Why would a composer update return suddenly this error?

Need Help
#1

Suddenly, I can’t update a project I am working on since 3 months.

Any reason why this would happen ?

Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires laravel/framework ^9.0, found laravel/framework[v9.0.0, ..., v9.52.21] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-8qx3-n5y5-vvnd") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.

composer.json

{
    "name": "october/october",
    "description": "Built using October CMS: The Laravel-Based CMS Engineered For Simplicity",
    "type": "project",
    "homepage": "https://octobercms.com",
    "license": "proprietary",
    "require": {
        "php": "^8.0.2",
        "october/rain": "^3.7",
        "laravel/framework": "^9.0",
        "october/all": "^3.7",
        "rainlab/user-plugin": "^3.2",
        "rainlab/builder-plugin": "^2.0",
        "offline/oc-forms-plugin": "^1.0",
        "rainlab/pages-plugin": "^2.1",
        "offline/oc-boxes-plugin": "^3.6",
        "rainlab/blog-plugin": "^1.7",
        "rainlab/blogvideo-plugin": "^1.1",
        "indikator/blogstat-plugin": "^1.0",
        "rainlab/userplus-plugin": "^2.0",
        "webbook/blogxtend-plugin": "^1.0",
        "rainlab/location-plugin": "^2.0",
        "responsiv/uploader-plugin": "^1.0",
        "rainlab/deploy-plugin": "^2.2",
        "simplesoftwareio/simple-qrcode": "~4",
        "responsiv/campaign-plugin": "^3.0",
        "delight-im/random": "^1.0",
        "egerstudios/markdowndocs-plugin": "^1.0",
        "deividas/announcementbar-plugin": "dev-master"
    },
    "require-dev": {
        "phpunit/phpunit": "^8.5|^9.0"
    },
    "scripts": {
        "post-root-package-install": [
            "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
        ],
        "post-create-project-cmd": [
            "@php artisan key:generate --ansi"
        ],
        "post-autoload-dump": [
            "System\\Console\\ComposerScript::postAutoloadDump"
        ],
        "post-update-cmd": [
            "System\\Console\\ComposerScript::postUpdateCmd"
        ],
        "pre-package-uninstall": [
            "System\\Console\\ComposerScript::prePackageUninstall"
        ],
        "test": [
            "phpunit --stop-on-failure"
        ]
    },
    "config": {
        "preferred-install": "dist",
        "allow-plugins": {
            "composer/installers": true
        }
    },
    "autoload": {
        "psr-4": {
            "System\\Console\\": "modules/system/console"
        }
    },
    "minimum-stability": "stable",
    "prefer-stable": true,
    "repositories": {
        "octobercms": {
            "type": "composer",
            "url": "https://gateway.octobercms.com",
            "only": [
                "october/*",
                "*-plugin",
                "*-theme"
            ]
        }
    }
}
#2

Hey @chris

This is because composer changed its behavior over night. They no longer allow you to update if there is a reported issue with one of the packages.

You can revert it to the previous behavior by adding this to your composer.json file:

{
    "config": {
        "audit": {
            "block-insecure": false
        }
    }
}
#3

damn composer!

tested and approved, thanks you @daft , as always :slight_smile:

1 Like