Composer 2.1.8

[mortenbirkelund]

The plugin doesn't seem to be compatible with 2.1.6 and up. The plugin is not modifying composer.json unless I roll back to composer 2.1.5

[pdohogne-magento]

@mortenbirkelund You are correct, this was discovered recently (https://github.com/magento/magento2/issues/34137) and is being worked on. Composer changed plugin loading for the default commands, meaning this plugin was locked out.

[mortenbirkelund]

@pdohogne-magento thanks for the quick reply. Apparently I need to work on my Google skills, as I didn't find that issue myself. I will downgrade for now.

[sippsolutions]

We currently have the issue that we cannot setup our projects because our security checker detects CVE-2021-41116 in Composer 2.0 and the root-update-plugin prevents it from upgrading to Composer 2.1.

This issue is fixed with commit ee5d5949897eb8e89e67257e802e9d0d374a6e63 (by loosening the composer/composer requirement from >2.0 <2.1 to ^2.0) but unfortunately no new version tag was created.

@pdohogne-magento can you create one please, or at least fix this in 1.1.x asap? Thanks in advance!

[pdohogne-magento]

@sippsolutions My apologies, the 2.0.0 tag has now been created with the changes.

[pdohogne-magento]

@mortenbirkelund This could not be fixed in 1.1.x because of a change made in Composer 2.1.6 making it no longer possible to attach the required functionality to the native composer require command. Instead, version 2.0.0 of this plugin has introduced a new composer require-commerce command which extends the native require functionality. It works the same way as it did before, just using composer require-commerce instead of composer require for when you need to update the magento/product-* or magento/magento-cloud-metapackage requirement. Plugin-specific CLI parameters have also been renamed to remove outdated branding, but I expect that's less likely to affect you (if it does, the option list can be found by running composer require-commerce --help).