Symfony 5 作曲家更新失败并带有安全检查器

Posted 2023-02-16

【中文标题】Symfony 5 作曲家更新失败并带有安全检查器

【英文标题】：Symfony 5 composer update fails with security-checker

【发布时间】：2021-12-01 23:01:47

【问题描述】：

当我执行composer update 时，我会在最后播放这些脚本：

Executing script cache:clear [OK]
Executing script assets:install --symlink --relative public [OK]
Executing script security-checker security:check [KO]
 [KO]
Script security-checker security:check returned with error code 1
!!                                                              
!!    The web service failed for an unknown reason (HTTP 403).  
!!                                                              
!!  
Script @auto-scripts was called via post-install-cmd

我只有安装了"symfony/security-bundle": "5.3.*" 的安全包，当我使用这个命令时它工作正常：

symfony security:check

但是撰写更新似乎使用旧的

php bin/console security:check

这是为什么呢？

我的 composer.json

    "type": "project",
    "license": "proprietary",
    "minimum-stability": "stable",
    "prefer-stable": true,
    "require": 
        "behat/mink-goutte-driver": "^1.2",
        "composer/package-versions-deprecated": "1.11.99.2",
        "datadog/php-datadogstatsd": "^1.5",
        "doctrine/annotations": "^1.0",
        "doctrine/doctrine-bundle": "^2.4",
        "doctrine/doctrine-migrations-bundle": "^3.1",
        "doctrine/orm": "^2.9",
        "jms/serializer-bundle": "^3.10",
        "ok***/datadog-symfony": "^0.3.1",
        "phpdocumentor/reflection-docblock": "^5.2",
        "sensio/framework-extra-bundle": "^6.1",
        "symfony/apache-pack": "^1.0",
        "symfony/asset": "5.3.*",
        "symfony/console": "5.3.*",
        "symfony/dotenv": "5.3.*",
        "symfony/expression-language": "5.3.*",
        "symfony/flex": "^1.3.1",
        "symfony/form": "5.3.*",
        "symfony/framework-bundle": "5.3.*",
        "symfony/http-client": "5.3.*",
        "symfony/intl": "5.3.*",
        "symfony/mailer": "5.3.*",
        "symfony/mime": "5.3.*",
        "symfony/monolog-bundle": "^3.1",
        "symfony/notifier": "5.3.*",
        "symfony/process": "5.3.*",
        "symfony/property-access": "5.3.*",
        "symfony/property-info": "5.3.*",
        "symfony/proxy-manager-bridge": "5.3.*",
        "symfony/runtime": "5.3.*",
        "symfony/security-bundle": "5.3.*",
        "symfony/sendinblue-mailer": "5.3.*",
        "symfony/serializer": "5.3.*",
        "symfony/stopwatch": "5.3.*",
        "symfony/string": "5.3.*",
        "symfony/templating": "5.3.*",
        "symfony/translation": "5.3.*",
        "symfony/twig-bundle": "^5.3",
        "symfony/validator": "5.3.*",
        "symfony/web-link": "5.3.*",
        "symfony/yaml": "5.3.*",
        "symfonycasts/reset-password-bundle": "^1.9",
        "twig/extra-bundle": "^3.3",
        "twig/intl-extra": "^3.3",
        "twig/twig": "^2.12|^3.0"
    ,
    "require-dev": 
        "behat/behat": "^3.8",
        "doctrine/doctrine-fixtures-bundle": "^3.4",
        "friends-of-behat/mink-browserkit-driver": "^1.5",
        "friends-of-behat/mink-extension": "^2.5",
        "friends-of-behat/symfony-extension": "^2.2",
        "phpstan/extension-installer": "^1.1",
        "phpstan/phpstan-doctrine": "^0.12.44",
        "phpstan/phpstan-symfony": "^0.12.41",
        "phpunit/phpunit": "^9.5",
        "symfony/browser-kit": "^5.3",
        "symfony/css-selector": "^5.3",
        "symfony/debug-bundle": "^5.3",
        "symfony/maker-bundle": "^1.0",
        "symfony/phpunit-bridge": "^5.3",
        "symfony/var-dumper": "^5.3",
        "symfony/web-profiler-bundle": "^5.3"
    ,
    "config": 
        "optimize-autoloader": true,
        "preferred-install": 
            "*": "dist"
        ,
        "sort-packages": true
    ,
    "autoload": 
        "psr-4": 
            "App\\": "src/"
        
    ,
    "autoload-dev": 
        "psr-4": 
            "App\\Tests\\": "tests/"
        
    ,
    "replace": 
        "symfony/polyfill-ctype": "*",
        "symfony/polyfill-iconv": "*",
        "symfony/polyfill-php72": "*"
    ,
    "scripts": 
        "auto-scripts": 
            "cache:clear": "symfony-cmd",
            "assets:install %PUBLIC_DIR%": "symfony-cmd"
        ,
        "post-install-cmd": [
            "@auto-scripts"
        ],
        "post-update-cmd": [
            "@auto-scripts"
        ]
    ,
    "conflict": 
        "symfony/symfony": "*"
    ,
    "extra": 
        "symfony": 
            "allow-contrib": false,
            "require": "5.3.*"
        
    

【问题讨论】：

请分享更多详细信息，例如您的 composer.json 中此脚本的配置

刚刚添加了我的 composer.json

【参考方案1】：

您的composer.json 中很可能有这样的内容：

  "scripts": 
    "auto-scripts": 
      "security-checker security:check": "script"
    
  

将"security-checker security:check": "script" 替换为"symfony check:security": "script"：

  "scripts": 
    "auto-scripts": 
      "symfony check:security": "script"
    
  

假设 symfony 二进制文件在您的 PATH 中，如果它没有指定二进制文件的完整路径（例如 "/home/my-username/symfony check:security": "script"）。

【讨论】：

其实我没有，只有这个："scripts": "auto-scripts": "cache:clear": "symfony-cmd", "assets:install %PUBLIC_DIR%": "symfony-cmd", "post-install-cmd": ["@auto-scripts"], "post-update-cmd": ["@auto-scripts"],

嗯，你可以从输出中看到post-install-cmd被调用了，它触发了auto-scripts，它又触发了security-checker security:check。你确定你向我们展示了正确的composer.json 吗？检查从哪个目录运行命令，以及该目录中是否没有composer.json。

我与 symfony 合作了很长时间，从来没有遇到过这个问题（即使我最初建立这个项目时也是如此），所以我真的不明白为什么。这是项目中唯一可用的composer.json，我确定我正在从正确的目录执行composer update。

你能把代码放到GitHub上吗？我认为不需要任何实际的源代码，因此src 目录可以为空（或者可能只是Kernel 类）。

好吧，我删除了我的 composer.phar、我的 composer.lock、我的供应商文件夹，清理 rm -rf 缓存，刷新我的缓存对于作曲家包，并重新安装所有东西，它工作......