security vulnerability PKSA-y2cr-5h3j-g3ys
We can't run composer upgrade due to vulnerabilities
amasty/module-import-export-subscription-package-premium[1.9.0, ..., 1.12.0, 2.0.0, ..., 2.1.2] require amasty/module-import-export >=1.9.0 -> satisfiable by amasty/module-import-export[1.9.0, ..., 1.12.0, 2.0.0, ..., 2.2.0].
- amasty/module-import-export-subscription-package-premium 2.1.3 requires amasty/module-import-export >=2.1.2 -> satisfiable by amasty/module-import-export[2.1.2, 2.1.3, 2.2.0].
- amasty/module-import-export-subscription-package-premium 2.2.0 requires amasty/module-import-export >=2.2.0 -> satisfiable by amasty/module-import-export[2.2.0].
- amasty/module-import-pro 1.6.0 requires php ^7.3.0 -> your php version (8.1.34) does not satisfy that requirement.
- amasty/module-product-import[1.2.0, ..., 1.4.0] require php ^7.3.0 -> your php version (8.1.34) does not satisfy that requirement.
- amasty/module-import-pro[1.6.1, ..., 1.9.0, 2.0.0, ..., 2.1.0] require google/apiclient ^2.0 -> satisfiable by google/apiclient[v2.0.0, ..., v2.19.0].
- amasty/module-order-import 2.0.1 requires amasty/module-import-pro >=1.7.1 -> satisfiable by amasty/module-import-pro[1.7.1, 1.8.0, 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import[1.8.0, ..., 1.10.0, 2.0.0, ..., 2.0.2] require amasty/module-import-pro >=1.7.1 -> satisfiable by amasty/module-import-pro[1.7.1, 1.8.0, 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-order-import 2.1.0 requires amasty/module-import-pro >=2.1.0 -> satisfiable by amasty/module-import-pro[2.1.0].
- amasty/module-product-import 2.1.0 requires amasty/module-import-pro >=2.1.0 -> satisfiable by amasty/module-import-pro[2.1.0].
- amasty/module-product-import[1.0.0, ..., 1.1.1] require php ^7.1.0 -> your php version (8.1.34) does not satisfy that requirement.
- amasty/module-product-import 1.4.1 requires amasty/module-import-pro >=1.6.0 -> satisfiable by amasty/module-import-pro[1.6.0, ..., 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import[1.4.2, ..., 1.4.4] require amasty/module-import-pro >=1.6.1 -> satisfiable by amasty/module-import-pro[1.6.1, ..., 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import[1.5.0, ..., 1.6.0] require amasty/module-import-pro >=1.6.3 -> satisfiable by amasty/module-import-pro[1.6.3, ..., 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import 1.7.0 requires amasty/module-import-pro >=1.7.0 -> satisfiable by amasty/module-import-pro[1.7.0, 1.7.1, 1.8.0, 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- google/apiclient[v2.0.0, ..., v2.0.3] require firebase/php-jwt ~2.0|~3.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.1.0, ..., v2.1.3] require firebase/php-jwt ~2.0|~3.0|~4.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0, v4.0.0] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.2.0, ..., v2.12.1] require firebase/php-jwt ~2.0||~3.0||~4.0||~5.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0, v4.0.0, v5.0.0, ..., v5.5.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.12.2, ..., v2.14.0] require firebase/php-jwt ~2.0||~3.0||~4.0||~5.0||~6.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0, v4.0.0, v5.0.0, ..., v5.5.1, v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.15.0, ..., v2.16.1] require firebase/php-jwt ~6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.17.0, ..., v2.18.4] require firebase/php-jwt ^6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/auth[v1.35.0, ..., v1.49.0] require firebase/php-jwt ^6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient v2.19.0 requires google/auth ^1.37 -> satisfiable by google/auth[v1.37.0, ..., v1.50.0].
- google/auth v1.50.0 requires psr/log ^3.0 -> satisfiable by psr/log[3.0.0, 3.0.1, 3.0.2].
- Conclusion: don't install one of psr/log[3.0.2], opensearch-project/opensearch-php[2.0.0] (conflict analysis result)
- Conclusion: don't install amasty/module-import-export-subscription-package-premium[2.2.0] | install google/apiclient[v2.19.0] (conflict analysis result)
amasty/module-import-export-subscription-package-premium[1.9.0, ..., 1.12.0, 2.0.0, ..., 2.1.2] require amasty/module-import-export >=1.9.0 -> satisfiable by amasty/module-import-export[1.9.0, ..., 1.12.0, 2.0.0, ..., 2.2.0].
- amasty/module-import-export-subscription-package-premium 2.1.3 requires amasty/module-import-export >=2.1.2 -> satisfiable by amasty/module-import-export[2.1.2, 2.1.3, 2.2.0].
- amasty/module-import-export-subscription-package-premium 2.2.0 requires amasty/module-import-export >=2.2.0 -> satisfiable by amasty/module-import-export[2.2.0].
- amasty/module-import-pro 1.6.0 requires php ^7.3.0 -> your php version (8.1.34) does not satisfy that requirement.
- amasty/module-product-import[1.2.0, ..., 1.4.0] require php ^7.3.0 -> your php version (8.1.34) does not satisfy that requirement.
- amasty/module-import-pro[1.6.1, ..., 1.9.0, 2.0.0, ..., 2.1.0] require google/apiclient ^2.0 -> satisfiable by google/apiclient[v2.0.0, ..., v2.19.0].
- amasty/module-order-import 2.0.1 requires amasty/module-import-pro >=1.7.1 -> satisfiable by amasty/module-import-pro[1.7.1, 1.8.0, 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import[1.8.0, ..., 1.10.0, 2.0.0, ..., 2.0.2] require amasty/module-import-pro >=1.7.1 -> satisfiable by amasty/module-import-pro[1.7.1, 1.8.0, 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-order-import 2.1.0 requires amasty/module-import-pro >=2.1.0 -> satisfiable by amasty/module-import-pro[2.1.0].
- amasty/module-product-import 2.1.0 requires amasty/module-import-pro >=2.1.0 -> satisfiable by amasty/module-import-pro[2.1.0].
- amasty/module-product-import[1.0.0, ..., 1.1.1] require php ^7.1.0 -> your php version (8.1.34) does not satisfy that requirement.
- amasty/module-product-import 1.4.1 requires amasty/module-import-pro >=1.6.0 -> satisfiable by amasty/module-import-pro[1.6.0, ..., 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import[1.4.2, ..., 1.4.4] require amasty/module-import-pro >=1.6.1 -> satisfiable by amasty/module-import-pro[1.6.1, ..., 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import[1.5.0, ..., 1.6.0] require amasty/module-import-pro >=1.6.3 -> satisfiable by amasty/module-import-pro[1.6.3, ..., 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- amasty/module-product-import 1.7.0 requires amasty/module-import-pro >=1.7.0 -> satisfiable by amasty/module-import-pro[1.7.0, 1.7.1, 1.8.0, 1.9.0, 2.0.0, 2.0.1, 2.1.0].
- google/apiclient[v2.0.0, ..., v2.0.3] require firebase/php-jwt ~2.0|~3.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.1.0, ..., v2.1.3] require firebase/php-jwt ~2.0|~3.0|~4.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0, v4.0.0] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.2.0, ..., v2.12.1] require firebase/php-jwt ~2.0||~3.0||~4.0||~5.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0, v4.0.0, v5.0.0, ..., v5.5.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.12.2, ..., v2.14.0] require firebase/php-jwt ~2.0||~3.0||~4.0||~5.0||~6.0 -> found firebase/php-jwt[2.0.0, v2.1.0, v2.2.0, v3.0.0, v4.0.0, v5.0.0, ..., v5.5.1, v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys", "PKSA-2kqm-ps5x-s4f5"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.15.0, ..., v2.16.1] require firebase/php-jwt ~6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient[v2.17.0, ..., v2.18.4] require firebase/php-jwt ^6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/auth[v1.35.0, ..., v1.49.0] require firebase/php-jwt ^6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- google/apiclient v2.19.0 requires google/auth ^1.37 -> satisfiable by google/auth[v1.37.0, ..., v1.50.0].
- google/auth v1.50.0 requires psr/log ^3.0 -> satisfiable by psr/log[3.0.0, 3.0.1, 3.0.2].
- Conclusion: don't install one of psr/log[3.0.2], opensearch-project/opensearch-php[2.0.0] (conflict analysis result)
- Conclusion: don't install amasty/module-import-export-subscription-package-premium[2.2.0] | install google/apiclient[v2.19.0] (conflict analysis result)
Topic Participants
Guillaume
Vita Barkova