FIX Don't rely on inaccessible packages when fetching update info. #56
+144
−8
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #49
Composer wants to use information about all dependencies when reporting the most up-to-date version that meets the project's stability/version constraints and doesn't conflict with any other dependencies.
If a dependency is inaccessible (e.g. private repositories or IP-restricted hosting) composer will fail to declare a version candidate, which results in missing information even for some accessible packages.
By ommitting inaccessible repositories, we do at least get some version information, even if there is a change of compatibility issues.
All #49 is asking for is a way to suppress the below logging for specific packages. It looks like the only thing that we really need to do is check before logging if this is one of the repositories to suppress for - but the packages being checked for updates are not necessarily the packages that can't be fetched.
silverstripe-composer-update-checker/src/Extensions/CheckComposerUpdatesExtension.php
Lines 62 to 67 in ba8bae9
Ultimately what is happening is this:
composer.json
file.This means that the package it's trying to get update information for (which is not necessarily the same package that it can't fetch information for) doesn't get the update information stored against it in the report. This PR allows composer to use all the information it can access to give a version candidate. There is a chance of conflicts, but this is better than having no update information at all, IMO.