packagist
packagist copied to clipboard
composer
Cache issues calling packagist API
I think I'm experiencing the same issues as described in #1508 & #1522.
curl -I https://packagist.org/p2/zenstruck/changelog.json
HTTP/2 200
date: Sun, 06 Apr 2025 13:50:30 GMT
content-type: application/json
vary: Accept-Encoding
server: BunnyCDN-IL1-871
cdn-pullzone: 3535225
cdn-uid: 2efa5d34-cde8-4206-b9f5-369d84a45719
cdn-requestcountrycode: CA
cache-control: public, max-age=2592000
last-modified: Mon, 28 Oct 2024 17:50:48 GMT
x-content-type-options: nosniff
cdn-proxyver: 1.22
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/05/2025 18:50:26
cdn-edgestorageid: 1029
cdn-requestid: e21b182e5aa8d26df245e8e622989e4f
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 1
And missing the latest versions.
curl -I https://packagist.org/p2/zenstruck/changelog.json?break-cache
HTTP/2 200
date: Sun, 06 Apr 2025 13:52:24 GMT
content-type: application/json
vary: Accept-Encoding
server: BunnyCDN-IL1-1207
cdn-pullzone: 3535225
cdn-uid: 2efa5d34-cde8-4206-b9f5-369d84a45719
cdn-requestcountrycode: CA
cache-control: public, max-age=2592000
last-modified: Sun, 06 Apr 2025 13:27:38 GMT
x-content-type-options: nosniff
cdn-proxyver: 1.22
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 04/06/2025 13:52:24
cdn-edgestorageid: 1067
cdn-requestid: c042c825d329a3c0ecf6aa8d6bcc3bed
cdn-cache: MISS
cdn-status: 200
cdn-requesttime: 0
Adding a query param (?break-cache) gets me the correct response (with latest versions included).
Opening https://packagist.org/p2/zenstruck/changelog.json in Chrome shows the correct response.
Yeah that makes sense as you shouldn't be calling these on the root domain. If you use repo.packagist.org it'll be correctly cache busted. I'll leave this open tho because i probably should fix it or make the problem more obvious.
Both domains should now be cache busted properly. Still people should use repo.packagist.org to access metadata as that is how it is supposed to be addressed.
@Seldaek I'm bringing bad news, the issue is here again:
https://repo.packagist.org/p2/sentry/sentry.json
The latest release is 4.15.1 but packagist serves cached version with 4.15.0
Ok thanks for the ping. Altho that was another issue, but I'm on it, will try to apply a fix I was thinking of instead of blasting the whole cache so it'll have to wait a little.
@simPod can you check if it fixed it for you? Unfortunately I think this fix will only work in the future (if at all..) so probably it didn't work yet and I'll need to flush the cache once more. But I could not repro the issue here as I'm hitting another POP I guess.. so please check and if you still get outdated data also please share the full response headers you get.
Yeah I think I have a bug in my check and it purges every file on dump now even if it didn't change.. So that doesn't prove much unfortunately, but anyway still on the case :)
@Seldaek now https://repo.packagist.org/p2/symfony/web-profiler-bundle.json, there should be 7.3.3
I see these
cache-control
public, max-age=86400
cdn-cache
HIT
cdn-cachedat
08/29/2025 08:26:48
cdn-edgestorageid
1055
cdn-proxyver
1.34
cdn-pullzone
3363232
cdn-requestcountrycode
CZ
cdn-requestid
7b6d28c06908cb1a31216f155dc8dbdb
cdn-requestpullcode
200
cdn-requestpullsuccess
True
cdn-requesttime
0
cdn-status
304
cdn-uid
2efa5d34-cde8-4206-b9f5-369d84a45719
date
Sat, 30 Aug 2025 07:47:53 GMT
last-modified
Fri, 29 Aug 2025 08:05:26 GMT
server
BunnyCDN-DE1-1076
vary
Accept-Encoding
x-content-type-options
nosniff
Ok I did a full purge again to have a clean slate.. now we have to see if my fix works for future updates or not. If you notice issues again please notify with all details and I'll forward to the CDN provider.
It is interesting though that your cdn-cachedat header matched exactly the last-modified header of the NEW file. So it seems to perhaps indicate a race condition there on the cache purge/writing side. Anyway I shared all data with the CDN provider and hope we can move things further, but this highlights again how important it is to collect all headers when reporting such issues.
curl -I https://packagist.org/p2/vich/uploader-bundle.json
HTTP/2 200
date: Mon, 01 Sep 2025 08:18:34 GMT
content-type: application/json
vary: Accept-Encoding
server: BunnyCDN-DE1-1053
cdn-pullzone: 3535225
cdn-uid: 2efa5d34-cde8-4206-b9f5-369d84a45719
cdn-requestcountrycode: IT
cache-control: public, must-revalidate, max-age=2592000
last-modified: Mon, 01 Sep 2025 07:17:51 GMT
x-content-type-options: nosniff
cdn-proxyver: 1.34
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 09/01/2025 08:17:05
cdn-edgestorageid: 1075
cdn-requestid: f3f3ae561e823e8c61e77e9810548d8e
cdn-cache: HIT
cdn-status: 200
cdn-requesttime: 0
@garak is there a problem with that one? Last-modified time looks good to me
@garak is there a problem with that one? Last-modified time looks good to me
Yet on some machines I keep getting 2.7.0 as the latest version (which is 2.8.0 instead)
Ok please don't push any new code to that repo if possible, I'll ping the CDN folks with this info.. but if you have headers of a request that fails (and receives the outdated version) that would be very helpful - never mind, I can repro it using https://repo.packagist.org/p2/vich/uploader-bundle.json with the correct domain. But yeah please avoid pushing to the repo as that would risk cache busting all the evidence.