Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firebase/php-jwt conflicts with Roave/Security-advisories #244

Open
Lornz- opened this issue May 10, 2023 · 4 comments
Open

Firebase/php-jwt conflicts with Roave/Security-advisories #244

Lornz- opened this issue May 10, 2023 · 4 comments

Comments

@Lornz-
Copy link

Lornz- commented May 10, 2023

Hi! Thanks again for the awesome job you guys make to improve our experience with Wordpress and Gatsby.

I use composer to install and maintain all necessary plugins used in my current Wordpress instance. Lately, I made an update of all require dependencies and bumped to that one.

Problem

Current version of gatsby/wp-gatsby conflicts with roave/security-advisories dev-latest.

Problem 1
    - gatsbyjs/wp-gatsby[v2.3.0, ..., v2.3.3] require firebase/php-jwt ^5.2 -> satisfiable by firebase/php-jwt[v5.2.0, ..., v5.5.1].
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.5.1.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.5.0.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.4.0.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.3.0.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.2.1.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.2.0.
    - Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].
    - Root composer.json requires gatsbyjs/wp-gatsby ^2.3 -> satisfiable by gatsbyjs/wp-gatsby[v2.3.0, v2.3.1, v2.3.2, v2.3.3].

Steps to reproduce

composer update --with-dependencies

Proposed resolution

Update to the latest stable version of firebase/php-jwt which does not address multiple security vulnerabilities.
👉 https://github.com/gatsbyjs/wp-gatsby/blob/master/composer.json#LL33C6-L33C14
@Lornz- Lornz- changed the title Firebase conflicts with Roave/Security-advisories Firebase/php-jwt conflicts with Roave/Security-advisories May 10, 2023
@ThyNameIsMud
Copy link

@TylerBarnes This conflict is happening more and more. Would highly recommend updating this plugin and it's dependencies to maintain compatibility.

@TylerBarnes TylerBarnes self-assigned this Jul 12, 2023
@TylerBarnes
Copy link
Contributor

Thanks for the heads up! I've raised this issue internally to figure out if I should work on this or someone else. I've actually transitioned to a different team that doesn't own this, but I did build a lot of it and have the context on it. I'll keep yall updated when I know more

@ThyNameIsMud
Copy link

@TylerBarnes any chance of an update here?

@TylerBarnes TylerBarnes removed their assignment Feb 12, 2024
@Lornz-
Copy link
Author

Lornz- commented May 5, 2024

Hi! any update about it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Lornz- @ThyNameIsMud @TylerBarnes