Improving the error message when package version can't be parsed#12743
Conversation
| } else { | ||
| $version = $this->versionParser->normalize($config['version']); | ||
| } catch (\UnexpectedValueException $e) { | ||
| throw new \UnexpectedValueException('Failed to normalize version for package "'.$config['name'].'". '.$e->getMessage()); |
There was a problem hiding this comment.
I suggest attaching $e as previous exception, so that the original stacktrace is not lost. It can help debugging things when working on composer.
There was a problem hiding this comment.
Yes, that's a very good idea. Did that.
mamazu
force-pushed
the
better-invalid-versions-message
branch
from
52062b5 to
4a638c7
Compare
mamazu
force-pushed
the
better-invalid-versions-message
branch
from
4a638c7 to
e29385f
Compare
|
Can you show me a way to reproduce this "invalid package version"? Where was the faulty version located? |
|
That's a good question, the faulty version wasn't in the main composer file. |
|
@mamazu I would like to understand fully before merging this, because we explicitly try to include the package name in other ways in a few places, and so I'd like to know where this happened. |
|
Of course, I've managed to reproduce it when using {
"name": "mamazu/main",
"version": "1.0.0",
"autoload": {
"psr-4": {
"Mamazu\\Mamazu\\": "src/"
}
},
"authors": [],
"require": {
"phpunit/phpunit": "AAAA"
}
}Then the error message should now also show the package name that has the broken version. |
|
Ok I see. In this case the version field is for the root package which is why it doesn't show a name, but I guess it doesn't hurt to show it as well. |
|
I just noticed that parsing the version of the package gives a different error message and a JsonValidation Exception, do you know why this isn't happening when the invalid version is in the require section? |
|
Because a version is something we can validate with a regex in the schema, but the constraints are much broader and thus too risky to try and validate it in the json schema |
|
Thanks |
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [composer/composer](https://github.com/composer/composer) | patch | `2.9.5` → `2.9.7` | --- ### Release Notes <details> <summary>composer/composer (composer/composer)</summary> ### [`v2.9.7`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#297-2026-04-14) [Compare Source](composer/composer@2.9.6...2.9.7) - Fixes regression calling custom script command aliases that are called a substring of a composer command ([#​12802](composer/composer#12802)) ### [`v2.9.6`](https://github.com/composer/composer/blob/HEAD/CHANGELOG.md#296-2026-04-14) [Compare Source](composer/composer@2.9.5...2.9.6) - Security: Fixed command injection via malicious Perforce reference (GHSA-gqw4-4w2p-838q / CVE-2026-40261) - Security: Fixed command injection via malicious Perforce repository definition (GHSA-wg36-wvj6-r67p / CVE-2026-40176) - Security: Fixed git credentials remaining in git mirror .git/config after clone or update failed ([`2bcbfc3`](composer/composer@2bcbfc3d)) - Security: Fixed usage of insecure 3DES ciphers when ext-curl is missing ([`5e71d77`](composer/composer@5e71d77e)) - Security: Fixed Perforce unescaped user input in queryP4User shell command ([`ef3fc08`](composer/composer@ef3fc088)) - Security: Hardened git/hg/perforce/fossil identifier validation to ensure branch names starting with `-` do not cause issues ([`6621d45`](composer/composer@6621d45), [`d836b90`](composer/composer@d836b90), [`5e08c76`](composer/composer@5e08c764)) - Fixed inconsistent treatment of SingleCommandApplication script commands wrt autoloading ([#​12758](composer/composer#12758)) - Fixed GitHub API authentication errors not being visible to the user ([#​12737](composer/composer#12737)) - Fixed some platform package parsing failing when Composer runs in web SAPIs ([#​12735](composer/composer#12735)) - Fixed error reporting for clarity when a constraint cannot be parsed ([#​12743](composer/composer#12743)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://git.walbeck.it/mwalbeck/docker-composer/pulls/1130 Co-authored-by: renovate-bot <[email protected]> Co-committed-by: renovate-bot <[email protected]>
3 participants
The problem
In the current version of composer if you sepecify an invalid version string you get the following error message:
This is not very helpful since it doesn't contain the name of the package which contains the faulty package definition.
The fix
I don't know if the place I put the error handling in is the correct place. So please feel free to guide me to where to best put it.