search

shipperhq / module-address-autocomplete

ShipperHQ Address Autocomplete for Magento 2
Open Software License 3.0
15 stars 20 forks source link

Issue with magento/composer-dependency-version-audit-plugin #35

Closed Green2Matter closed 2 years ago

Green2Matter commented 2 years ago

I've tried autocomplete module but I encountered issues with composer-dependency-version-audit-plugin

[Exception]                                                                                                                                    
  Higher matching version 20.5.0 of shipperhq/module-address-autocomplete was found in public repository packagist.org                           
                               than 20.4.0 in private https://repo.magento.com. Public package might've been taken over by a malicious entity,   
                               please investigate and update package requirement to match the version from the private repository

Plus total fail when using composer update as described in: https://github.com/magento/magento2/issues/34390#issuecomment-988710259

PeterElkoShipperHQ commented 2 years ago

Hi @Green2Matter, Thank you for contacting us regarding this issue with installing the autocomplete module. We have seen this with the latest version of Magento. We have spoken with Magento and the offending module is optional and can be removed by running the below command.

composer remove magento/composer-dependency-version-audit-plugin

This will allow you to install the autocomplete module as expected.

Green2Matter commented 2 years ago

Hi @PeterElkoShipperHQ I know that module can be removed but it's like disabling safety feature. Can't you have same software versions on all repos? I've tried to reinstall with following result (composer 2):

autocomplete failed installation
wsadasmit commented 2 years ago

Hi @Green2Matter, here's some detail that can help you to get past this issue:

it should be fine to reinstall the security module after completing the SHQ installation. My understanding is that it just checks version numbers when installing so there shouldn't be any impact on behavior once installed.

Alternatively, if you wait (this can take a few days) and try installing again, it should allow the install with the security module still in place. (This issue occurs for a brief time immediately after a new SHQ module release, and is resolved once that release makes it onto the Magento Marketplace.)

https://github.com/webshopapps/module-matrixrate/issues/104#issuecomment-1074321132