Closed pbaum83 closed 1 year ago
Hey @pbaum83 - thanks for the heads up, this is known thing - here is the fix: https://docs.shipperhq.com/troubleshooting-magento-2-installations/#Installing_ShipperHQ_on_Magento_243_and_later
Is that the proper solution to fix the problem removing the magento/composer-dependency-version-audit-plugin libarary?
We were able to resolve the problem by doing the following:
composer require shipperhq/module-shipper:20.45.5 --no-plugins
@pbaum83 please see answer here noted by our lead Engineer Travis.
Hello,
Just an FYI: today I noticed the following error while running a build. It seems like the composer library might have been compromised.
Installing shipperhq/module-logger (20.5.0): Downloading (connecting...)···························Downloading (100%) ·········
[Exception]
Higher matching version 20.48.1 of shipperhq/module-shipper was found in public repository packagist.org
than 20.48.0 in private https://repo.magento.com/. Public package might've been taken over by a malicious entity,
please investigate and update package requirement to match the version from the private repository
Is there anything we can do to resolve this on our end?
We have specified the following versions in our install:
Thanks, -Paul