Github 上 composer/composer 的最新 issue 回應 https://github.com/composer/composer/issues Github 上 composer/composer 的最新 issue 回應 en-us Re: Set COMPOSER_AUTH with ssh key for git clone https://github.com/composer/composer/issues/8541#issuecomment-577596449 Just write it in a temp file before :) https://github.com/composer/composer/issues/8541#issuecomment-577596449 Thu, 23 Jan 2020 17:23:33 +0800 Re: Set COMPOSER_AUTH with ssh key for git clone https://github.com/composer/composer/issues/8541#issuecomment-577590819 @Toflar Thank you for response. I did try that but could not found in the `ssh` command a way to read the key out of a ENVIRONMENT variable it seems `ssh -i identy_file` is the only way to set the ssh key file but I'm searching for a solution to set only ENV vars or is there a direct way to specify in the `ssh` command the ssh key? https://github.com/composer/composer/issues/8541#issuecomment-577590819 Thu, 23 Jan 2020 17:08:50 +0800 Re: Require-dev `"ext-sqlite3": "*"` does not match on Windows PHP 7.3.12 with sqlite 3.28.0 loaded https://github.com/composer/composer/issues/8547#issuecomment-577575884 Ah, I see things work with `"ext-pdo_sqlite": "*",`<br /> <br /> Now to check if that is enough for Laravel Lumen's phpunit scripts to use SQLite. https://github.com/composer/composer/issues/8547#issuecomment-577575884 Thu, 23 Jan 2020 16:23:34 +0800 Re: Set COMPOSER_AUTH with ssh key for git clone https://github.com/composer/composer/issues/8541#issuecomment-577535224 Try using the git environment variable `GIT_SSH_COMMAND`. https://github.com/composer/composer/issues/8541#issuecomment-577535224 Thu, 23 Jan 2020 15:09:59 +0800 Re: Introduce "safe mode" to isolate security concern https://github.com/composer/composer/issues/8543#issuecomment-577522057 @stof much thanks for that. I have updated to account for that. https://github.com/composer/composer/issues/8543#issuecomment-577522057 Thu, 23 Jan 2020 14:14:42 +0800 Re: [RFC] Add autoloader root directory config https://github.com/composer/composer/issues/8387#issuecomment-577366624 > This is a best practice as having vendors in the webroot mean people can easily access your dependencies which might reveal vulnerable software etc.<br /> <br /> Thanks for the advice, I did not know that.<br /> <br /> However, unfortunately, this is not a good solution on its own - I can't set the webroot to `src/php` as the files in `src` are sources - not build artifacts. And the web/app needs to run from the build artifacts, not the sources... Any other ideas? Solving this without needing to add anything would of course be preferable...<br /> <br /> https://github.com/composer/composer/issues/8387#issuecomment-577366624 Thu, 23 Jan 2020 04:17:19 +0800 Re: Implemented php version check in autoload.php https://github.com/composer/composer/pull/8546#issuecomment-577175759 The code generation currently just generates `return true;` for unbound constraints. Of course compiling into one file would be possible but not really the way the semver PR is currently built. https://github.com/composer/composer/pull/8546#issuecomment-577175759 Wed, 22 Jan 2020 21:13:56 +0800 Re: Implemented php version check in autoload.php https://github.com/composer/composer/pull/8546#issuecomment-577175145 But yeah for most extensions I guess we just check presence, then again any unbounded constraint can just be skipped for code generation anyway? https://github.com/composer/composer/pull/8546#issuecomment-577175145 Wed, 22 Jan 2020 21:12:12 +0800 Re: Implemented php version check in autoload.php https://github.com/composer/composer/pull/8546#issuecomment-577174896 @Toflar Well I'd compile the check into a single file anyway, no need for multiple files? https://github.com/composer/composer/pull/8546#issuecomment-577174896 Wed, 22 Jan 2020 21:11:33 +0800 Re: Implemented php version check in autoload.php https://github.com/composer/composer/pull/8546#issuecomment-577173765 From my experience, most devs tend to only require `"ext-foobar": "*"` so it would most likely end up in unbound comparisons anyway. And we'd have quite some files to include 😄 https://github.com/composer/composer/pull/8546#issuecomment-577173765 Wed, 22 Jan 2020 21:08:43 +0800 Re: Implemented php version check in autoload.php https://github.com/composer/composer/pull/8546#issuecomment-577173054 Should we do this just for PHP or also all extensions? https://github.com/composer/composer/pull/8546#issuecomment-577173054 Wed, 22 Jan 2020 21:06:42 +0800 Re: validate: suggest composer update --lock https://github.com/composer/composer/pull/8508#issuecomment-577130677 Indeed, if the lock file is out of date because someone used to edit `package.json` directly to bump a dependency, proper would for them to run `composer update <package>`. https://github.com/composer/composer/pull/8508#issuecomment-577130677 Wed, 22 Jan 2020 19:07:13 +0800 Re: Introduce "safe mode" to isolate security concern https://github.com/composer/composer/issues/8543#issuecomment-577089804 Composer plugins are still able to hook into other commands, including read-only ones. As soon as you have plugins installed, they might all be unsafe commands by this definition. https://github.com/composer/composer/issues/8543#issuecomment-577089804 Wed, 22 Jan 2020 17:28:02 +0800 Re: One autoload.files is not present in vendor/composer/autoload_files.php https://github.com/composer/composer/issues/8542#issuecomment-576752357 For people reaching this issue, the quick fix is to add the final deps directly in the composer.json<br /> <br /> ```<br /> composer require laminas/laminas-zendframework-bridge<br /> ```<br /> <br /> https://github.com/composer/composer/issues/8542#issuecomment-576752357 Wed, 22 Jan 2020 00:05:34 +0800 Re: [RFC] Add autoloader root directory config https://github.com/composer/composer/issues/8387#issuecomment-576689294 What you need to configure here is your webhosting's webroot to point to `src/php/` so it can find index.php at the root, but vendors are *not* present within the webroot. This is a best practice as having vendors in the webroot mean people can easily access your dependencies which might reveal vulnerable software etc. https://github.com/composer/composer/issues/8387#issuecomment-576689294 Tue, 21 Jan 2020 21:47:37 +0800 Re: [RFC] Add autoloader root directory config https://github.com/composer/composer/issues/8387#issuecomment-576660736 > And IIRC, composer uses the shortest relative path possible for that. So with your own code in `app/MyApp` and the vendors in `app/vendor`, `autoload_static.php` may already have the expected `../MyApp` path (to be confirmed). So the second case my already be solved.<br /> <br /> I've tried it and can confirm that that works. That leaves the first issue which I would like to solve<br /> <br /> I have a git repo of the following:<br /> ```<br /> ├── composer.php<br /> ├── src<br /> │ ├── php<br /> │ │ ├── index.php<br /> │ │ └── MyApp<br /> │ │ └── MyClass.php<br /> │ └── js<br /> │ └── ...<br /> ├── vendor<br /> └── ...<br /> ```<br /> <br /> I would like to create (with any build system, I don't really care) a `dist` directory which I could upload to a webhosting (it being a build artifact as @alcohol pointed out). I imagined it being of the sort:<br /> <br /> ```<br /> ├── index.php<br /> ├── MyApp<br /> │ └── MyClass.php<br /> ├── js<br /> └── ...<br /> └── vendor<br /> └── ...<br /> ```<br /> <br /> But, by now, the path from `vendor/composer/autoload_static.php` to `MyApp/MyClass.php` has changed. So the autoloading would no longer work. But with the proposed new config parameter, I could set <br /> ```json<br /> "config": {<br /> "autoloader-root-dir": "src/php/"<br /> }<br /> ```<br /> and then autoloading would work in the build artifact directory.<br /> <br /> Why not just use `vendor-dir` then? Because that would require me putting the `vendor` dir in `src/php`. But the `vendor` dir **is not** source code for me - therefore, I wouldn't want it in the `src` directory.<br /> <br /> Clearer now? I think the exact organization of the `dist` directory could be different a bit, but the overall idea would stay the same. I'd like to hear your thoughts on this. https://github.com/composer/composer/issues/8387#issuecomment-576660736 Tue, 21 Jan 2020 20:32:01 +0800 Re: SHA384 is not supported by your openssl extension, https://github.com/composer/composer/issues/7802#issuecomment-576640995 Also faced an issue:<br /> `Unable to write keys.dev.pub to: /home/apps/.composer`<br /> <br /> Solved by:<br /> `sudo chown apps:apps -R /home/apps/.composer/`<br /> <br /> (change `apps` to your username) https://github.com/composer/composer/issues/7802#issuecomment-576640995 Tue, 21 Jan 2020 19:30:13 +0800 Re: Change only modified files for docker caching https://github.com/composer/composer/pull/8529#issuecomment-576548773 I merge when I have time thank you please refrain from asking every day it just wastes more of my time. https://github.com/composer/composer/pull/8529#issuecomment-576548773 Tue, 21 Jan 2020 15:12:55 +0800 Re: Change only modified files for docker caching https://github.com/composer/composer/pull/8529#issuecomment-576545964 @Seldaek , hello!<br /> Do you have any comments on this PR?<br /> <br /> Or can your merge it to master branch? https://github.com/composer/composer/pull/8529#issuecomment-576545964 Tue, 21 Jan 2020 15:03:11 +0800 Re: [solver] Optimization idea: detect common dependency layouts https://github.com/composer/composer/issues/7643#issuecomment-576298894 I'm moving this back over to 2.0 milestone. I think for a first 2.0 version, we already have a fair few optimizations in place and this looks rather complex, but like something we can tackle independently after all the improvements we already made without any BC breaks. https://github.com/composer/composer/issues/7643#issuecomment-576298894 Mon, 20 Jan 2020 22:28:56 +0800 Re: Append the bin dir on each listener iteration https://github.com/composer/composer/pull/8538#issuecomment-576221138 Thanks @Seldaek, I've fixed and pushed, can you double-check? There are still some fails, unrelated to my changes AFAIK.<br /> <br /> Just for curiosity, why did you choose AppVeyor over TravisCI? Any special reason? https://github.com/composer/composer/pull/8538#issuecomment-576221138 Mon, 20 Jan 2020 18:57:57 +0800 Re: Request jobs replaced by root require / fixed package https://github.com/composer/composer/pull/8537#issuecomment-576178873 @Seldaek todos are for more cleanup, would merge this as-is and address more of them with further error handling improvements https://github.com/composer/composer/pull/8537#issuecomment-576178873 Mon, 20 Jan 2020 17:13:19 +0800 Re: feat: add --no-bin option https://github.com/composer/composer/issues/8539#issuecomment-576154701 I don't really see this as valuable enough to add a new flag.. This adds clutter and the commands already have tons of arguments. Having a few extra files/symlinks on your deployment server doesn't seem like that big a deal. <br /> <br /> Alternatively you could perhaps set bin-dir in the config to /dev/null, maybe it fixes it for you. https://github.com/composer/composer/issues/8539#issuecomment-576154701 Mon, 20 Jan 2020 16:06:51 +0800 Re: Change only modified files for docker caching https://github.com/composer/composer/pull/8529#issuecomment-576119627 @Seldaek , hello!<br /> Do you have any comments on this PR? https://github.com/composer/composer/pull/8529#issuecomment-576119627 Mon, 20 Jan 2020 14:00:42 +0800 Re: Append the bin dir on each listener iteration https://github.com/composer/composer/pull/8538#issuecomment-576074074 Not sure why the test is not passing on AppVeyor though, it seems to be something with the filesystem functions that I've used. Any ideas? https://github.com/composer/composer/pull/8538#issuecomment-576074074 Mon, 20 Jan 2020 09:38:00 +0800 Re: When installing vendor binaries the path does not get updated https://github.com/composer/composer/issues/5522#issuecomment-576072124 Fixed on https://github.com/composer/composer/pull/8538 https://github.com/composer/composer/issues/5522#issuecomment-576072124 Mon, 20 Jan 2020 09:24:02 +0800 Re: Request jobs replaced by root require / fixed package https://github.com/composer/composer/pull/8537#issuecomment-576061813 Maybe this actually added a bug that trips up phpstan's analyzing of the installed.json file, will need to try and reproduce locally. https://github.com/composer/composer/pull/8537#issuecomment-576061813 Mon, 20 Jan 2020 07:55:12 +0800 Re: Request jobs replaced by root require / fixed package https://github.com/composer/composer/pull/8537#issuecomment-576055074 The PHPStan test failure is rather odd? Looks like a phpstan bug rather than one in my code?<br /> <br /> ```<br /> PHP Notice: Undefined index: name in phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php on line 113<br /> Notice: Undefined index: name in phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php on line 113<br /> PHP Fatal error: Uncaught TypeError: Argument 1 passed to PHPStan\Reflection\BetterReflection\SourceLocator\ComposerJsonAndInstalledJsonSourceLocatorMaker::PHPStan\Reflection\BetterReflection\SourceLocator\{closure}() must be of the type array, bool given in phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php:43<br /> Stack trace:<br /> #0 [internal function]: PHPStan\Reflection\BetterReflection\SourceLocator\ComposerJsonAndInstalledJsonSourceLocatorMaker->PHPStan\Reflection\BetterReflection\SourceLocator\{closure}(true)<br /> #1 phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php(45): array_map(Object(Closure), Array)<br /> #2 phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/BetterReflectionSourceLocatorFactory.php(70): PHPStan\Reflection\BetterReflection\ in phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php on line 43<br /> Fatal error: Uncaught TypeError: Argument 1 passed to PHPStan\Reflection\BetterReflection\SourceLocator\ComposerJsonAndInstalledJsonSourceLocatorMaker::PHPStan\Reflection\BetterReflection\SourceLocator\{closure}() must be of the type array, bool given in phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php:43<br /> Stack trace:<br /> #0 [internal function]: PHPStan\Reflection\BetterReflection\SourceLocator\ComposerJsonAndInstalledJsonSourceLocatorMaker->PHPStan\Reflection\BetterReflection\SourceLocator\{closure}(true)<br /> #1 phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php(45): array_map(Object(Closure), Array)<br /> #2 phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/BetterReflectionSourceLocatorFactory.php(70): PHPStan\Reflection\BetterReflection\ in phar:///home/travis/build/composer/composer/vendor/phpstan/phpstan/phpstan/src/Reflection/BetterReflection/SourceLocator/ComposerJsonAndInstalledJsonSourceLocatorMaker.php on line 43<br /> ``` https://github.com/composer/composer/pull/8537#issuecomment-576055074 Mon, 20 Jan 2020 06:34:39 +0800 Re: Archive Format 'zip' in composer.json not working but does via command line argument https://github.com/composer/composer/issues/8536#issuecomment-575963130 FYI: I ran homebrew's `brew update` and then `brew upgrade` and now my `composer diagnose` is this:<br /> <br /> ```<br /> Checking composer.json: OK<br /> Checking platform settings: OK<br /> Checking git settings: OK<br /> Checking http connectivity to packagist: OK<br /> Checking https connectivity to packagist: OK<br /> Checking github.com rate limit: OK<br /> Checking disk free space: OK<br /> Checking pubkeys: <br /> Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642<br /> Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952<br /> OK<br /> Checking composer version: OK<br /> Composer version: 1.9.2<br /> PHP version: 7.4.1<br /> PHP binary path: /usr/local/Cellar/php/7.4.1/bin/php<br /> ```<br /> <br /> But there are no changes in behavior. https://github.com/composer/composer/issues/8536#issuecomment-575963130 Sun, 19 Jan 2020 11:31:45 +0800 Re: Normalize minimum-stability `rc` to `RC` in `InitCommand` https://github.com/composer/composer/pull/8534#issuecomment-575896049 Thanks https://github.com/composer/composer/pull/8534#issuecomment-575896049 Sat, 18 Jan 2020 20:54:07 +0800