search

fxpio / composer-asset-plugin

NPM/Bower Dependency Manager for Composer
MIT License
893 stars 156 forks source link

Silent removal of dependency during update since Composer 1.6.4 #322

Closed holtkamp closed 6 years ago

holtkamp commented 6 years ago

Since an upgrade to composer 1.6.4 a specific dependency gets removed after running composer update.

Use the following composer.json:

{
  "require": {
    "bower-asset/add-to-homescreen": "dev-master"
  }
}

Run an initial composer update:

composer update --verbose -vv
    1/2:    http://packagist.org/p/provider-latest$b8e385ac90e097732e7741efaa12a4e217b0e06a352344b7cf5bdd94ba05115d.json
    2/2:    http://packagist.org/p/provider-2018-01$06137a8100302ebd32a317949247ba4a3d130089a4d52ceb2b8e0cfc35af4ca9.json
    Finished: success: 2, skipped: 0, failure: 0, total: 2
Loading composer repositories with package information
Updating dependencies (including require-dev)
Adding VCS repository bower-asset/add-to-homescreen
Dependency resolution completed in 0.000 seconds
Analyzed 83 packages to resolve dependencies
Analyzed 78 rules to resolve dependencies
Package operations: 1 install, 0 updates, 0 removals
Installs: bower-asset/add-to-homescreen:dev-master aa54e46
  - Installing bower-asset/add-to-homescreen (dev-master aa54e46): Cloning aa54e4683e58ca20c78ccfd2eee8718416dad882 from cache
    REASON: Required by the root package: Install command rule (install bower-asset/add-to-homescreen dev-master|install bower-asset/add-to-homescreen dev-master)

Writing lock file
Generating autoload files

The composer.lock file now contains information about the dependency. Now run composer update again

composer update --verbose -vv
    1/1:    http://packagist.org/p/provider-latest$6e5d0c5caf0df70e645e3e9a56662b80c94c29fcdda063c3fa8d0fd42c57e766.json
    Finished: success: 1, skipped: 0, failure: 0, total: 1
Loading composer repositories with package information
Updating dependencies (including require-dev)
Adding VCS repository bower-asset/add-to-homescreen
Dependency resolution completed in 0.001 seconds
Analyzed 85 packages to resolve dependencies
Analyzed 85 rules to resolve dependencies
Package operations: 0 installs, 0 updates, 0 removals
Generating autoload files

It appears nothing has happened. But the composer.lock file and the vendor folder are removed!. When multiple dependencies are involved, only this specific dependency bower-asset/add-to-homescreen is removed from the composer.lock file.

moroine commented 6 years ago

Got the same here, and it seems pretty random

holtkamp commented 6 years ago

Seems fixed in https://github.com/composer/composer/releases/tag/1.6.5

probably caused by https://github.com/composer/composer/issues/7268