Problem with TravisCI version matrix after updating to composer 2.0

Question

After updating to Composer 2.0 I got into problems on doing my Travis.

I have a TYPO3 Extension, that I want to test with multiple TYPO3 Versions. Till yesterday I could do this with composer require nimut/typo3-complete:$TYPO3_VERSION (coming from the version Matrix).

After the update I got following error/information.

Cannot update only a partial set of packages without a lock file present.
Installation failed, reverting ./composer.json to its original content.

As I have no composer.lock in my repository, I tested my pipeline with a composer install first, and then did the update. This is all fine until I go to the next version as the dependencies are different, and the composer.lock from the composer install cannot update the additional dependencies.

I have tried it with composer require --dev nimut/typo3-complete:^10.4 --with-all-dependencies the response from composer:

Problem 1
    - typo3/testing-framework is locked to version 4.15.2 and an update of this package was not requested.
    - typo3/testing-framework 4.15.2 requires typo3/cms-backend ^9.3 -> found typo3/cms-backend[v9.3.0, ..., 9.5.x-dev] but it conflicts with another require.
  Problem 2
    - symfony/http-client v5.1.7 requires symfony/http-client-contracts ^2.2 -> found symfony/http-client-contracts[dev-main, dev-master, v2.2.0, v2.3.1, 2.3.x-dev (alias of dev-master)] but it conflicts with another require.
    - nunomaduro/phpinsights v1.14.0 requires sensiolabs/security-checker ^6.0 -> satisfiable by sensiolabs/security-checker[v6.0.3].
    - sensiolabs/security-checker v6.0.3 requires symfony/http-client ^4.3|^5.0 -> satisfiable by symfony/http-client[v5.1.7].
    - nunomaduro/phpinsights is locked to version v1.14.0 and an update of this package was not requested.

Use the option --with-all-dependencies (-W) to allow upgrades, downgrades and removals for packages currently locked to specific versions.

The -W option is the one I'm trying out already. I have tried both -w and -W, no luck so far.

I'm not sure how to get around this problem yet, your input your be very helpful.

Link to .travis.yml https://github.com/AOEpeople/crawler/blob/master/.travis.yml#L50

Link to Travis Build where testing it out. https://travis-ci.org/github/AOEpeople/crawler/jobs/738603105#L1138

Answer 1

The issue with composer require was reported and fixed in PR 9336 on Composer's GitHub repository. It will be in Composer 2.0.2 just about to be released now. So you can upgrade to 2.0.2 and it should resolve your problem.

To explain why your workaround failed:

composer require nimut/typo3-complete:$TYPO3_VERSION edits the composer.json file to add "nimut/typo3-complete": "^$TYPO3_VERSION". Then it runs composer update nimut/typo3-complete, or (on Composer 1.x or 2.0.2+) a plain composer update if no lock file exists yet.

If you run a composer install without a lock file first, this executes a composer update because there is no lock file. The subsequent composer require then still edits the json file and now runs composer update nimut/typo3-complete because there is a lock file. Even with all the dependency options enabled, this may have a different outcome or even a conflict from running a plain composer update as you are restricting the update to only the new package and its dependencies.