Requirement on `composer/composer` results in errors with e.g. `symfony:dump-env`

Question

Requirement on `composer/composer` results in errors with e.g. `symfony:dump-env`

gmta opened this issue 5 months ago · 5 comments

Composer 2.7.3 introduced a BC breaking change, the effects of which are described here:
composer/composer#11940

The maintainer claims it is caused by packages depending directly on composer/composer. I'm not aware of the exact reason why this dependency is required, but it would at least be better to depend on composer-runtime-api if at all possible.

Answer 1 · 2024-04-22T19:27:15.000Z

I'm not sure the require can be avoided here as it seems this package kinda embeds the entire composer/composer codebase in the phar file created with box.. But I don't see any other usage of it so I'm confused as to why it is required exactly.

Anyway Composer 2.7.4 is now out which hopefully fixes it.

I'd still be happy to discuss about the require of composer/composer with the maintainers here though, if we can get it removed I'd be glad.

Answer 2 · 2024-04-22T19:36:10.000Z

Composer is used within Composer.php to generate the composer.json file.

Let me know if you see this can be removed and how.

Answer 3 · 2024-04-22T20:03:26.000Z

I guess aside from embedding a composer.phar in your phar, I don't see a good solution.

I'm not sure what this project does but it sounds to me like it should not typically be required in other applications, rather used as a tool (which is I suppose why you ship a phar file)? If so the problem might lie more in documenting this, to ensure people don't just add it as a dependency in their project just to build some sdk once in a while?

Answer 4 · 2024-04-22T20:14:44.000Z

If so the problem might lie more in documenting this, to ensure people don't just add it as a dependency in their project just to build some sdk once in a while?

This can be used as a dev dependency or not, but I don't recomend any way of using this project. This can be used with the phar or as a dependency in my opinion.

If Composer 2.7.4 has now fixed the issue, I don't see an issue here anymore.

Please close this issue @gmta if you feel this right. thx

Answer 5 · 2024-04-22T22:05:23.000Z

Looking at how it's used here a bit better, it seems like a legitimate use case for having composer as a dependency. With version 2.7.4 out I don't think anything needs changing here.