Closed luilliarcec closed 2 months ago
patrickbrouwers
commented
2 months ago Your composer output shows it doesn't try above 3.1.45, which is not the latest version. Try to specificying ^3.1.56 and see which other dependency blocks the usage of any version above 3.1.45
luilliarcec
commented
2 months ago Hi @patrickbrouwers, thank you for your prompt reply.
Problem 1
- phpoffice/phpspreadsheet[1.18.0, ..., 1.28.0] require maennchen/zipstream-php ^2.1 -> found maennchen/zipstream-php[2.1.0, ..., 2.4.0] but the package is fixed to 3.1.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
- Root composer.json requires maatwebsite/excel ^3.1.56 -> satisfiable by maatwebsite/excel[3.1.56].
- roave/security-advisories dev-latest conflicts with phpoffice/phpspreadsheet 1.29.0.
- maatwebsite/excel 3.1.56 requires phpoffice/phpspreadsheet ^1.18 -> satisfiable by phpoffice/phpspreadsheet[1.18.0, ..., 1.29.0].
- roave/security-advisories is locked to version dev-latest and an update of this package was not requested.You are using maennchen/zipstream-php 3.1 version, which is not compatible with phpspreadsheet (it needs 2.1).
try adding the -W flag to the require to try and update that dependency.
bmoex
commented
2 months ago Its cause roave/security-advisories blocks the requirement due to use of "phpoffice/phpspreadsheet": "<2.2.1",.
patrickbrouwers
commented
2 months ago You'll have to either disable roave for now or wait till the backport fix has been merged
tuncaybahadir
commented
2 months ago The root cause of the problem is the use of version 1.18 of the phpoffice/phpspreadsheet package. Currently, 2 errors have been reported, 1 high risk and 1 low risk. phpoffice/phpspreadsheet versions before 2.2.1 and 2.1.0 are risky, an update is needed on this issue, or as friends say, we will ignore the risk (remove the roave/security-advisories package) and go about our business.
patrickbrouwers
commented
2 months ago Will probably be fixed in next days: https://github.com/PHPOffice/PhpSpreadsheet/pull/4154#issuecomment-2325197303
tuncaybahadir
commented
2 months ago Will probably be fixed in next days: PHPOffice/PhpSpreadsheet#4154 (comment)
@patrickbrouwers Wouldn't it be a faster solution if you update the PhpSpreadsheet version dependency (2.2.2) in the package? Why are we waiting?
patrickbrouwers
commented
2 months ago No. The security fix had been backported and will soon be tagged. If you wanna know why, please read all relevant PR's and issues, it's all explained there.
tuncaybahadir
commented
2 months ago No. The security fix had been backported and will soon be tagged. If you wanna know why, please read all relevant PR's and issues, it's all explained there.
@patrickbrouwers Thanks for the answer and update, but the problem still persists, because the phpspreadsheet 1.29.1 package is affected by vulnerabilities.
patrickbrouwers
commented
2 months ago It's not. Composer just needs to propagate the patch version
Is the bug applicable and reproducable to the latest version of the package and hasn't it been reported before?
What version of Laravel Excel are you using?
3.1.*
What version of Laravel are you using?
10.48.20
What version of PHP are you using?
8.3.10
Describe your issue
It is not possible to install version 3 in laravel 10 with PHP 8.3
How can the issue be reproduced?
Create a laravel application with the specified versions, try to install the package in version ^3.*.
It will always throw the same errors.
When passing without a specified version, it installs a very old version of the ^1.* package.
What should be the expected behaviour?