Closed denis-zyk closed 2 years ago
Hi denis-zyk,
We have found there’s an issue installing ShipperHQ on the latest version of Magento 2.4.3 which can prevent the installation of newly-released versions some ShipperHQ modules. It’s an issue with composer - it’s not an issue with our software.
Following this change: "A new Composer plugin helps prevent dependency confusion and identifies malicious packages with the same names as internal packages on the public package repository. See the Adobe Releases New Composer Plugin with Magento 2.4.3 Release blog post."
When module-shipper is attempted to be installed you'll be presented with the error in your screenshot.
Impact This will affect any of our extensions that are listed on both Magento Marketplace and Packagist:
So at the moment (at the time this issue was posted, and for a short time immediately following the release of new versions), users on 2.4.3 can’t install ShipperHQ simply by following the installation instructions.
To Install Magento has explained the offending security module is optional and can be uninstalled. Some customers will balk at that, but at least it's something. So if the customer is game for it, they can run composer remove magento/composer-dependency-version-audit-plugin, after which the SHQ modules install without issue.
If you don't wish to go that route, waiting a week for the new release to also be updated in the Magento Marketplace and attempting to install again should be successful.
We've added these installation troubleshooting steps to our knowledgebase.
composer install
process.We strongly recommend that extension developers avoid such situations and do not publish newer versions publicly than those available through repo.magento.com.
When trying to upgrade ShipperHQ modules with composer, the error occurs as seen on the screenshot above ☝️
Here is the official Mangeto support article: https://support.magento.com/hc/en-us/articles/4410675867917-Composer-plugin-against-Dependency-Confusion-attacks