All geek questions in one place

Changes to composer.lock, despite the fact that "do not install or update anything"

I am confused by the behavior of Composer when I try to upgrade a single package.

Per documents and answers like this , I should be able to update one package with a command like

composer update somevendor/somepackage

My expectation when I do this is that my vendor folder and composer.lock should be left unchanged, with the exception of somevendor/somepackage and its dependencies. However, it is not. Instead, I see hashes of some packages that are not related to the one I'm updating in composer.lock . Indeed, even if I try to update a nonexistent package by flushing the keyboard:

 composer update adsfiodfsa/dsafiodsafio

... then even if Composer tells me not to update anything:

 $ composer update adsfiodfsa/dsafiodsafio Package "adsfiodfsa/dsafiodsafio" listed for update is not installed. Ignoring. Loading composer repositories with package information Updating dependencies (including require-dev) Nothing to install or update Writing lock file Generating autoload files Generating optimized class loader

... I still see that composer.lock has changed! Even stranger, the /vendor folder (which I added to my Git repository for testing) has not been changed, although the lock file seems to claim that I have different versions of some packages now:

 $ git status On branch master Your branch is up-to-date with 'origin/master'. Changes not staged for commit: (use "git add ..." to update what will be committed) (use "git checkout -- ..." to discard changes in working directory) modified: composer.lock no changes added to commit (use "git add" and/or "git commit -a")

Is this the alleged behavior or error? If this is correct, can someone explain why my composer.lock file is changing despite nothing being updated? In case this helps, running git diff on my composer.lock after the update (which does not change the provider folder) gives the following diff, which seems to explicitly state that some packages have been changed:

 diff --git a/composer.lock b/composer.lock index e2f65b9..e6c9a95 100644 --- a/composer.lock +++ b/composer.lock @@ -1,7 +1,7 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], "hash": "3d8098978270f73f9829e9d1138edef9", @@ -583,7 +583,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/dbal/zipball/9e7954694971a5fab6ebabb38f9ffeec49d0d2ad", + "url": "https://api.github.com/repos/doctrine/dbal/zipball/a0a43c0eb15ed66e71f8160b6bb25f4071ed22ca", "reference": "9e7954694971a5fab6ebabb38f9ffeec49d0d2ad", "shasum": "" }, @@ -879,7 +879,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/firebase/firebase-token-generator-php/zipball/61691f56372d32515350dd5522c78be64a0e8d60", + "url": "https://api.github.com/repos/firebase/firebase-token-generator-php/zipball/1044f9f5ec8b270dc6c073c7bf2fe67081dbfbb2", "reference": "61691f56372d32515350dd5522c78be64a0e8d60", "shasum": "" }, @@ -1076,7 +1076,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/RingPHP/zipball/dbbb91d7f6c191e5e405e900e3102ac7f261bc0b", + "url": "https://api.github.com/repos/guzzle/RingPHP/zipball/9465032ac5d6beaa55f10923403e6e1c36018d9c", "reference": "dbbb91d7f6c191e5e405e900e3102ac7f261bc0b", "shasum": "" }, @@ -1425,7 +1425,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Seldaek/monolog/zipball/bf2bff61743f20a13dc46ff1e3bbd0f19c997d2b", + "url": "https://api.github.com/repos/Seldaek/monolog/zipball/77aef55318035d37dbd4e87ea0c37a191f3e766e", "reference": "bf2bff61743f20a13dc46ff1e3bbd0f19c997d2b", "shasum": "" }, @@ -2027,7 +2027,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/log/zipball/bf2c13de4300e227d7b2fd08027673a79c519987", + "url": "https://api.github.com/repos/php-fig/log/zipball/9e45edca52cc9c954680072c93e621f8b71fab26", "reference": "bf2c13de4300e227d7b2fd08027673a79c519987", "shasum": "" }, @@ -2211,7 +2211,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/ac8b475454c120bfb31f5bef475233dd4fb6b626", + "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/21b7eb31c51d98e9da0543527a0242875f3d92b9", "reference": "ac8b475454c120bfb31f5bef475233dd4fb6b626", "shasum": "" }, @@ -2744,7 +2744,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/HttpKernel/zipball/7b1632cf2bdbc69c59a44942b70d5aae91034304", + "url": "https://api.github.com/repos/symfony/HttpKernel/zipball/31652385d94eafc2103a98435d6d5bd7eea61736", "reference": "7b1632cf2bdbc69c59a44942b70d5aae91034304", "shasum": "" }, @@ -3405,7 +3405,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpspec/phpspec/zipball/73d0335bf8473be8bcfab5a9d66adce8d0db3857", + "url": "https://api.github.com/repos/phpspec/phpspec/zipball/147ff359413be67781d1dd1f3be5d7a4d4af769a", "reference": "73d0335bf8473be8bcfab5a9d66adce8d0db3857", "shasum": "" }, @@ -3483,7 +3483,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpspec/prophecy/zipball/3132b1f44c7bf2ec4c7eb2d3cb78fdeca760d373", + "url": "https://api.github.com/repos/phpspec/prophecy/zipball/5a355f91730c845301a9e28f91c8a5053353c496", "reference": "3132b1f44c7bf2ec4c7eb2d3cb78fdeca760d373", "shasum": "" }, @@ -3543,7 +3543,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/9ef4b8cbf3e839a44a9b375d8c59e109ac7aa020", + "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/688b6a58acb19c1899dc887b1efb6403dc6dc0bd", "reference": "9ef4b8cbf3e839a44a9b375d8c59e109ac7aa020", "shasum": "" }, @@ -3861,7 +3861,7 @@ }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/74ffb87f527f24616f72460e54b595f508dccb5c", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/5034a3d9f2057a7b7d6ad03a984509dadfdda3cc", "reference": "74ffb87f527f24616f72460e54b595f508dccb5c", "shasum": "" },
+6
source share
1 answer

The readme section will indicate that you have updated your version of the composer since you created the lock file, as a result of which the basic lock metadata is updated.

How the whitelist works in the installer, each package that does not have a whitelist has a restriction updated to the installed version.

So, what happens is that each package is technically considered to be installed if there are no packages and for the correct detection and resolution of dependencies of packages with white lists. It is as if you have temporarily changed your composer.json to have explicit versions announced for every package that you did not use in the white list, and a full update is being performed.

When the lock file is regenerated, Composer\Package\Locker will iterate over all the packages that were considered for installation and pass them to Composer\Package\Dumper\ArrayDumper , which will withstand the source and dist metadata for each package to create your output.

When you have installed packages with a hash link, which is equivalent to something line by line #9e7954694971a5fab6ebabb38f9ffeec49d0d2ad for the version. Since stof points to composer / composer # 1458 , explicit hashes for the version are handled at the installer level and do not know how to create the correct dist url for them, which runs at the vcs driver level. The metadata used to create the dist url for the hash lock file comes from dev-master , so the updated api urls will be updated.

The installer does not use the dist url parameter to install the package, and the dist URL used during installation comes from the repository, which provides the package in the pool that is used by the resolver.

+1
source

Source: https://habr.com/ru/post/988623/

More articles:


All Articles