composer: Second run of the latest composer install results in error: Call to undefined method Composer\Util\Http\ProxyManager::needsTransitionWarning()
My composer.json:
{
"name": "laravel/laravel",
"type": "project",
"description": "The Laravel Framework.",
"keywords": [
"framework",
"laravel"
],
"license": "MIT",
"require": {
"arcanedev/log-viewer": "^8.0",
"doctrine/dbal": "^2.12.1",
"fideloper/proxy": "^4.4.1",
"guzzlehttp/guzzle": "^7.0.1",
"inspector-apm/inspector-laravel": "^4.7",
"laravel/framework": "^8.0",
"laravel/tinker": "^3.0",
"laravel/ui": "^3.0",
"laravelcollective/html": "^6.2.0",
"maatwebsite/excel": "^3.1",
"sentry/sentry-laravel": "*",
"yoeunes/notify": "^1.0.6"
},
"require-dev": {
"barryvdh/laravel-debugbar": "^3.5",
"barryvdh/laravel-ide-helper": "^2.12",
"beyondcode/laravel-dump-server": "^1.6",
"filp/whoops": "^2.9",
"fzaninotto/faker": "*",
"mockery/mockery": "^1.4",
"nunomaduro/collision": "^5.0",
"nunomaduro/larastan": "^0.6.2",
"phpstan/phpstan": "^0.12",
"phpunit/phpunit": "^9.0"
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"autoload": {
"psr-4": {
"App\\": "app/"
},
"classmap": [
"database/seeds",
"database/factories"
]
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"minimum-stability": "dev",
"prefer-stable": true,
"scripts": {
"post-autoload-dump": [
"Illuminate\\Foundation\\ComposerScripts::postAutoloadDump",
"@php artisan package:discover --ansi"
],
"post-root-package-install": [
"@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
],
"post-create-project-cmd": [
"@php artisan key:generate --ansi"
]
}
}
Output of composer diagnose:
Checking composer.json: WARNING
require.sentry/sentry-laravel : unbound version constraints (*) should be avoided
Checking platform settings: OK
Checking git settings: OK git version 2.34.1
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: FAIL
Missing pubkey for tags verification
Missing pubkey for dev verification
Run composer self-update --update-keys to set them up
Checking Composer version: OK
Checking Composer and its dependencies for vulnerabilities: OK
Composer version: 2.7.3
PHP version: 8.1.27
PHP binary path: /usr/bin/php8.1
OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
cURL version: 7.81.0 libz 1.2.11 ssl OpenSSL/3.0.2
zip: extension present, unzip present, 7-Zip not available
When I run this command:
rm -rf vendor
# first run works correctly
composer install --prefer-dist --optimize-autoloader -vvv
# second run will give error described below
composer install --prefer-dist --optimize-autoloader -vvv
I get the following output:
Running 2.7-dev+9f84f0c32bdf15bce9e6cf14a96dec8b2bd443c4 (2024-04-19 19:40:58) with PHP 8.1.27 on Linux / 5.15.0-105-generic
Reading ./composer.json (/home/ploi/xxx/composer.json)
Loading config file ./composer.json (/home/ploi/xxx/composer.json)
Checked CA file /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a file.
Checked directory /etc/pki/tls/certs/ca-bundle.crt does not exist or it is not a directory.
Checked CA file /etc/ssl/certs/ca-certificates.crt: valid
Executing command (/home/ploi/xxx): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Failed to initialize global composer: Composer could not find the config file: /home/ploi/.config/composer/composer.json
Reading ./composer.lock (/home/ploi/xxx/composer.lock)
Reading /home/ploi/xxx/vendor/composer/installed.json
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Reading ./composer.lock (/home/ploi/xxx/composer.lock)
Built pool.
Generating rules
Resolving dependencies through SAT
Looking at all rules.
Dependency resolution completed in 0.000 seconds
Nothing to install, update or remove
Package swiftmailer/swiftmailer is abandoned, you should avoid using it. Use symfony/mailer instead.
Package yoeunes/notify is abandoned, you should avoid using it. Use php-flasher/flasher-laravel instead.
Package fzaninotto/faker is abandoned, you should avoid using it. No replacement was suggested.
Generating optimized autoload files
> post-autoload-dump: Illuminate\Foundation\ComposerScripts::postAutoloadDump
> post-autoload-dump: @php artisan package:discover --ansi
Executing command (CWD): '/usr/bin/php8.1' -d allow_url_fopen='1' -d disable_functions='' -d memory_limit='-1' artisan package:discover --ansi
Discovered Package: arcanedev/log-viewer
Discovered Package: barryvdh/laravel-debugbar
Discovered Package: barryvdh/laravel-ide-helper
Discovered Package: beyondcode/laravel-dump-server
Discovered Package: fideloper/proxy
Discovered Package: inspector-apm/inspector-laravel
Discovered Package: laravel/tinker
Discovered Package: laravel/ui
Discovered Package: laravelcollective/html
Discovered Package: maatwebsite/excel
Discovered Package: nesbot/carbon
Discovered Package: nunomaduro/collision
Discovered Package: sentry/sentry-laravel
Discovered Package: yoeunes/notify
Package manifest generated successfully.
105 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
In Application.php line 403:
[Error]
Call to undefined method Composer\Util\Http\ProxyManager::needsTransitionWarning()
Exception trace:
at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:403
Composer\Console\Application->doRun() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:171
Symfony\Component\Console\Application->run() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:147
Composer\Console\Application->run() at phar:///usr/local/bin/composer/bin/composer:93
require() at /usr/local/bin/composer:30
And I expected this to happen:
I expect the second run to also end without error. Tried the snapshot composer version and the error is still present.
The error is on this line: https://github.com/composer/composer/blame/9f84f0c32bdf15bce9e6cf14a96dec8b2bd443c4/src/Composer/Console/Application.php#L403
And we can see that the bug was introduced 3 days ago in a big pull request: https://github.com/composer/composer/pull/11915
About this issue
- Original URL
- State: closed
- Created 2 months ago
- Reactions: 10
- Comments: 40 (23 by maintainers)
Commits related to this issue
- Stop requiring composer itself Requiring composer itself might lead to a difference between the project composer version and the locally installed version. By this no composer actions can be performe... — committed to xolf/metrics-sdks by xolf 2 months ago
- fix: removing composer dependency See: https://github.com/composer/composer/issues/11940 — committed to CoolGoose/larastan-legacy by CoolGoose 2 months ago
- Fix Composer autoloader being hijackable by script/plugin event handlers, fixes #11940 — committed to Seldaek/composer by Seldaek 2 months ago
- Fix Composer autoloader being hijackable by script/plugin event handlers, fixes #11940 — committed to Seldaek/composer by Seldaek 2 months ago
Also temporarily solved by downgrading.
For ploi.io users you can use this command because rollback was not available on my ploi machines:
sudo /usr/local/bin/composer self-update 2.7.2Please stop with the +1 it’s just noise. Of course downgrading works but it’s a workaround it doesn’t fix anything and doesn’t let you upgrade which is not a long term solution. A better workaround would be upgrading composer in your dependencies, but even better as I just wrote above is figuring out why it’s in the dependencies and how to get rid of it.
Important: Please apply the fix of @Seldaek, see https://github.com/composer/composer/issues/11940#issuecomment-2067758744. My suggested solution to roll back to the previous composer version is not sustainable and only a quick fix. If you are interested in a dirty quick fix, checkout my solution below.
In my case the
readme/metricspackage was requiring composer itself, which lead to the deployment issues.@cgrisar wrote, (see comment)
For all other Laravel Forge user stumbling across this problem. Create a Recipe with the script
/usr/local/bin/composer self-update --rollbackand run it on all affected servers to rollback your Composer version.I use Statamic which uses composer package under the hood.
This command fixed the issue for me:
Thanks @duncanmcclean for posting the solution here https://github.com/statamic/cms/issues/9945#issuecomment-2069706395
The composer dependency has been removed since v2.12.2, in feb 2022, so if they updated in the last 2 years, that should not be a problem. Not really sure if I can do anything about it (now)
I concur.
Having the same issues when deploying with laravel forge.
Checked the log files and it seems there was a commit yesterday on ProxyManager?
I could still deploy yesterday
Hmm I was looking why Laravel was doing a callback instead of a script, but it appears it might have been myself who was responsible for this change… https://github.com/laravel/laravel/pull/3699
At the time, Laravel used a ‘compiled’ file which included all the actual files (not just classmap) so when an update was ran, it needed to clear the compiled file. It couldn’t be cleared before the update, because the vendor dir was not always available: https://github.com/composer/composer/issues/5066 so it was moved to post-update; https://github.com/laravel/laravel/pull/3687 But this would cause a mismatch between versions in the compiled.php vs new vendor files so instead of running an artisan script, it just called the clear scripts directly (https://github.com/laravel/framework/pull/12827), bypassing any compiled bootstrapping.
But Laravel doesn’t use the compiled file anymore (since a very long time). It would be possible to revert the changes now probably, to just use
php artisan clear-compiled. But this would require every existing app to update their application composer.json. Alternatively, the Laravel composer scripts could be modified to not load the entire application, but would also require updates (although for the framework, which would be easier to upgrade but still would leave lots of legacy available.From the Composer side, we could compare autoloaders before/after running the callbacks. Eg. https://github.com/composer/composer/pull/11948 This could still lead to issues if the application actually loads classes (because I don’t think you can unload them after use), or when the application tries to use a class that is already loaded by composer, but that would not impact Composer directly.
Yes I’ll try to work on a fix because of the amount of people affected here but I’m also on vacation this week so I’ll do that when i manage… In the meantime trying to help out from my phone.
And autoloading always from the phar is not as easy as it sounds but yes it’d be nice to be able to do that i agree. For composer/composer itself it might be doable but for dependencies of composer it gets trickier as plugins/scripts might rely on the exact version that’s installed but composer might be more flexible and allow running with all versions… I guess ideally we would autoload dependencies we are compatible with from vendor and the rest from the phar to ensure composer runs fine.
We’ve received several reports of this on Laravel Forge.
In some cases, it looks like the offending package is
barryvdh/laravel-ide-helperwhich requirescomposer/composeron version 2.7.0 and above. 3.0.0 no longer requires Composer itself. In others, it’s older versions ofnunomaduro/larastan.Looping @barryvdh into this thread.
I also downgraded to 2.7.2 and it works again. I’m using ploi server management.
Have you tried the proposed fix in https://github.com/composer/composer/issues/11940#issuecomment-2067758744
The systemic issue imo is people requiring composer in their dependencies… This is usually a bad idea. I’m not sure why you have it. You can run and share output of
composer why composer/composer -tThen maybe we can look at why this is there and if it could be removed.
I returned to composer 2.7.2 and it did the trick.
I had my moments of cold sweat though…