search

facebookarchive / facebook-for-magento2

* Pixel on all pages, which trigger events link, PageView, ViewContent, AddToCart, Initiatecheckout and Purchase.* In the background, Syncs the products from the merchants product catalog to Facebook Catalog.* Stores all the data, like pixel id, catalog id, business maanger id, on to the local database on the instance.
Other
46 stars 36 forks source link

[Bug]: Higher matching version 1.4.5 was found in public repository packagist.org #112

Open leeroybrun opened 2 years ago

leeroybrun commented 2 years ago

Contact Details

leeroy.brun@batiplus.ch

What happened?

When trying to install the magento extension from composer, the install fail with this error:

[Exception]
  Higher matching version 1.4.5 of facebook/facebook-for-magento2 was found in public repository packagist.org
                               than 1.4.4 in private https://repo.magento.com. Public package might've been taken over by a malicious entity,
                               please investigate and update package requirement to match the version from the private repository

Is it normal? Is it planned to update the version on https://repo.magento.com or should we do something on our side to bypass this?

Thank you for your help and have a great day!

Magento Version

2.4.4

Plugin Version

1.4.5

Relevant log output

[Exception]
  Higher matching version 1.4.5 of facebook/facebook-for-magento2 was found in public repository packagist.org
                               than 1.4.4 in private https://repo.magento.com. Public package might've been taken over by a malicious entity,
                               please investigate and update package requirement to match the version from the private repository

Code of Conduct

samueldemir commented 2 years ago

I think this is not a bug. It is more a security issue in magento itself. In default magento tries to load just from trustful repos like https://repo.magento.com.

In order to change this behaviour u can add temporary a canonical parameter to your composer.json:

"repositories": { "0": { "type": "composer", "url": "https://repo.magento.com/" } },

and change it temporary to:

"repositories": { "0": { "type": "composer", "url": "https://repo.magento.com/", "canonical": false } },

benhath commented 2 years ago

Magento Repo needs updating to 1.4.5, currently 1.4.4. Packagist and latest GitHub release is 1.4.5.

https://marketplace.magento.com/facebook-facebook-for-magento2.html

AboElnoor commented 2 years ago

Quick fix during waiting for the vendor to fix it.

You can exclude this extension from the Magento repository using the following line: "exclude": ["facebook/facebook-for-magento2"] in your composer.json file

So your repository section should be like the following:

"0": {
        "type": "composer",
        "url": "https://repo.magento.com/",
        "exclude": ["facebook/facebook-for-magento2"]
}

Then composer will start to use the higher version from packagist.

Read more about composer priority behavior. Repository priorities