Composer issue when dealerdirect/phpcodesniffer-composer-installer update from v1.0.0 to v1.1.0

Having the same issue from this morning.

The provided cwd "../squizlabs/php_codesniffer" does not exist.

Here is the release note for dealerdirect/phpcodesniffer-composer-installer

https://github.com/PHPCSStandards/composer-installer/releases/tag/v1.1.0

I guess https://github.com/PHPCSStandards/composer-installer/issues/239 needs a better or more complete repro case to convince the maintainer there?

A PR has been created by the author to address this bug.

Until the bug is fixed, you can temporarily revert to the previous version.

composer require dealerdirect/phpcodesniffer-composer-installer:"1.0.0"

I can confirm that #6 🐛 Composer issue when dealerdirect/phpcodesniffer-composer-installer update from v1.0.0 to v1.1.0 Active works.

I can also confirm that option #6 works.
I got this message for only 2 out of ten websites running on the same server.

Perhaps, you can also do something like this:

{
    ...
    "conflict": {
        "dealerdirect/phpcodesniffer-composer-installer": "1.1.0"
    },
    ...
}

So that new version with a fix will automatically go through:

#6 fix the issue for my project after updating to drupal 11.2.*

The fix in #9 fixes it for me. It has the same effect as #6 except that later updates, when the issue is fixed, will be installed.

#9 is working for me. Thank you

I prefer this solution because it does not add extra stuff and not lock to a specific version

dang, needed contrib testing to work today and this is blocking it. That sucks.

Looks like an upstream fix is in the works to be released soon.

https://github.com/PHPCSStandards/composer-installer/pull/245

I think we can/should commit #9 to core.

Thanks for the 10.5 MR, however we also need an 11.x MR here so we can backport from there.

Created MR against 11.x

Is this justifiable for a backport to 10.4 as well?

hm the MR is setting dealerdirect/phpcodesniffer-composer-installer to 1.1.0, but the actual fix in https://github.com/PHPCSStandards/composer-installer/pull/245 that got merged is targeted for the to be released 1.1.1?

@rkoller the MR is saying we conflict with 1.1.0 so it will not be installed.

argh apologies, missed the conflict line :( was only focus on the version number. thanks for the explanation!

Regarding a 10.4 backport, @catch and I discussed and agreed that we will consider backporting this to 11.1 and 10.4 and creating a tagged release declaring the conflict if it is not fixed upstream in advance of the next security window, since this could interfere with site updates. In the meanwhile, we recommend sites blocked on this explicitly require the 1.0.0 version as a workaround:

composer require dealerdirect/phpcodesniffer-composer-installer:"1.0.0"

Adding the workaround to the IS.

And a reminder to remove the conflict once upstream is fixed.

Going to go ahead and commit from needs review here given they are trivial MRs and this is urgent.

Committed/pushed to 11.x/11.2.x/10.6.x/10.5.x respectively.

Leaving open for 11.1 and 10.4 backports depending on whether there's an upstream release soon.

catch → closed merge request !12500

catch → closed merge request !12501

Is there a plan to address 11.1.x users?

#9 worked like a charm for me.

@anthonyroundtree see #32

I wonder when (root)/composer.json for drupal/drupal is involved in install or update? I still have the problem that phpcodesniffer-composer-installer 1.1.0 is installed when updating to drupal 10.5.1 with composer.

Shouldn't the conflict setting be placed in core/composer.json for drupal/core?

I think @sleitner is probably right... This is why we shouldn't commit issues from needs review even when they're trivial.

sleitner → changed the visibility of the branch 3532187-composer-issue-when to hidden.

Is there any reason not to declare the conflict in both places, for both tooling and production metapackages?

I don't think it's necessary because drupal/core is a dependency, but maybe better safe than sorry.

There's been a release today with a change to resolve the issue: https://github.com/PHPCSStandards/composer-installer/releases/tag/v1.1.1

Surprised the bot didn't pick this up but the MR appears to have merge conflicts

Tested on D 10.5 and D11.2.
Good to go.

Committed cd9743a and pushed to 11.x. Thanks!
Committed 52370ec and pushed to 11.2.x. Thanks!
Committed f7d3976 and pushed to 10.6.x. Thanks!
Committed e325ec1 and pushed to 10.5.x. Thanks!

Thanks for sorting this properly.