Bug: open_basedir restriction as a plugin without bedrock

Terms

I have read the guidelines for Contributing to Roots Projects
This request is not a duplicate of an existing issue
I have read the docs and followed them (if applicable)
I have seached the Roots Discourse for answers and followed them (if applicable)
This is not a personal support request that should be posted on the Roots Discourse community

Description

What's wrong?

open_basedir restriction in effect occurred after installing acorn as a plugin without bedrock when open_basedir restriction is present.

What have you tried?

Have same issue when reproduced in my other server
Tried to install it as theme dependency still getting same issue

What insights have you gained?

During acorn initialization, the registerPackageManifest:270 method in \src\Roots\Acorn\Application.php attempted to access outside working directory which is outside of allowed path in open_basedir

acorn/src/Roots/Acorn/Application.php

Lines 269 to 272 in 32361ac

    
           ->filter(function ($path) use ($files) { 
        
               return $files->isFile("{$path}/vendor/composer/installed.json") 
        
                   && $files->isFile("{$path}/composer.json"); 
        
           })

Possible solutions

Open to suggestions, however, this is my thought regarding the issue

Checking if a path is within open_basedir
Suppress the isFile() warning

Temporary workarounds

Currently, I'm doing the second solution as I did in my fork. I'm not sure if the suppression is the right way to do.

->filter(function ($path) use ($files) {
    return @$files->isFile("{$path}/vendor/composer/installed.json")
        && @$files->isFile("{$path}/composer.json");
})

Steps To Reproduce

Setup server with open_basedir present with value set something like /www/wwwroot/domain_working_dir/:/tmp/
Install WordPress & Sage 10
Install Acorn as a plugin or theme dependency
Check and confirm if any page is accessible

Expected Behavior

Able to load any page fine when open_basedir is present

Actual Behavior

Got an open_basedir restriction warning after installing acorn as a plugin without bedrock when accessing any pages.

Relevant Log Output

is_file(): open_basedir restriction in effect. File(/www/wwwroot/vendor/composer/installed.json) is not within the allowed path(s): (/www/wwwroot/domain_working_dir/:/tmp/)

Versions

Acorn 2.1.2. Sage 10, Bud 6.3.3, WordPress 6.0.1, PHP 8.0, Ubuntu 20.4

Feel free to submit a PR with this if you want the credit. Otherwise I can get one out this weekend.

    ->filter(function ($path) use ($files) {
        return @$files->isFile("{$path}/vendor/composer/installed.json")
            && @$files->isFile("{$path}/composer.json");
    })

	->filter(function ($path) use ($files) {
	return $files->isFile("{$path}/vendor/composer/installed.json")
	&& $files->isFile("{$path}/composer.json");
	})