Magento 2.4.7-p1 compatibility

[dszczerbinskii]

Preconditions (*)

1. Magento 2.4.7-p1
2. Meta 1.3.1 version

Steps to reproduce (*)

1. Try to update Magento 2 from 2.4.7 to 2.4.7-p1

Expected result (*)

I can easily install this extension on the Magento 2.4.7 version.

Actual result (*)

    - meta/meta-for-magento2 1.3.1 requires meta/module-sales 1.3.1 -> satisfiable by meta/module-sales[1.3.1].
    - meta/meta-for-magento2[1.1.0, ..., 1.1.1] require meta/module-sales 1.1.* -> satisfiable by meta/module-sales[1.1.0, 1.1.1].
    - meta/meta-for-magento2 1.3.0 requires meta/module-business-extension 1.3.0 -> satisfiable by meta/module-business-extension[1.3.0].
    - meta/meta-for-magento2 1.2.6 requires meta/module-business-extension 1.2.6 -> satisfiable by meta/module-business-extension[1.2.6].
    - meta/meta-for-magento2[1.2.0, ..., 1.2.2] require meta/module-business-extension 1.2.* -> satisfiable by meta/module-business-extension[1.2.0, ..., 1.2.6].
    - meta/meta-for-magento2 1.2.5 requires meta/module-business-extension 1.2.5 -> satisfiable by meta/module-business-extension[1.2.5].
    - meta/meta-for-magento2 1.2.4 requires meta/module-business-extension 1.2.4 -> satisfiable by meta/module-business-extension[1.2.4].
    - meta/meta-for-magento2 1.2.3 requires meta/module-business-extension 1.2.3 -> satisfiable by meta/module-business-extension[1.2.3].
    - meta/module-sales 1.3.1 requires magento/framework >=103.0.2 <=103.0.7 -> satisfiable by magento/framework[103.0.2, ..., 103.0.7].
    - meta/module-sales[1.1.0, ..., 1.1.1] require magento/framework >=103.0.4 <=103.0.6-p1 -> satisfiable by magento/framework[103.0.4, ..., 103.0.6-p1].
    - meta/module-business-extension[1.2.2, ..., 1.3.0] require magento/framework-message-queue >=100.4.2 <100.4.7 -> satisfiable by magento/framework-message-queue[100.4.2, ..., 100.4.6].
    - meta/module-business-extension[1.2.0, ..., 1.2.1] require magento/framework-message-queue >=100.4.4 <=100.4.6 -> satisfiable by magento/framework-message-queue[100.4.4, 100.4.5, 100.4.6].
    - You can only install one version of a package, so only one of these can be installed: magento/framework[100.0.2, ..., 100.1.18, 101.0.0, ..., 101.0.12, 102.0.0, ..., 102.0.7-p3, 103.0.0, ..., 103.0.7-p1].
    - You can only install one version of a package, so only one of these can be installed: magento/framework-message-queue[100.0.2, ..., 100.4.7].
    - magento/product-community-edition 2.4.7-p1 requires magento/framework 103.0.7-p1 -> satisfiable by magento/framework[103.0.7-p1].
    - magento/product-community-edition 2.4.7-p1 requires magento/framework-message-queue 100.4.7 -> satisfiable by magento/framework-message-queue[100.4.7].
    - magento/product-enterprise-edition 2.4.7-p1 requires magento/product-community-edition 2.4.7-p1 -> satisfiable by magento/product-community-edition[2.4.7-p1].
    - Root composer.json requires magento/product-enterprise-edition 2.4.7-p1 -> satisfiable by magento/product-enterprise-edition[2.4.7-p1].
    - Root composer.json requires meta/meta-for-magento2 ^1.1 -> satisfiable by meta/meta-for-magento2[1.1.0, ..., 1.3.1].

[Echron]

This is quite urgent, I notice this module quite frequently holds us back from installing patches for Magento.

[kestraly]

It will break the checkout due to inline-scripts and nonces if installed and not in CSP report_only mode

[kc-netigo]

Is there an update or information on when a fix will be released?

[sol-loup]

Hey all, we're aware and working urgently with Adobe to help get a new build released. In the meantime, especially if you are trying to migrate to -p1 due to the recent Magento CVE -- you can manually install our extension into your App/Code directory, with significantly more lenient version restrictions than those provided by composer (*)

[Echron]

@sol-loup If there is a reason for this module to have constraints about Magento versions, then it seems that simply putting it in App/Code is not a sustainable solution, as it might break code. If you are sure that this does not break the code, the restrains can easily be removed, and a new version of this module can be deployed.

Are the fixes already committed? If so, a new tag and composer installation through this repository might be a solution for now.

[sol-loup]

@sol-loup If there is a reason for this module to have constraints about Magento versions, then it seems that simply putting it in App/Code is not a sustainable solution, as it might break code. If you are sure that this does not break the code, the restrains can easily be removed, and a new version of this module can be deployed.

Are the fixes already committed? If so, a new tag and composer installation through this repository might be a solution for now.

Currently Adobe's best practices recommend a cap on all dependencies, in order to ensure merchants do not install new magento versions and encounter incompatibilities (fail shut rather than fail open).

What we have found is that in particular for newer versions within the same release family (2.4.7-p* for example), this is not necessary. We are working with Adobe to release an update for this; thank you for your patience during this process.

[sol-loup]

Update for folks, version 1.3.2, with these restrictions lifted, is now available on composer