当我尝试更新单个包时,我对Composer的行为感到困惑.
每对文档和堆栈溢出的答案像这一个,我应该能够用以下命令来更新单个包
composer update somevendor/somepackage
我这样做的期望是我的vendor文件夹,composer.lock除了somevendor/somepackage及其依赖项外,应该保持不变.然而,这种情况并非如此.相反,我看到一些软件包的哈希值与我正在更新的软件包无关composer.lock.实际上,即使我尝试通过粘贴键盘来更新不存在的包:
composer update adsfiodfsa/dsafiodsafio
...然后即使Composer告诉我没有更新内容:
$ composer update adsfiodfsa/dsafiodsafio
Package "adsfiodfsa/dsafiodsafio" listed for update is not installed. Ignoring.
Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Writing lock file
Generating autoload files
Generating optimized class loader......我仍然看到composer.lock已经改变了!更奇怪的是,在/vendor(我加入到我的Git回购测试此的目的)文件夹并没有被修改,即使锁文件似乎声称我有不同的版本,现在有些软件包:
$ git status
On branch master
Your branch is up-to-date with 'origin/master'.
Changes not staged for commit:
(use "git add ..." to update what will be committed)
(use "git checkout -- ..." to discard changes in working directory)
modified: composer.lock
no changes added to commit (use "git add" and/or "git commit -a")这是预期的行为还是错误?如果它是正确的,有人可以解释为什么我的composer.lock文件正在改变,尽管没有更新?如果它有帮助,在更新后运行一个git diffon composer.lock(不修改供应商文件夹)会产生以下差异,这似乎清楚地声称某些包已经改变:
diff --git a/composer.lock b/composer.lock
index e2f65b9..e6c9a95 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1,7 +1,7 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
- "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "3d8098978270f73f9829e9d1138edef9",
@@ -583,7 +583,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/doctrine/dbal/zipball/9e7954694971a5fab6ebabb38f9ffeec49d0d2ad",
+ "url": "https://api.github.com/repos/doctrine/dbal/zipball/a0a43c0eb15ed66e71f8160b6bb25f4071ed22ca",
"reference": "9e7954694971a5fab6ebabb38f9ffeec49d0d2ad",
"shasum": ""
},
@@ -879,7 +879,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/firebase/firebase-token-generator-php/zipball/61691f56372d32515350dd5522c78be64a0e8d60",
+ "url": "https://api.github.com/repos/firebase/firebase-token-generator-php/zipball/1044f9f5ec8b270dc6c073c7bf2fe67081dbfbb2",
"reference": "61691f56372d32515350dd5522c78be64a0e8d60",
"shasum": ""
},
@@ -1076,7 +1076,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/guzzle/RingPHP/zipball/dbbb91d7f6c191e5e405e900e3102ac7f261bc0b",
+ "url": "https://api.github.com/repos/guzzle/RingPHP/zipball/9465032ac5d6beaa55f10923403e6e1c36018d9c",
"reference": "dbbb91d7f6c191e5e405e900e3102ac7f261bc0b",
"shasum": ""
},
@@ -1425,7 +1425,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/Seldaek/monolog/zipball/bf2bff61743f20a13dc46ff1e3bbd0f19c997d2b",
+ "url": "https://api.github.com/repos/Seldaek/monolog/zipball/77aef55318035d37dbd4e87ea0c37a191f3e766e",
"reference": "bf2bff61743f20a13dc46ff1e3bbd0f19c997d2b",
"shasum": ""
},
@@ -2027,7 +2027,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/php-fig/log/zipball/bf2c13de4300e227d7b2fd08027673a79c519987",
+ "url": "https://api.github.com/repos/php-fig/log/zipball/9e45edca52cc9c954680072c93e621f8b71fab26",
"reference": "bf2c13de4300e227d7b2fd08027673a79c519987",
"shasum": ""
},
@@ -2211,7 +2211,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/ac8b475454c120bfb31f5bef475233dd4fb6b626",
+ "url": "https://api.github.com/repos/swiftmailer/swiftmailer/zipball/21b7eb31c51d98e9da0543527a0242875f3d92b9",
"reference": "ac8b475454c120bfb31f5bef475233dd4fb6b626",
"shasum": ""
},
@@ -2744,7 +2744,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/HttpKernel/zipball/7b1632cf2bdbc69c59a44942b70d5aae91034304",
+ "url": "https://api.github.com/repos/symfony/HttpKernel/zipball/31652385d94eafc2103a98435d6d5bd7eea61736",
"reference": "7b1632cf2bdbc69c59a44942b70d5aae91034304",
"shasum": ""
},
@@ -3405,7 +3405,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpspec/phpspec/zipball/73d0335bf8473be8bcfab5a9d66adce8d0db3857",
+ "url": "https://api.github.com/repos/phpspec/phpspec/zipball/147ff359413be67781d1dd1f3be5d7a4d4af769a",
"reference": "73d0335bf8473be8bcfab5a9d66adce8d0db3857",
"shasum": ""
},
@@ -3483,7 +3483,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/phpspec/prophecy/zipball/3132b1f44c7bf2ec4c7eb2d3cb78fdeca760d373",
+ "url": "https://api.github.com/repos/phpspec/prophecy/zipball/5a355f91730c845301a9e28f91c8a5053353c496",
"reference": "3132b1f44c7bf2ec4c7eb2d3cb78fdeca760d373",
"shasum": ""
},
@@ -3543,7 +3543,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/9ef4b8cbf3e839a44a9b375d8c59e109ac7aa020",
+ "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/688b6a58acb19c1899dc887b1efb6403dc6dc0bd",
"reference": "9ef4b8cbf3e839a44a9b375d8c59e109ac7aa020",
"shasum": ""
},
@@ -3861,7 +3861,7 @@
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/74ffb87f527f24616f72460e54b595f508dccb5c",
+ "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/5034a3d9f2057a7b7d6ad03a984509dadfdda3cc",
"reference": "74ffb87f527f24616f72460e54b595f508dccb5c",
"shasum": ""
},
自述文件部分将表明您已经更新了您的 Composer 版本,因为创建了锁定文件,导致锁定的基本元数据被更新。
白名单在安装程序中的工作方式是,每个未列入白名单的软件包都会将约束更新为已安装的确切版本。
因此,从技术上讲,正在考虑安装每个包,以防缺少包的情况,并正确发现和解决列入白名单的包的依赖关系。就好像您临时更改了composer.json为未列入白名单的每个包声明了显式版本,并执行了完整更新。
重新生成锁定文件时,Composer\Package\Locker将迭代所有已考虑安装的包并将它们传递给它将Composer\Package\Dumper\ArrayDumper吐出每个包的source元dist数据以创建输出。
#9e7954694971a5fab6ebabb38f9ffeec49d0d2ad当您安装了带有哈希引用的软件包时,该哈希引用相当于版本的某些内容。正如 stof 在Composer/composer#1458中指出的那样,版本的显式哈希处理是在安装程序级别完成的,并且不知道如何为其生成正确的 dist url,这是在 vcs 驱动程序级别完成的。散列时用于为锁定文件创建 dist url 的元数据来自dev-master这,这就是 api url 会更新的原因。
安装程序不使用 dist url 来安装包,安装时使用的 dist url 来自提供求解器使用的池中的包的存储库。