当我尝试更新单个软件包时,我对Composer的行为感到困惑。
Per the docs和Stack Overflow答案如this one,我应该可以使用像
这样的命令更新单个包composer update somevendor/somepackage
我这样做的期望是我的vendor文件夹和composer.lock应保持不变,但somevendor/somepackage及其依赖项除外。然而,这种情况并非如此。相反,我看到一些软件包的哈希值与我正在更新composer.lock中的更改无关。实际上,即使我尝试通过粘贴键盘来更新不存在的包:
composer update adsfiodfsa/dsafiodsafio
...然后即使作曲家告诉我没有更新内容:
$ composer update adsfiodfsa/dsafiodsafio
Package "adsfiodfsa/dsafiodsafio" listed for update is not installed. Ignoring.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Writing lock file
Generating autoload files
Generating optimized class loader ......我仍然看到composer.lock已经改变了!更奇怪的是,/vendor文件夹(我为了测试这个而添加到我的Git仓库中)还没有被修改,即使锁定文件似乎声称我现在有一些包的不同版本:
$ git status
On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)
modified: composer.lock
no changes added to commit (use "git add" and/or "git commit -a")这是预期的行为还是错误?如果它是正确的,有人可以解释为什么我的composer.lock文件正在改变,尽管没有更新?如果有帮助,在更新后在git diff上运行composer.lock(不修改供应商文件夹)会产生以下差异,这似乎很清楚声称有些包已经改变:
diff --git a/composer.lock b/composer.lock
index e2f65b9..e6c9a95 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1,7 +1,7 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
- "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "3d8098978270f73f9829e9d1138edef9",
@@ -583,7 +583,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/doctrine/dbal/zipball/9e7954694971a5fab6ebabb38f9ffeec49d0d2ad",
+ "url": "https://api.github.com/repos/doctrine/dbal/zipball/a0a43c0eb15ed66e71f8160b6bb25f4071ed22ca",
"reference": "9e7954694971a5fab6ebabb38f9ffeec49d0d2ad",
"shasum": ""
},
@@ -879,7 +879,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/firebase/firebase-token-generator-php/zipball/61691f56372d32515350dd5522c78be64a0e8d60",
+ "url": "https://api.github.com/repos/firebase/firebase-token-generator-php/zipball/1044f9f5ec8b270dc6c073c7bf2fe67081dbfbb2",
"reference": "61691f56372d32515350dd5522c78be64a0e8d60",
"shasum": ""
},
@@ -1076,7 +1076,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/RingPHP/zipball/dbbb91d7f6c191e5e405e900e3102ac7f261bc0b",
+ "url": "https://api.github.com/repos/guzzle/RingPHP/zipball/9465032ac5d6beaa55f10923403e6e1c36018d9c",
"reference": "dbbb91d7f6c191e5e405e900e3102ac7f261bc0b",
"shasum": ""
},
@@ -1425,7 +1425,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/Seldaek/monolog/zipball/bf2bff61743f20a13dc46ff1e3bbd0f19c997d2b",
+ "url": "https://api.github.com/repos/Seldaek/monolog/zipball/77aef55318035d37dbd4e87ea0c37a191f3e766e",
"reference": "bf2bff61743f20a13dc46ff1e3bbd0f19c997d2b",
"shasum": ""
},
@@ -2027,7 +2027,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/php-fig/log/zipball/bf2c13de4300e227d7b2fd08027673a79c519987",
+ "url": "https://api.github.com/repos/php-fig/log/zipball/9e45edca52cc9c954680072c93e621f8b71fab26",
"reference": "bf2c13de4300e227d7b2fd08027673a79c519987",
"shasum": ""
},
@@ -2211,7 +2211,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/ac8b475454c120bfb31f5bef475233dd4fb6b626",
+ "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/21b7eb31c51d98e9da0543527a0242875f3d92b9",
"reference": "ac8b475454c120bfb31f5bef475233dd4fb6b626",
"shasum": ""
},
@@ -2744,7 +2744,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/HttpKernel/zipball/7b1632cf2bdbc69c59a44942b70d5aae91034304",
+ "url": "https://api.github.com/repos/symfony/HttpKernel/zipball/31652385d94eafc2103a98435d6d5bd7eea61736",
"reference": "7b1632cf2bdbc69c59a44942b70d5aae91034304",
"shasum": ""
},
@@ -3405,7 +3405,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpspec/phpspec/zipball/73d0335bf8473be8bcfab5a9d66adce8d0db3857",
+ "url": "https://api.github.com/repos/phpspec/phpspec/zipball/147ff359413be67781d1dd1f3be5d7a4d4af769a",
"reference": "73d0335bf8473be8bcfab5a9d66adce8d0db3857",
"shasum": ""
},
@@ -3483,7 +3483,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpspec/prophecy/zipball/3132b1f44c7bf2ec4c7eb2d3cb78fdeca760d373",
+ "url": "https://api.github.com/repos/phpspec/prophecy/zipball/5a355f91730c845301a9e28f91c8a5053353c496",
"reference": "3132b1f44c7bf2ec4c7eb2d3cb78fdeca760d373",
"shasum": ""
},
@@ -3543,7 +3543,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/9ef4b8cbf3e839a44a9b375d8c59e109ac7aa020",
+ "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/688b6a58acb19c1899dc887b1efb6403dc6dc0bd",
"reference": "9ef4b8cbf3e839a44a9b375d8c59e109ac7aa020",
"shasum": ""
},
@@ -3861,7 +3861,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/74ffb87f527f24616f72460e54b595f508dccb5c",
+ "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/5034a3d9f2057a7b7d6ad03a984509dadfdda3cc",
"reference": "74ffb87f527f24616f72460e54b595f508dccb5c",
"shasum": ""
},
答案 0 :(得分:1)
自述文件部分表示您已更新自编译器的版本,因为锁文件已创建,导致锁的基本元数据更新。
白名单在安装程序中的工作方式是,每个未列入白名单的软件包都会将约束更新为已安装的确切版本。
所以正在发生的是,在缺少包的情况下,每个包在技术上都被考虑安装,并且正确地发现和解决白名单包的依赖性。就好像您暂时更改了composer.json,为每个未列入白名单的软件包声明了显式版本,并执行了完整更新。
重新生成锁定文件时Composer\Package\Locker将遍历已考虑安装的所有软件包并将其传递给Composer\Package\Dumper\ArrayDumper,这将吐出source和{{1}用于创建输出的每个包的元数据。
如果安装的软件包的哈希引用等同于版本dist的某些内容。正如stof在composer/composer#1458中指出的那样,对版本的显式哈希的处理是在安装程序级别完成的,并且不知道如何为它生成适当的dist url,这是在vcs驱动程序级别完成的。在散列时用于为锁定文件创建dist url的元数据来自#9e7954694971a5fab6ebabb38f9ffeec49d0d2ad,这就是api url会更新的原因。
安装程序不使用dist url来安装软件包,安装时使用的dist url来自提供解析器正在使用的池中的软件包的存储库。