└─$ composer require tymon/jwt-auth
Using version ^0.5.12 for tymon/jwt-auth
./composer.json has been updated
Running composer update tymon/jwt-auth
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires tymon/jwt-auth ^0.5.12 -> satisfiable by tymon/jwt-auth[0.5.12].
- tymon/jwt-auth 0.5.12 requires illuminate/support ~5.0 -> found illuminate/support[v5.0.0, ..., 5.8.x-dev] but these were not loaded, likely because it conflicts with another require.
Installation failed, reverting ./composer.json and ./composer.lock to their original content.
I am trying to install Magento 2.3.5 using composer.
muk#muk:/var/www/html$ composer create-project --repository-url=https://repo.magento.com/ magento/project-community-edition=2.3.5 magento23
Creating a "magento/project-community-edition" project at "./magento23"
Installing magento/project-community-edition (2.3.5-p1)
- Installing magento/project-community-edition (2.3.5-p1): Loading from cache
Created project in /var/www/html/magento23
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 463 installs, 0 updates, 0 removals
- Installing magento/magento-composer-installer (0.1.13): Loading from cache
- Installing laminas/laminas-dependency-plugin (1.0.3): Loading from cache
Plugin installation failed (include(/var/www/html/magento23/vendor/laminas/laminas-dependency-plugin/src/DependencyRewriterPlugin.php): failed to open stream: No such file or directory), rolling back
- Removing laminas/laminas-dependency-plugin (1.0.3)
[ErrorException]
include(/var/www/html/magento23/vendor/laminas/laminas-dependency-plugin/src/DependencyRewriterPlugin.php): failed to open stream: No such file or directory
create-project [-s|--stability STABILITY] [--prefer-source] [--prefer-dist] [--repository REPOSITORY] [--repository-url REPOSITORY-URL] [--add-repository] [--dev] [--no-dev] [--no-custom-installers] [--no-scripts] [--no-progress] [--no-secure-http] [--keep-vcs] [--remove-vcs] [--no-install] [--ignore-platform-reqs] [--] [<package>] [<directory>] [<version>]
I am getting following error.
Plugin installation failed (include(/var/www/html/magento23/vendor/laminas/laminas-dependency-plugin/src/DependencyRewriterPlugin.php): failed to open stream: No such file or directory), rolling back
- Removing laminas/laminas-dependency-plugin (1.0.3)
My Composer version
muk#muk:/var/www/html$ composer --version
Composer version 1.10.5 2020-04-10 11:44:22
I am using VirtualBox with Shared folder.
How can I fix it?
Note: To fix it I stopped using shared folder. Now I keep the entire code in the VM and do not use shared folder. For file synching I am using mutagen.
if anyone runs into this issue, it looks to be a problem with virtualBox and shared folders. when unzipping files, they are not immediately available in the environment.
the solution is by rkamp and is also available here:
https://stackoverflow.com/a/66413857/1470145
in short, one needs to override unzip to add a brief delay after unzipping.
I thought I had the same issue, but turned out it was something else.
The upgrade went OK for me, for a sandbox/clean 2.3.4 install, and a client project running 2.3.4.
A few things:
This could possibly be an issue with your cache, try to clear your composer laminas cache (~/.composer/cache/files/laminas usually)
Although it would complain about that, you've possibly got unmet platform requirements (php version, etc.)
Try clearing your entire composer cache (~/.composer)
Double-check the repository URL (should it be 2.3.5 or 2.3.5-p1?)
Hope that helps
I created a new project using Sails.js and when I pushed it to github I am getting a security alert:
Upgrade lodash to version 4.17.13 or later
Problem is I can't seem to upgrade the lodash version. Sails is using "#sailshq/lodash": "^3.10.3" I tried yarn install lodash#4.17.13 but the yarn.lock still have the old version.
Anybody knows how to upgrade the lodash version?
Here is the full alert:
CVE-2019-10744
high severity
Vulnerable versions: < 4.17.13
Patched version: 4.17.13
Affected versions of lodash are vulnerable to Prototype Pollution.
The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Since Zend has been constantly publishing ZF3 versions of its core packages, I have problems getting my old ZF2 application to work.
If I run composer install with a valid composer.lock in place I get the follwing warnings with most ZF dependencies:
- Installing zendframework/zend-stdlib (2.7.7)
Downloading: 100%
Failed to download zendframework/zend-stdlib from dist: The checksum verification of the file failed (downloaded from https://packages.zendframework.com/composer/zendframework-zend-stdlib-2.7.7-19d9a4.zip)
Now trying to download from source
- Installing zendframework/zend-stdlib (2.7.7)
Cloning baa65aec7bc75260254b5f03447f0c16360f9e59
Since I’ve got a lot of dependencies like that, install/cloning takes forever and never finishes, cause my VM runs out of memory.
Now I tried to either run composer update or delete composer.lock and run composer install again. I even tried removing the packages.zendframework.com repo from composer.json, since Zend says, its not needed anymore.
However, due to the new ZF3 version, I get unresolvable requirements.
Example:
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- jhuet/zdt-logger-module dev-master requires zendframework/zend-developer-tools ^1.1.0 -> satisfiable by zendframework/zend-developer-tools[1.2.x-dev, 1.1.x-dev].
- Can only install one of: zendframework/zend-developer-tools[dev-master, 1.2.x-dev].
- Conclusion: don't install zendframework/zend-servicemanager 2.7.7
- Conclusion: don't install zendframework/zend-servicemanager 3.1.1
- Conclusion: don't install zendframework/zend-servicemanager 3.1.0
- Installation request for zendframework/zend-developer-tools dev-master -> satisfiable by zendframework/zend-developer-tools[dev-master].
- Conclusion: don't install zendframework/zend-servicemanager 2.7.6|install zendframework/zend-servicemanager 3.1.0
- Installation request for zfcampus/zf-apigility-admin ~1.0 -> satisfiable by zfcampus/zf-apigility-admin[1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7].
- Installation request for jhuet/zdt-logger-module dev-master -> satisfiable by jhuet/zdt-logger-module[dev-master].
- Installation request for zf-commons/zfc-rbac ~2.0 -> satisfiable by zf-commons/zfc-rbac[2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.4.2, v2.5.0, v2.5.1, v2.5.2, v2.5.3, v2.5.4, v2.5.5, v2.5.6].
- jhuet/zdt-logger-module dev-master requires zendframework/zend-servicemanager 3.* -> satisfiable by zendframework/zend-servicemanager[3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.1.0, 3.1.1].
- Can only install one of: zendframework/zend-servicemanager[3.0.0, 2.7.5].
- Can only install one of: zendframework/zend-servicemanager[3.0.1, 2.7.5].
- Can only install one of: zendframework/zend-servicemanager[3.0.2, 2.7.5].
- zendframework/zend-developer-tools 1.1.x-dev requires zendframework/zend-servicemanager ^2.7.5 || ^3.0.3 -> satisfiable by zendframework/zend-servicemanager[2.7.5, 2.7.6, 2.7.7, 3.0.3, 3.1.0, 3.1.1].
- Conclusion: don't install zendframework/zend-servicemanager 3.0.3
The consequences: I’m not able to get my ZF2 app into working condition anymore. How can I fix this?
This is my composer.json:
{
"name": "myapp",
"description": "My app",
"version": "1.5.0",
"require": {
"php": "~7.0",
"ext-intl": ">=1.1.0",
"ext-mbstring": "*",
"zendframework/zendframework": "~2.5",
"zf-commons/zfc-user": "~1.0",
"zf-commons/zfc-rbac": "~2.0",
"zendframework/zendoauth": "~2.0",
"zfcampus/zf-apigility": "~1.0",
"zfcampus/zf-development-mode": "~2.0",
"aws/aws-sdk-php-zf2": "~2.0",
"goalio/goalio-forgotpassword": "~1.0",
"maglnet/magl-markdown": "~1.4",
"ocramius/proxy-manager": "~1.0"
},
"require-dev": {
"zfcampus/zf-apigility-admin": "~1.0",
"zfcampus/zf-apigility-documentation": "~1.0",
"zendframework/zend-developer-tools": "dev-master",
"jhuet/zdt-logger-module": "dev-master",
"bjyoungblood/bjy-profiler": "dev-master"
}
}
I hope, this is solvable somehow without a lot of manual work.
These are issues you may always run into when you require something like dev-master. The best practice would be to stick to semantic version numbers and if a package maintainer follows the semantic versioning you shouldn't run into requiring packages with breaking changes.
In your case you rely on a dev-master version of "jhuet/zdt-logger-module". This one is recently updated to support ZF3. If you remove "jhuet/zdt-logger-module": "dev-master",, it seems to work for me.
To keep that package you need this: "jhuet/zdt-logger-module": "^0.3". This makes sure it doesn't load the newer 1.0.0 package that requires ZF3.
I want to update project for Asp.NET Web Api 2.2 (My project is Web Api 1.0). But Nuget doesn't update all package and i didn't find this problem's solve.
Can you help me for this problem ?
Failed Text:
Updating 'Microsoft.AspNet.WebApi.Core 4.0.30506.0' to 'Microsoft.AspNet.WebApi.Core 5.2.0' failed. Unable to find a version of 'Strathweb.CacheOutput' that is compatible with 'Microsoft.AspNet.WebApi.Core 5.2.0'.
It looks like the current build of Strathweb.CacheOutput (0.5.0) package is fixed to WebApi 4.0.30506.
You have 2 options:
Contact the package owner and ask them to allow the package to work with newer versions of WebApi
Use the command line for NuGet in Visual Studio to force the package update by specifying the -IgnoreDependencies argument
Either way, you will need a binding redirect for Microsoft.AspNet.WebApi.Core 4.0.30506.0 -> 5.2.0, depending on which option you use, NuGet may add this to your web.config for you.