I have a project using symfony/flex in which I cannot run composer install or composer update. I also can't create a new composer project with symfony/flex as a dependency as the failure is the same. For example;
mkdir foo && cd foo && composer require symfony/flex -vvv
Always has the following output;
...
Package operations: 1 install, 0 updates, 0 removals
Installs: symfony/flex:v1.2.6
- Installing symfony/flex (v1.2.6): Reading /Users/me/.composer/cache/files/symfony/flex/17b622276922e6347ea129acd6238ae1c41d96b6.zip from cache
Loading from cache
Extracting archiveExecuting command (CWD): unzip -qq '/Users/me/projects/foo/vendor/symfony/flex/2064a553f7cdf064ba8c1b62c7087ec6' -d '/Users/me/projects/foo/vendor/composer/65215880'
Loading plugin Symfony\Flex\Flex
Downloading https://flex.symfony.com/versions.json
The download hangs for a few seconds at the point of downloading versions.json before silently failing. vendor/symfony/flex exists.
What could be the cause of this failure? My colleague can run the same command successfully so I'm assuming an issue with my local composer. I have attempted reinstall composer and clearing the cache with no success.
Edit: now when running composer update -vvv in an existing project I get the following output
...
Downloading https://repo.packagist.org/packages.json
Where it also hangs, so it looks like composer cannot download certain JSON files? Packages download fine so it doesn't look like a lack of internet.
Edit 2: I can also confirm using composer update --no-plugins does work within the existing project.
When composer isn't working as expected, you should reset it and update it like this. First
$ composer clearcache
Then update
$ composer self-update
Then run a diagnostic
$ composer diagnose
Then cd to where you have composer.json located and do
$ composer dump-autoload
Then
$ composer install
Should fix this issue. Another approach includes
$ composer update symfony/flex --no-plugins --no-scripts
Also, this can arise due to a conflict between symfony/flex and symfony/symfony. To remove that conflict follow these steps
$ composer remove symfony/symfony
then edit your composer.json file like
{
"require": {
"symfony/flex": "^1.0",
},
"conflict": {
"symfony/symfony": "*"
}
}
Old Flex infrastructure is being shut down, you need to update Flex to AT LEAST 1.17.1: symfony.com/blog/upgrade-flex-on-your-symfony-projects
To do that, you need to run:
composer update symfony/flex --no-plugins --no-scripts
Run this, solved my issue
> composer update symfony/flex --no-plugins --no-scripts
then keep this config in my composer.json
{
"require": {
"symfony/flex": "^1.1",
},
"conflict": {
"symfony/symfony": "*"
}
}
Since my experience is with the same issue and thus not deserving of a standalone Q&A, I'll just post it as an answer to this, as the core problem is exactly the same, Symfony flex servers being shut down.
In my dockered project, dependencies were not being installed during build and after some investigation I found out, that composer install would always fail due to being unable to reach the Symfony flex server. It looked like a DNS problem at first, but it ended up being a problem with Symfony flex servers being shut down and an old version (1.3) of "symfony/flex" in composer.json.
I did pretty much everything in the most upvoted answer, but
$ composer update symfony/flex --no-plugins --no-scripts
returned an error due to a dependency of the symfony/flex package hitting the API limit. However as suggested I created a Personal access token and everything went smoothly from there.
I had the same problem.
I added cloudflare dns 1.1.1.1 to my dns.
This solved it for me
Related
I have a project with the composer.lock file.
I installed packages with the command:
composer install
Now I would like to rollback that composer install command to the state as it was before running it.
How to remove all packages without affecting composer.lock file?
Is there any single composer command to do that?
I tried:
composer remove *
but I got:
[UnexpectedValueException]
"LICENSE" is not a valid alias.
I tried:
composer remove */*
But then I get bunch of print like:
bin/console is not required in your composer.json and has not been removed
Package "bin/console" listed for update is not locked.
Why composer remove * did not work at all? AFAIK the package name as VendorName/PackageName is a common convention for Packagist but not a must (if you use private repos) so how one would be able to remove all packages named IdontHaveAnySlash etc. at once?
I may use someting similar to:
for package in $(composer show | awk '{print $1}'); do composer remove --no-interaction --dev --no-install "$package"; done
But that is not a simple and single composer command.
Also composer often complains about a package being a part (dependency) of another one so composer does not uninstall it.
Removal failed, doctrine/annotations is still present, it may be required by another package. See composer why doctrine/annotations.
As my intention is to rollback to the state that did not have any package installed but only files: composer.lock and potentially composer.json I really don't care about any dependencies, packages versions, downloading repositories' urls etc.
I just want to have a project without any installed dependencies as it was before.
Is there any single composer command to do that?
My:
composer --version
is:
version 2.2.7 2022-02-25 11:12:27
Following yivi answer I created a simple test to verify:
mkdir -p /tmp/composer-install
cd /tmp/composer-install
curl -o composer.json https://raw.githubusercontent.com/composer/composer/18246212db7103d0a2688febcc336f77183275ee/composer.json
curl -o composer.lock https://raw.githubusercontent.com/composer/composer/d955458f271edb4fcc055a394f90a60a8328a2a8/composer.lock
sha1sum composer.json > composer.json.sha1
sha1sum composer.lock > composer.lock.sha1
composer install
sha1sum -c composer.json.sha1
sha1sum -c composer.lock.sha1
that outputs:
composer.json: OK
composer.lock: OK
So both composer.json and composer.lock are not affected by composer install so the only one thing to achieve the rollback (uninstall) of the composer install is to remove the vendor directory
rm -rf vendor
However as yivi mentioned:
If some other plugin (e.g Symfony Flex) makes changes to your existing files during the process, you'd better have the project on top of a version control system, in which case reverting is managed by VCS, not of composer.
I did not test against that case.
rm -rf vendor
In any case, install should not make any changes to a lockfile, so there shouldn't be anything to "revert" from an install but deleting the installed files.
If the lockfile does not originally exist, then it will be created.
If some other plugin (e.g Symfony Flex) makes changes to your existing files during the process, you'd better have the project on top of a version control system, in which case reverting is managed by VCS, not of composer.
As my intention is to rollback to the state that did not have any package installed but only files: composer.lock and potentially composer.json
For you to be able to run composer install at all, you need at the very least composer.json to exist. install reads from the lockfile (composer.lock), but requires the JSON configuration file to exist as well. If the lockfile does not exist, update will be run instead and the lockfile will be created.
I tried composer remove
remove is the opposite from require. It removes packages from composer.json, as require adds them. Not the opposite of install. There is no opposite of install, as it does not make much conceptual sense. If one needs to delete the installed project... one can always do so.
This question already has answers here:
Composer: how can I install another dependency without updating old ones?
(5 answers)
Closed 2 years ago.
I want to install zizaco/entrust package in laravel 5.8, in their github page it was said to include "zizaco/entrust": "5.2.x-dev" in composer.json file and run composer update command. I did so as below and ran composer update command.
"require" : {
"php" : "^7.1.3",
"fideloper/proxy" : "^4.0",
"laravel/framework" : "5.8.*",
"laravel/tinker" : "^1.0",
"laravel/ui" : "^1.2",
"maatwebsite/excel" : "^3.1",
"zizaco/entrust" : "5.2.x-dev"
},
but composer update command updates all packages to latest versions (these packages i included in "require" field as above) when installing zizaco/entrust package. So is if there are some coding faults in latest updated packages then whole site can break. FYI after i run the above command i see local git showing changes in many files in folders under vendor folder, it means that there are some updates in packages right?. so it's recommended that composer install command should be run so that those dependency packages will not be updated to latest versions.
So, in my case after including "zizaco/entrust": "5.2.x-dev" in require field in composer.json as above, if i run composer install then it don't install zizaco/entrust package. Furthermore, if i run composer require zizaco/entrust 5.2.x-dev then it still installs latest versions of dependency packages.
So how do i prevent installing latest versions of dependency packages i included in "require" field in composer.json file and i only install zizaco/entrust package.
So that my laravel 5.8 site don't break for updating any packages to latest versions because of malfunction codes or whatever in latest versions. It's very important to handle this scenario because we need to install packages in laravel site for various needs.
You've got two options: use composer require to specify the package to install, or manually update your composer.json file and use composer update [package].
Composer Require
composer require zizaco/entrust:5.2.x-dev
This will automatically update your composer.json file and install the specified version. This will not update any of your other dependencies. While the documentation specifies the package and version should be separated by a colon (:), I tested it with a space and it seemed to work.
Composer Update [package]
composer update zizaco/entrust
If you have manually updated your composer.json file, you will need to run composer update and specify the package to update. If you specify a package to update, only that package will be affected. When you don't specify the package to update, composer will look for updates for all packages.
A Note On Composer Install
composer install will not help you here. If you already have a composer.lock file (which you will since you're just attempting to add a new package), composer install will only look at your composer.lock file and attempt to install everything that is defined there. That means, if you manually update your composer.json file, and run composer install, it will not install the new requirement you specified.
Only when you don't already have a composer.lock file will composer install attempt to resolve dependencies and install them.
Run composer install instead. Alternatively you could use composer require <package name>.
Composer install looks in your composer.lock for exact versions, and only in composer.json for packages that are missing.
Composer update will look in composer.json for version constraint which roughly means "a range of versions". This is why different versions are getting installed.
Step 1:
You just need to add your package to the composer.json file and run the command:
composer install
composer install will check for the new package and install that, besides that it will check for any deprecation in other packages.
Step 2:
You can directly run your command in composer
composer require package/name
For example, if I need to install firebase, run below command from the project root:
composer require firebase/php-jwt
Installing new packages from the terminal automatically adds it into the composer.json file and it does not update previously installed packages.
Hope this helps!!
I am trying to use Composer to install dependancies inside a Docker container running PHP 5.6.40.
It runs, but quits and the vendor directory is always empty.
MacBook:my-app dev$ docker exec my-app_php56_1 php -d memory_limit=-1 composer.phar update -vvv --no-cache --no-plugins
Disabling cache usage
Running 1.9.0 (2019-08-02 20:55:32) with PHP 5.6.40 on Linux / 4.9.184-linuxkit
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Reading ./composer.json
Loading config file ./composer.json
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/var/www/html): git branch --no-color --no-abbrev -v
Reading /root/.composer/composer.json
Loading config file /root/.composer/composer.json
Loading composer repositories with package information
Downloading https://repo.packagist.org/packages.json
Updating dependencies (including require-dev)
Downloading http://repo.packagist.org/p/provider-2013%24b962a943715f142bd3c36c0e87b67b28b16c014a98898622ec735220b7e1ee4f.json
Downloading http://repo.packagist.org/p/provider-2014%24ecc1513d9762efcfd48fdbaf4a08f829a59093064f40b7c351f93f3fbdd07973.json
Downloading http://repo.packagist.org/p/provider-2015%24258303eff7165b17439353fe44e501a3a6d600bd5b5482c5261a2ffa2234a947.json
Downloading http://repo.packagist.org/p/provider-2016%2496e2313b5ba90c2b798b03f9e306a27c15f11f763cd6478b834943fc128fc111.json
Downloading http://repo.packagist.org/p/provider-2017%24d2ad294ebaf381b7bf68cacbe514cf2bb33c3a919b97319bfa2e2ffaa66bc511.json
Downloading http://repo.packagist.org/p/provider-2018%2466893d07acdb18bb12d5e92e062b6e3058f5d284292b09cf585bf0ceb1b26aca.json
Downloading http://repo.packagist.org/p/provider-2018-10%24ff53e18093ae3e52a84c5567489c78bf1d82d0af80f413c3d6ad35d541a28434.json
Downloading http://repo.packagist.org/p/provider-2019-01%2431194ef7551ee4bffd7cc09dd6d01dc60848afc129544438ac7931e9d42dd54e.json
...
Downloading http://repo.packagist.org/p/phpspec/phpspec%248dc959bd0ae544f84e5bceee933d9a61d0a2074b208c3b7e7807cdc320e83eee.json
Downloading http://repo.packagist.org/p/phpspec/php-diff%249b8687b7c99f069823a9ac8d17900f9c8243368ceea9a5ac4e71ab424bb6f2d5.json
Downloading http://repo.packagist.org/p/squizlabs/php_codesniffer%24386b3726c6c3ce5edde180a7881f924be5dfd720c951dc93db8455ae871e9d61.json
MacBook:my-app dev$
It then just returns nothing and the vendor directory remains empty.
I am running composer without any plugins or cache.
Finally, the exact same composer.json file works fine in my other PHP 7.1.x container.
I also wondered if the final dependancies was causing an issue so tried removing it. Still no luck.
EDIT:
I've now gone back to my PHP 7.1 container and run the exact same scripts and it works fine. Composer's output is (so the 5.6 version just dies at the point that it does the "Resolving dependencies through SAT":
...
Downloading http://repo.packagist.org/p/webmozart/assert%24f23cf2d90bee4a1a09dc1d005896d60e715bdb9ecd4531874bfc3dd3ea5908c1.json
Downloading http://repo.packagist.org/p/phpspec/phpspec%248dc959bd0ae544f84e5bceee933d9a61d0a2074b208c3b7e7807cdc320e83eee.json
Downloading http://repo.packagist.org/p/phpspec/php-diff%249b8687b7c99f069823a9ac8d17900f9c8243368ceea9a5ac4e71ab424bb6f2d5.json
Downloading http://repo.packagist.org/p/squizlabs/php_codesniffer%24386b3726c6c3ce5edde180a7881f924be5dfd720c951dc93db8455ae871e9d61.json
Resolving dependencies through SAT
Looking at all rules.
Something\'s changed, looking at all rules again (pass #16)
Dependency resolution completed in 28.879 seconds
Analyzed 21713 packages to resolve dependencies
Analyzed 1376894 rules to resolve dependencies
Resolving dependencies through SAT
Looking at all rules.
Dependency resolution completed in 0.003 seconds
Package operations: 116 installs, 0 updates, 0 removals
Installs: kylekatarnls/update-helper:1.2.0, stripe/stripe-php:v2.3.0, abraham/twitteroauth:0.6.6, ralouphie/getallheaders:3.0.3, psr/http-message:1.0.1, guzzlehttp/psr7:1.6.1, guzzlehttp/promises:v1.3.1, guzzlehttp/guzzle:6.0.2, maknz/slack:1.7.0, maknz/slack-laravel:1.0.0, sabberworm/php-css-parser:8.1.0, phenx/php-svg-lib:v0.3.2, phenx/php-font-lib:0.5.1, dompdf/dompdf:v0.8.3, vlucas/phpdotenv:v1.1.1
...
etc for everything else
From the output of your run, it seems your composer setup is using http rather than https. Run this command before installing composer:
composer config -g repo.packagist composer https://packagist.org
This question is getting a little old now so I assume you already resolved it. I had the same problem recently.
The problem appears to stem from the change of PHP version. In my case I was going from 7.1 to 7.2, which you would imagine shouldn't cause too much of an issue.
My composer update -vvv --no-cache --no-plugins output would show
Resolving dependencies through SAT
Looking at all rules.
Something's changed, looking at all rules again (pass #[forever increasing])
After attempting to install symfony/thanks
In the end I had to remove symfony/thanks from my composer.json and run again. It then gave me some problems with a few other packages that I also removed. Once I had a successful run I was then able to start adding the offending packages back to my composer.json and eventually the issue was resolved.
I assume the underlying issue was a number of conflicts in the various levels of dependencies of my packages.
I guess if anyone finds they end up removing more and more packages, the solution would be to start from the minimum possible packages (the default Laravel composer.json in my case) and start adding new packages one-by-one.
I'm trying to update my phpunit version, however it doesn't seem to be working with the regular composer install.
My composer.json file is as follows:
{
"require": {
...
},
"require-dev": {
"phpunit/phpunit": "4.*",
"phpunit/php-invoker": "^1.1",
"phpunit/dbunit": "^2.0"
}
}
And running both composer install and update as php composer.phar install and php composer.phar update (I don't have composer installed globally which might be the issue?) I get
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Nothing to install or update
When I check to see the phpunit version, I get
$ phpunit --version
PHPUnit 3.7.28 by Sebastian Bergmann.
My PHP version is 5.6 which does seem to rule out the solution from this very similar issue.
My best guess is that there is a global version of phpunit installed and overriding my local one. But I haven't been able to find any guidance as to how to fix this without making too many changes to the rest of the global environment.
The command by itself phpunit will search in your shell's path for a PHPUnit executable. A composer install will place it into the composer bin dir, which is vendor/bin by default. You can execute the script directly with ./vendor/bin/phpunit, or allow composer to execute it for you, resolving the proper path for your project with composer exec phpunit
I'm having an issue with composer.
I'm working with git in a local environment. I'm the only one developer.
When I need some more dependencies (or need to change some versions), I edit the composer.json and run composer install locally.
Everything's fine.
Then, when everything works locally, I commit my changes (including composer.json and composer.lock) and push to my production server.
A post-receive script updates the sources and runs a composer install on the remote server.
What is expected :
Composer should install the new dependencies according to the composer.lock file.
I should be happy.
What happens :
Composer is angry :
Warning: The lock file is not up to date with the latest changes in
composer.json. You may be getting outdated dependencies. Run update to
update them.
Composer removes all dependencies.
My production is broken.
I have a heart attack
I have to log in to my server via ssh and run a composer update to make things work fine, but I know that a composer update is not recommended on a production server.
Here's the output of the post-receive composer's section :
composer install
Loading composer repositories with package information
Installing dependencies (including require-dev) from lock file
Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
- Removing guzzle/guzzle (v3.9.3)
- Removing symfony/event-dispatcher (v2.7.1)
- Removing geoip/geoip (v1.15)
- Removing pimple/pimple (v3.0.0)
- Removing cocur/slugify (1.1.x-dev)
- Removing bentools/url (0.2)
- Removing bentools/simplexmlextended (1.2.0)
Generating autoload files
What am I doing wrong ?
Thanks,
Ben
This warning
Warning: The lock file is not up to date with the latest changes in composer.json, you may be getting outdated dependencies, run update to update them.
occurs when the md5sum of your composer.json differs from the one stored in the composer.lock:
{
"hash": "b15ed9405e8547867f74973ce8add172",
"packages": [ ... ]
}
Make sure your composer.json and composer.lock are identically with your local ones (compare their md5sums). I suspect that something in your deploy chain is not updating them correctly.
Make sure you added your dependencies locally with the require command:
composer require new/package ~2.5
or if composer.json was edited manually at least run
composer update new/package
after that for every additionally added package to ensure that it is added to your composer.lock properly.
Another approach:
run composer update --lock in production. This will update the hash in your lock file but won't upgrade your vendors.
Then run composer install to install the vendors from your comoser.lock.
When I need some more dependencies (or need to change some versions), I edit the composer.json and run composer install locally.
That's wrong. You can edit composer.json and then must run composer update, or you let Composer do the internal editing of the json file and just run composer require new/package (optionally with a version).
Either way, you should end up with a changed composer.json and composer.lock file, commit BOTH into your repository, and the expected outcome is that the lock file will contain all packages in the correct versions, which should be installed in production with a regular composer install run.
Note that your workflow is still very dangerous. If you push, and Github is down - how would you get the ZIPs to install?