25:35 +0800 Re: Composer can not find composer.json file https://github.com/composer/composer/issues/8325#issuecomment-607299779 It's OneDrive! Thank you Microsoft :D https://github.com/composer/composer/issues/8325#issuecomment-607299779 Wed, 01 Apr 2020 22:58:00 +0800 Re: [ErrorException] file_get_contents(./composer.json): failed to open stream: No such file or directory https://github.com/composer/composer/issues/6854#issuecomment-607285625 I had this same error with phpStorm<br /> > file_get_contents(./composer.json): failed to open stream: No such file or directory<br /> ~~I resolved (wtf) with creation of new project but in the same windows (not a new, not attached)!<br /> It was pertaining with container helper, but I don't know more :(~~<br /> It is really OneDrive :'( ! https://github.com/composer/composer/issues/6854#issuecomment-607285625 Wed, 01 Apr 2020 22:33:06 +0800 Re: Composer Install Exception with local repository https://github.com/composer/composer/issues/8679#issuecomment-607187763 Ah thanks for the link to https://github.com/franzliedke/studio <br /> <br /> But as they say<br /> <br /> > Under the hood, it uses Composer's path repositories to do so. As a result, you won't have to develop in the vendor directory.<br /> <br /> I'm not sure if this will still working with the new limitation. I'll try.... <br /> <br /> And I agree with you in <br /> > run update on different machines obtaining different results<br /> <br /> should be avoided. But I'm really amazed that I can't find more hints on dev-scenarios with composer. (getting instant bundle changes but keep ```composer update/install``` still working..) (Maybe [studio](https://github.com/franzliedke/studio ) is a way) https://github.com/composer/composer/issues/8679#issuecomment-607187763 Wed, 01 Apr 2020 19:14:45 +0800 Re: Fix package sorting https://github.com/composer/composer/pull/8723#issuecomment-607160371 > Anyway, I absolutely agree we need an automated unit test for PackageSorter<br /> <br /> I agree as well.<br /> <br /> > That would be really bad. So this should also be part of the test case: i.e. ensuring that if acquia/blt depends on composer/installers, composer/installers gets loaded prior to acquia/blt even if 1000 other packages depend on acquia/blt<br /> <br /> If this really is the expectation, then the dependency sorting must be done differently, not by counting the references.<br /> <br /> > I feel like every six months someone has a problem with the way things are sorted, messes around with the sort function, then everyone else is unhappy.<br /> <br /> Yeah. When I was researching the history of this bug, I indeed found a ton of changes in this area. To help out a bit more here (write tests), I need to dive deeper into the use cases people needed to have covered. https://github.com/composer/composer/pull/8723#issuecomment-607160371 Wed, 01 Apr 2020 18:11:00 +0800 Re: Composer Install Exception with local repository https://github.com/composer/composer/issues/8679#issuecomment-607145588 Ah ok now I get your point.. how about defining it with a relative path instead of absolute? Or using `~/foo` at least to make it relative to HOME/user dir, that should work on windows too.<br /> <br /> Anyway, IMO this is still a misuse of this feature.. the point as I already said is not to have optional repos and run update on different machines obtaining different results. For developing dependencies locally either you can work in the vendor dir using a --prefer-source install (so you have the git data in vendor), or you can use https://github.com/franzliedke/studio which does something more advanced with symlinks etc, might be more what you are looking for. https://github.com/composer/composer/issues/8679#issuecomment-607145588 Wed, 01 Apr 2020 17:38:15 +0800