Closed oschwald closed 6 months ago
Interesting, the cause is shown in the update log:
GitHub API token requires SSO authorization. Authorize this token at https://github.com/enterprises/maxmind/sso?authorization_request=...
Updated from https://github.com/maxmind/GeoIP2-php using Composer\Repository\Vcs\GitHubDriver (via GitDriver fallback instance)
So due to your organization requiring SSO that broke our update process and it reverted to updating via git clone as the github API token was not usable.
I have now fixed it to detect those invalid tokens and bypass them instead, and have force-updated all URLs for the package so it should be all good now.
Thank you! I would have never guessed that was the cause.
Starting in 2022, our packages switched from URLs like
https://github.com/maxmind/GeoIP2-php.git
togit@github.com:maxmind/GeoIP2-php.git
in the JSON provided by Packagist:Release from 2021-11-30
Release from 2022-08-05
This has resulted in issues for some users.
We did not intentionally make any changes, and I have looked at both the package configuration on packagist.org as well as our
composer.json
file. I have not been able to determine the root cause of this. We are seeing it ongeoip2/geoip2
,maxmind/minfraud
, andmaxmind-db/reader
.I am sure we are doing something wrong or unusual. I have looked at a number of other packages hosted on GitHub and I haven't seen any that are using SSH source URLs. I don't think we changed anything on packagist.org. The repo changes between the two releases look unrelated, except maybe that we switched our Git submodule from
git://github.com/maxmind/MaxMind-DB.git
tohttps://github.com/maxmind/MaxMind-DB
(which is used in tests) due to new requirements from GitHub. However, it is my understanding that Packagist and Composer ignore submodules, and I would have assumed this would not cause the issue above.