composer
composer copied to clipboard
composer
"composer outdated" suggest package with lower version
My composer.json:
{
"name": "php-typo/php-typo",
"description": "A command line tool to validate files do not have English typo in variables, methods, functions, ...",
"type": "library",
"license": "MIT",
"autoload": {
"psr-4": {
"PhpTypo\\PhpTypo\\": "src/"
}
},
"authors": [
{
"name": "Khalyomede",
"email": "[email protected]"
}
],
"minimum-stability": "stable",
"require": {
"php": ">=8.1.0",
"nikic/php-parser": "^4.0",
"jawira/case-converter": "^3.0",
"symfony/console": "^6.0"
},
"bin": [
"bin/php-typo"
],
"scripts": {
"php-typo": "php-typo",
"analyse": "phpstan",
"test": "pest",
"lint": "php-cs-fixer fix --diff --using-cache=no --allow-risky=yes --dry-run",
"format": "php-cs-fixer --using-cache=no --allow-risky=yes fix",
"check-updates": "composer outdated --strict --direct"
},
"require-dev": {
"phpstan/phpstan": "1.8.2",
"pestphp/pest": "1.21.3",
"friendsofphp/php-cs-fixer": "3.10.0"
},
"config": {
"allow-plugins": {
"pestphp/pest-plugin": true
}
}
}
Output of composer diagnose:
Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK git version 2.25.1
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys:
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0 87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B 0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.4.1
PHP version: 8.1.9
PHP binary path: /usr/bin/php8.1
OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
cURL version: 7.68.0 libz 1.2.11 ssl OpenSSL/1.1.1f
zip: extension present, unzip present, 7-Zip not available
When I run this command:
composer outdated --strict --direct
// or
composer run check-updates
I get the following output:
> composer outdated --strict --direct
Info from https://repo.packagist.org: #StandWithUkraine
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
jawira/case-converter v3.5.1 v1.0.0 Convert strings between 13 naming conventions: Snake case, Camel case, Pascal case, Kebab case, Ada case, Train case, Cobol case, Macro case, Uppe...
Script composer outdated --strict --direct handling the check-updates event returned with error code 1
And I expected this to happen:
No greater packages since I'm on the latest version of package "jawira/case-converter"
The output of this commands proves it
khalyomede@ubuntu:~/programming/php-typo$ composer info jawira/case-converter
name : jawira/case-converter
descrip. : Convert strings between 13 naming conventions: Snake case, Camel case, Pascal case, Kebab case, Ada case, Train case, Cobol case, Macro case, Upper case, Lower case, Sentence case, Title case and Dot notation.
keywords : Ada case, Cobol case, Macro case, Train case, camel case, dot notation, kebab case, lower case, pascal case, sentence case, snake case, title case, upper case
versions : * v3.5.1
[...]
Side note
For the moment I will ignore this package, so this is not an urgent bug.
composer outdated --strict --direct --ignore jawira/case-converter
I cannot reproduce this.. The jawira/case-converter package is not listed at all for me. Are you sure this was/is reproducible for you with Composer 2.4.1?
Yep I confirm this is reproducible (tested again now), you can check on your side by cloning https://github.com/khalyomede/php-typo (command I used below to reproduce the issue, needs Docker Compose installed)
You will need to just remove the ignore argument on composer.json before running the commands below
Before
{
"scripts": {
"check-updates": "composer outdated --strict --direct --ignore jawira/case-converter"
}
}
After
{
"scripts": {
"check-updates": "composer outdated --strict --direct"
}
}
// Old docker-compose
docker-compose run composer install
docker-compose run composer run check-updates
// New docker compose (wthout hyphen)
docker compose run composer install
docker compose run composer run check-updates
Today it gave me this
khalyomede@ubuntu:~/programming/php-typo$ docker-compose run composer run check-updates
Creating php-typo_composer_run ... done
> composer outdated --strict --direct
Info from https://repo.packagist.org: #StandWithUkraine
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
friendsofphp/php-cs-fixer v3.10.0 v3.11.0 A tool to automatically fix PHP code style
jawira/case-converter v3.5.1 v1.0.0 Convert strings between 13 naming conventions: Snake case, Camel case, Pascal case, Kebab case, Ada case, Train cas...
pestphp/pest v1.21.3 v1.22.1 An elegant PHP Testing Framework.
phpstan/phpstan 1.8.2 1.8.4 PHPStan - PHP Static Analysis Tool
phpstan/phpstan-strict-rules 1.3.0 1.4.3 Extra strict and opinionated rules for PHPStan
symfony/console v6.1.3 v6.1.4 Eases the creation of beautiful and testable command line interfaces
Script composer outdated --strict --direct handling the check-updates event returned with error code 1
khalyomede@ubuntu:~/programming/php-typo$ docker-compose run composer --version
Creating php-typo_composer_run ... done
Composer version 2.4.1 2022-08-20 11:44:50
If I run this in a git clone of your repo, I get this:
$ composer outdated --locked --strict --direct
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
friendsofphp/php-cs-fixer v3.10.0 v3.11.0 A tool to automatically fix PHP code style
nikic/php-parser v4.14.0 v4.15.1 A PHP parser written in PHP
pestphp/pest v1.21.3 v1.22.1 An elegant PHP Testing Framework.
phpstan/phpstan 1.8.2 1.8.5 PHPStan - PHP Static Analysis Tool
phpstan/phpstan-strict-rules 1.3.0 1.4.3 Extra strict and opinionated rules for PHPStan
symfony/console v6.1.3 v6.1.4 Eases the creation of beautiful and testable command line interfaces
So I don't know if it's something else on your machine (check composer config repos output to see if you have only the default {"packagist.org":{"type":"composer","url":"https://repo.packagist.org"}} or something more?), or if it's the docker version of composer somehow doing wonky things.
Thank you so much for the time spent on my issue!
I just ran this command, seems like composer url is configured correctly:
khalyomede@ubuntu:~/programming/php-typo$ docker-compose run composer config repos
Creating app_composer_run ... done
{"packagist.org":{"type":"composer","url":"https://repo.packagist.org"}}
For as how I installed composer, I start from a blank ubuntu 20 and run these commands:
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND noninteractive
# Ubuntu dependencies
RUN apt-get update --fix-missing
RUN apt-get upgrade --yes
RUN apt-get install --yes software-properties-common zip git curl
RUN add-apt-repository ppa:ondrej/php
RUN apt-get update
RUN apt-get upgrade --yes
# PHP
RUN apt-get install --yes php8.1 php8.1-zip php8.1-curl php8.1-dom
# Composer
RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
RUN php composer-setup.php
RUN php -r "unlink('composer-setup.php');"
RUN mv composer.phar /usr/local/bin/composer
The docker-compose.yml file as for reference:
version: "3"
services:
composer:
build: ./docker/php/8.1
entrypoint: composer
working_dir: /home/alpine/app
volumes:
- .:/home/alpine/app
php:
build: ./docker/php/8.1
entrypoint: php
working_dir: /home/alpine/app
volumes:
- .:/home/alpine/app
Do you see anything wrong with the way it is installed maybe?
FYI I tried to re-build my composer container with Ubuntu 22, but I still have the same issue (so we might eliminate this from the bug surface).
Nope that's very odd it looks all reasonable to me your setup. Only thing I can think of is that for some reason you get packages sorted in reverse and it then picks 1.0.0 as latest but iirc that should not have any effect on the output. I'll need to take a closer look tomorrow.
You don't have a --prefer-lowest flag or env var set anywhere right?
On your end if you can try to repro it with a smaller set of dependencies and without plug-ins (--no-plugins run to check) that would be nice to eliminate these possibilities too.
I have like the same issue
Look at phpunit/phpunit spomky-labs/aes-key-wrap php-imap/php-imap
and webtoken and phpoffice are also listed while there isn't any update for it
@MichaelBelgium please do the checks requested in the comment of @Seldaek just before yours.
I have the feeling it's something about PHP 8.1, i'm testing in a new php 8.1 environment.
Some more info
- I self updated composer to 2.4.2 (was on 2.2.4), same result
- The command i execute is
composer.phar outdated, so no other options/arguments, executing with--no-pluginsgives exactly the same result - WSL2 environment
Now comparing PHP 7.4 output with 8.1:
PHP7.4
dompdf/dompdf v1.2.1 v2.0.0 DOMPDF is a CSS 2.1 compliant HTML to PDF converter
php-imap/php-imap 4.5.3 5.0.0 Manage mailboxes, filter/get/delete emails in PHP (supports IMAP/POP3/NNTP)
phpunit/phpunit 9.5.20 9.5.24 The PHP Unit Testing framework.
PHP 8.1
dompdf/dompdf v1.2.2 v0.6.2 DOMPDF is a CSS 2.1 compliant HTML to PDF converter
php-imap/php-imap 4.5.3 3.0.20 Manage mailboxes, filter/get/delete emails in PHP (supports IMAP/POP3/NNTP)
phpunit/phpunit 9.5.24 5.2.7 The PHP Unit Testing framework.
@MichaelBelgium could be due to some missing ext or php version indeed? Try with --ignore-platform-reqs to see if it fixes it.
dompdf/dompdf 2.0.0 for ex allows php ^8.0 so it can't be due to that, but maybe you don't have ext-dom or ext-mbstring available on your php8.1 setup?
@MichaelBelgium could be due to some missing ext or php version indeed? Try with
--ignore-platform-reqsto see if it fixes it.
Oh yep it does, looks like i forgot a php extension
michael@ATH-3558-MV:~/athenasoft.kisp.devel$ bin/composer.phar outdated --ignore-platform-reqs
Info from https://repo.packagist.org: #StandWithUkraine
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
Direct dependencies required in composer.json:
dompdf/dompdf v1.2.2 v2.0.0 DOMPDF is a CSS 2.1 compliant HTML to PDF converter
php-imap/php-imap 4.5.3 5.0.0 Manage mailboxes, filter/get/delete emails in PHP (supports IMAP/POP3/NNTP)
swiftmailer/swiftmailer v6.3.0 v6.3.0 Swiftmailer, free feature-rich PHP mailer
Package swiftmailer/swiftmailer is abandoned, you should avoid using it. Use symfony/mailer instead.
Transitive dependencies not required in composer.json:
monolog/monolog 2.8.0 3.2.0 Sends your logs to files, sockets, inboxes, databases and various web services
phenx/php-svg-lib 0.4.1 0.5.0 A library to read, parse and export to PDF SVG files.
psr/simple-cache 2.0.0 3.0.0 Common interfaces for simple caching
EDIT: yeah php-mbstring wasn't installed for 8.1
We did add a warning in require when the latest version gets skipped because of platform requirements, so maybe we should do the same for outdated at least if the resulting version is lower than installed one because that's just confusing.
Note that if the lowest is lower than the installed one, it also means that composer check-platform-reqs would fail (and probably also composer install). Because it means that the currently installed version is considered as not being installable.
We did add a warning in
requirewhen the latest version gets skipped because of platform requirements, so maybe we should do the same for outdated at least if the resulting version is lower than installed one because that's just confusing.
Yeah that would help, but what i dont get is if an extension is required by a package. How come it didn't error about it? Becausz i installed them without errors
Install should definitely error.. but outdated isn't (at least currently) made to check for these inconsistencies.
@MichaelBelgium have you installed with exactly the same PHP runtime ? And do you have platform overrides in your config ?
@stof Yes, installed in 8.1. No install error with or without composer.lock.
No platform overrides afaik:
{
"name": "xxxxx",
"description": "xxxxxx",
"minimum-stability": "stable",
"license": "proprietary",
"repositories": [
{
"type": "composer",
"url": "https://packagist.org"
},
{
"packagist": false
}
],
"require": {
"php": ">=8.1",
"ext-apcu": "*",
"ext-bcmath": "*",
"ext-curl": "*",
"ext-dom": "*",
"ext-fileinfo": "*",
"ext-gmp": "*",
"ext-imagick": "*",
"ext-intl": "*",
"ext-json": "*",
"ext-libxml": "*",
"ext-simplexml": "*",
"ext-soap": "*",
"ext-zip": "*",
....
},
"require-dev": {
....
},
"config": {
"discard-changes": true,
"sort-packages": true
},
"autoload": {
"psr-4": {
.....
},
"classmap": [
"libraries/"
]
}
}
The project itself doesn't have mbstring required, but for example php-imaps does, does it override the platform requirements then?
the platform requirements of a set of packages are the union of the platform requirements of all those packages. So even if the root package does not have such a requirement, the project might still have it if one of its dependencies depend on it.
So if your project has php-imap/php-imap 4.5.3 in its lock file, I don't understand how composer install can succeed if you don't have mbstring (unless you use composer install --ignore-platform-reqs but then you should not complain that platform requirements are not used consistently if you don't ignore them consistently).