Composer dependencies update not possible
thesebas opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
composer
Package manager version
2.x
Language version
php 8.2
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
expected (from before update)
updater | 2024/06/17 03:09:34 INFO <job_842492520> Starting job processing
updater | 2024/06/17 03:09:35 INFO <job_842492520> Starting update job for example-company/some-project
updater | 2024/06/17 03:09:35 INFO <job_842492520> Checking all dependencies for version updates...
updater | 2024/06/17 03:09:35 INFO <job_842492520> Checking if example-company/some-lib 1.6.0 needs updating
proxy | 2024/06/17 03:09:35 [016] GET https://composer.example-company.com:443/packages.json
proxy | 2024/06/17 03:09:35 [016] * authenticating composer registry request (host: composer.example-company.com)
proxy | 2024/06/17 03:09:38 [016] 200 https://composer.example-company.com:443/packages.json
proxy | 2024/06/17 03:09:38 [018] GET https://packagist.org:443/packages.json
proxy | 2024/06/17 03:09:38 [018] 200 https://packagist.org:443/packages.json
proxy | 2024/06/17 03:09:38 [021] GET https://repo.packagist.org:443/p2/example-company/some-lib.json
proxy | 2024/06/17 03:09:38 [021] 404 https://repo.packagist.org:443/p2/example-company/some-lib.json
proxy | 2024/06/17 03:09:39 [023] GET https://composer.example-company.com:443/packages.json
proxy | 2024/06/17 03:09:39 [023] * authenticating composer registry request (host: composer.example-company.com)
proxy | 2024/06/17 03:09:41 [023] 200 https://composer.example-company.com:443/packages.json
proxy | 2024/06/17 03:09:41 [025] GET https://composer.example-company.com:443/p2/example-company/some-lib.json
proxy | 2024/06/17 03:09:41 [025] * authenticating composer registry request (host: composer.example-company.com)
proxy | 2024/06/17 03:09:43 [025] 200 https://composer.example-company.com:443/p2/example-company/some-lib.json
today I see
updater | 2024/06/18 04:00:29 INFO <job_843630420> Starting job processing
updater | 2024/06/18 04:00:30 INFO <job_843630420> Starting update job for example-company/some-project
updater | 2024/06/18 04:00:30 INFO <job_843630420> Checking all dependencies for version updates...
updater | 2024/06/18 04:00:30 INFO <job_843630420> Checking if example-company/some-lib 1.6.0 needs updating
proxy | 2024/06/18 04:00:30 [016] GET https://composer.example-company.com:443/packages.json
proxy | 2024/06/18 04:00:30 [016] * authenticating composer registry request (host: composer.example-company.com)
proxy | 2024/06/18 04:00:32 [016] 200 https://composer.example-company.com:443/packages.json
proxy | 2024/06/18 04:00:32 [018] GET https://packagist.org:443/packages.json
proxy | 2024/06/18 04:00:33 [018] 200 https://packagist.org:443/packages.json
proxy | 2024/06/18 04:00:33 [021] GET https://repo.packagist.org:443/p2/example-company/some-lib.json
proxy | 2024/06/18 04:00:33 [021] 404 https://repo.packagist.org:443/p2/example-company/some-lib.json
updater | 2024/06/18 04:00:34 INFO <job_843630420> Handled error whilst updating example-company/some-lib: dependency_file_not_resolvable {:message=>"Could not parse version constraint : Invalid version string \"\""}
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
Probably related to #10018
Smallest manifest that reproduces the issue
No response
We're seeing the same issue across a lot of our repos, with exactly the same symptoms above. Started a day or two back.
+1. Here this issue started 3 days ago
This started on all of our repos that use wpackagist as of Jun 17, 2024.
This started on all of our repos that use wpackagist as of Jun 17, 2024.
Same goes for us. We did not get this error at Jun 17, 2024, 3:34 AM GMT+2
, we did get it a day later at Jun 18, 2024, 3:56 AM GMT+2
. That matches the timeframe in which the mentioned PR #10018 got merged.
Sending out an explicit ping to @thavaahariharangit and @robaiken, who were involved in #10018. Maybe this rings a bell as the changes from that PR might still be fresh in memory? 🙏
Would it be an idea to revert the changes again?
The impact seems to be for all packages that are not hosted on packagist, which means probably all using private packages are impacted by this?
Looks like the change is causing more impact than the reason the change was implemented for?
Thanks for the heads up... I've raised this internally, so we'll try to get it reverted or fixed in the next few days.
Thanks for the heads up... I've raised this internally, so we'll try to get it reverted or fixed in the next few days.
@jeffwidman Would you be able to provide a status update or updated estimated time regarding this topic?
Sorry everyone about the continued churn on this; we're open to doing a revert since this is revealing a couple of unforeseen issues. Should either get a fix or a revert before end of week.
Sorry everyone about the continued churn on this; we're open to doing a revert since this is revealing a couple of unforeseen issues. Should either get a fix or a revert before end of week.
Thank you for the update @abdulapopoola
Reverting would be nice, it means unblocking everyone and creating time to come up with a well tested fix.
Changes caused this issue is reverted in PR, Sorry for the inconvenience caused