Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Your requirements could not be resolved to an installable set of packages #2963

Closed
RobertEcker opened this issue Oct 8, 2023 · 7 comments
Closed

Your requirements could not be resolved to an installable set of packages #2963

RobertEcker opened this issue Oct 8, 2023 · 7 comments

Comments

@RobertEcker
Copy link

RobertEcker commented Oct 8, 2023
edited
Loading

Problem description

I use latest WAMP server. I do not have a real domain so far.
PHP version: PHP 8.2.11 (cli) (built: Sep 26 2023 15:25:31) (ZTS Visual C++ 2019 x64)

Code to reproduce

composer install

Debug output

No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

Problem 1
- phpmailer/phpmailer is present at version 1.0.0+no-version-set and cannot be modified by Composer
- roave/security-advisories dev-latest conflicts with phpmailer/phpmailer <6.5.
- Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].
@RobertEcker
Copy link
Author

#1745
this helped to create a new composer.json
rm composer.json (I used "del composer.json" on Windows)
composer init
composer require phpmailer/phpmailer

but why does not work the original one?

@Nessworthy
Copy link

Nessworthy commented Oct 8, 2023
edited
Loading

Without seeing your original composer.json file it's going to be hard to see exactly where the problem is coming from, but:

  • phpmailer/phpmailer is present at version 1.0.0+no-version-set and cannot be modified by Composer
  • roave/security-advisories dev-latest conflicts with phpmailer/phpmailer <6.5.

roave/security-advisories is a meta-package which prevent systems from installing packages with known vulnerabilities. The way it does this is by declaring it is only compatible with non-vulnerable versions (e.g. in this case, phpmailer/phpmailer>=6.5)

From what I've seen, most likely:

  1. You have downloaded a version of phpmailer/phpmailer not from composer which doesn't have its own composer.json in the package (or it does, but it does not have a set version key).
  2. Because it has no version, it's treated as being at version 1.0.0+no-version-set by composer.
  3. Since roave/security-advisories treats PHPMailer versions lower than 6.5 as vulnerable, composer treats it as a conflicting package, and will trigger the error you see during package dependency checks.

but why does not work the original one?

  1. Because you removed the existing composer.json file, you deleted the reference to the security package roave/security-advisories. Without it, you will not see any conflict warnings when attempting to install what it thinks are vulnerable packages / package versions.
  2. When you run composer require phpmailer/phpmailer, you are (re-)installing the package using composer, which will have the package version declared properly. So even if you did have roave/security-advisories installed, you would not see the same issue.

Where / how did you install the phpmailer package originally?

@Nessworthy
Copy link

Just as an update to this, I have noticed that phpmailer releases on github, which do contain composer.json files, do not contain a version field.

How are new versions released with phpmailer? Would want to throw in something like composer config version "x.y.z" if it's scripted in order to prevent future problems like this.

@RobertEcker
Copy link
Author

the composer.json file is downloaded from the master itself:

{
    "name": "phpmailer/phpmailer",
    "type": "library",
    "description": "PHPMailer is a full-featured email creation and transfer class for PHP",
    "authors": [
        {
            "name": "Marcus Bointon",
            "email": "[email protected]"
        },
        {
            "name": "Jim Jagielski",
            "email": "[email protected]"
        },
        {
            "name": "Andy Prevost",
            "email": "[email protected]"
        },
        {
            "name": "Brent R. Matzelle"
        }
    ],
    "funding": [
        {
            "url": "https://github.com/Synchro",
            "type": "github"
        }
    ],
    "config": {
        "allow-plugins": {
            "dealerdirect/phpcodesniffer-composer-installer": true
        }
    },
    "require": {
        "php": ">=5.5.0",
        "ext-ctype": "*",
        "ext-filter": "*",
        "ext-hash": "*"
    },
    "require-dev": {
        "dealerdirect/phpcodesniffer-composer-installer": "^1.0",
        "doctrine/annotations": "^1.2.6 || ^1.13.3",
        "php-parallel-lint/php-console-highlighter": "^1.0.0",
        "php-parallel-lint/php-parallel-lint": "^1.3.2",
        "phpcompatibility/php-compatibility": "^9.3.5",
        "roave/security-advisories": "dev-latest",
        "squizlabs/php_codesniffer": "^3.7.2",
        "yoast/phpunit-polyfills": "^1.0.4"
    },
    "suggest": {
        "ext-mbstring": "Needed to send email in multibyte encoding charset or decode encoded addresses",
        "ext-openssl": "Needed for secure SMTP sending and DKIM signing",
        "greew/oauth2-azure-provider": "Needed for Microsoft Azure XOAUTH2 authentication",
        "hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication",
        "league/oauth2-google": "Needed for Google XOAUTH2 authentication",
        "psr/log": "For optional PSR-3 debug logging",
        "thenetworg/oauth2-azure": "Needed for Microsoft XOAUTH2 authentication",
        "symfony/polyfill-mbstring": "To support UTF-8 if the Mbstring PHP extension is not enabled (^1.2)"
    },
    "autoload": {
        "psr-4": {
            "PHPMailer\\PHPMailer\\": "src/"
        }
    },
    "autoload-dev": {
        "psr-4": {
            "PHPMailer\\Test\\": "test/"
        }
    },
    "license": "LGPL-2.1-only",
    "scripts": {
        "check": "./vendor/bin/phpcs",
        "test": "./vendor/bin/phpunit --no-coverage",
        "coverage": "./vendor/bin/phpunit",
        "lint": [
            "@php ./vendor/php-parallel-lint/php-parallel-lint/parallel-lint . --show-deprecated -e php,phps --exclude vendor --exclude .git --exclude build"
        ]
    }
}

@RobertEcker
Copy link
Author

RobertEcker commented Oct 8, 2023
edited
Loading

the new composer file (which at least works for downloading the vendor files):

{
    "name": "myhost/php-mailer",
    "autoload": {
        "psr-4": {
            "Myhost\\PhpMailer\\": "src/"
        }
    },
    "require": {
        "phpmailer/phpmailer": "^6.8"
    }
}

@RobertEcker
Copy link
Author

@Nessworthy you are right, I manually downloaded via Download ZIP and execute composer install/update - not via composer

@Synchro
Copy link
Member

Synchro commented Oct 8, 2023

Just as an update to this, I have noticed that phpmailer releases on github, which do contain composer.json files, do not contain a version field.

This is true, and it's in line with composer's recommendations. It can get the version from the version tag for the package, which is much less effort to maintain.

@Synchro Synchro closed this as completed Nov 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Synchro @Nessworthy @RobertEcker