Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Composer dependency resolution issue with scripts #11654

Closed
miguilimzero opened this issue Sep 22, 2023 · 4 comments
Closed

Composer dependency resolution issue with scripts #11654

miguilimzero opened this issue Sep 22, 2023 · 4 comments
Labels
Support

Comments

@miguilimzero
Copy link

Composer v2.6 release had a dependency resolution regression, as noted here: #11626, and intended to be fixed here: #11629. However, there is still an issue happening with this version of the composer.

I created an example repository to reproduce the issue: https://github.com/miguilimzero/composer-react-promise-bug.

The issue is currently about the resolution of react/promise dependency version from the ccxt/ccxt package. The composer.json and composer.lock are showing the correct version, and when you do the composer install, it will also download the correct version (v2.10 in this case).

But when it runs the post-autoload-dump script, it actually throws an error of wrong function declaration of the PromiseInterface class from react/promise used by ccxt. But the error shows the PromiseInterface from v3.0 and not v2.10, even if the composer.lock and the downloaded package shows the v2.10 version.

You can see by downloading the repository example and doing the composer install that the react/promise version is actually correct, and the PromiseInterface matches with the ccxt implemented one.

You can see a CI from the example repository running on v2.5 (success): https://github.com/miguilimzero/composer-react-promise-bug/actions/runs/6270268972/job/17027972907

You can see a CI from the example repository running on v2.6 (fail): https://github.com/miguilimzero/composer-react-promise-bug/actions/runs/6270268969/job/17027972919

Both runs are from the same commit and show different results.
@miguilimzero miguilimzero mentioned this issue Sep 22, 2023
Merged
@Seldaek
Copy link
Member

Seldaek commented Sep 25, 2023

Yes, that is because Composer now ships with react/promise 3.x - so scripts running in the same PHP process have to be compatible with it.

You should run an external binary/php script instead of a static method if you have dependencies which clash with Composer's, that way Composer will run the script in a new process.

@miguilimzero
Copy link
Author

@Seldaek Thanks for the explanation! So, from my understanding, any package that requires react/promise ^2 will not work with a script that calls a static method, right?

I made this example repository trying to reproduce how it works with Laravel. The framework calls a static method that requires the autoload file (in the same way as the example) and then clears some cache files. So the ccxt/ccxt package broke with the Composer v2.6 update in any Laravel project.

@Seldaek
Copy link
Member

Seldaek commented Sep 26, 2023

Yes that is correct. Well it's specifically a problem with Laravel because it includes the autoloader, and then with ccxt/ccxt because it does things with the promise interface which are not compatible across both versions. Composer for example is compatible with both react/promise 2.x and 3.x, so it's not like this will cause issues with any project requiring it.

@miguilimzero
Copy link
Author

@Seldaek alright. Thanks for the support!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Seldaek @miguilimzero