couscous/couscous is broken #1
Description
This action no longer works (https://github.com/thecodingmachine/tdbm/actions/runs/20962499806/job/60243359370):
Relevant log output
#6 [2/4] RUN composer global require couscous/couscous
#6 0.160 Changed current directory to /tmp
#6 0.565 ./composer.json has been created
#6 0.775 Running composer update couscous/couscous
#6 0.778 Loading composer repositories with package information
#6 1.574 Updating dependencies
#6 3.382 Your requirements could not be resolved to an installable set of packages.
#6 3.382
#6 3.382 Problem 1
#6 3.382 - Root composer.json requires couscous/couscous * -> satisfiable by couscous/couscous[0.1.0, ..., 0.3.3, 1.0.0, ..., 1.10.0].
#6 3.382 - couscous/couscous[0.1.0, ..., 0.3.3] require twig/twig ~1.0 -> found twig/twig[1.3.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-6cvh-gt46-wq7q", "PKSA-19rw-dqx2-75hc", "PKSA-g1zx-twcw-9z6k"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous[1.0.0, ..., 1.1.3] require symfony/process ~2.4 -> found symfony/process[v2.4.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous[1.9.0, ..., 1.10.0] require twig/twig ^1.44 -> found twig/twig[v1.44.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous[1.1.4, ..., 1.5.0] require symfony/process ~2.6 -> found symfony/process[v2.6.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous[1.5.1, ..., 1.6.1] require symfony/process ~2.6|~3.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous[1.6.2, ..., 1.6.3] require symfony/process ~2.6|~3.0|~4.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous[1.7.0, ..., 1.7.3] require symfony/process ~3.0|~4.0 -> found symfony/process[v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382 - couscous/couscous 1.8.0 requires twig/twig ~1.10 -> found twig/twig[v1.10.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-6cvh-gt46-wq7q", "PKSA-19rw-dqx2-75hc", "PKSA-g1zx-twcw-9z6k"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.382
#6 3.384 You can also try re-running composer require with an explicit version constraint, e.g. "composer require couscous/couscous:*" to figure out if any version is installable, or "composer require couscous/couscous:^2.1" if you know which you need.
#6 3.384
#6 3.384 Installation failed, deleting ./composer.json.
#6 ERROR: process "/bin/sh -c composer global require couscous/couscous" did not complete successfully: exit code: 2
------
> [2/4] RUN composer global require couscous/couscous:
3.382 - couscous/couscous[1.9.0, ..., 1.10.0] require twig/twig ^1.44 -> found twig/twig[v1.44.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.382 - couscous/couscous[1.1.4, ..., 1.5.0] require symfony/process ~2.6 -> found symfony/process[v2.6.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.382 - couscous/couscous[1.5.1, ..., 1.6.1] require symfony/process ~2.6|~3.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.382 - couscous/couscous[1.6.2, ..., 1.6.3] require symfony/process ~2.6|~3.0|~4.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.382 - couscous/couscous[1.7.0, ..., 1.7.3] require symfony/process ~3.0|~4.0 -> found symfony/process[v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.382 - couscous/couscous 1.8.0 requires twig/twig ~1.10 -> found twig/twig[v1.10.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-6cvh-gt46-wq7q", "PKSA-19rw-dqx2-75hc", "PKSA-g1zx-twcw-9z6k"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.382
3.384 You can also try re-running composer require with an explicit version constraint, e.g. "composer require couscous/couscous:*" to figure out if any version is installable, or "composer require couscous/couscous:^2.1" if you know which you need.
3.384
3.384 Installation failed, deleting ./composer.json.
------
Dockerfile:4
--------------------
2 | FROM composer
3 |
4 | >>> RUN composer global require couscous/couscous
5 |
6 | ADD entrypoint.sh /entrypoint.sh
--------------------
ERROR: failed to build: failed to solve: process "/bin/sh -c composer global require couscous/couscous" did not complete successfully: exit code: 2
Warning: Docker build failed with exit code 1, back off 9.797 seconds before retry.
/usr/bin/docker build -t 54828f:5440e63818b145658926bf9f174d7cc3 -f "/home/runner/work/_actions/CouscousPHP/GitHub-Action/v1/Dockerfile" "/home/runner/work/_actions/CouscousPHP/GitHub-Action/v1"
#0 building with "default" instance using docker driver
#1 [internal] load build definition from Dockerfile
#1 transferring dockerfile: 192B done
#1 DONE 0.0s
#2 [internal] load metadata for docker.io/library/composer:latest
#2 DONE 0.1s
#3 [internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s
#4 [1/4] FROM docker.io/library/composer:latest@sha256:631d7c9ef9cca5fd2f87f691bb9175c89df3c69fbced73148314c11df270a108
#4 CACHED
#5 [internal] load build context
#5 transferring context: 34B done
#5 DONE 0.0s
#6 [2/4] RUN composer global require couscous/couscous
#6 0.157 Changed current directory to /tmp
#6 0.562 ./composer.json has been created
#6 0.766 Running composer update couscous/couscous
#6 0.768 Loading composer repositories with package information
#6 1.496 Updating dependencies
#6 3.280 Your requirements could not be resolved to an installable set of packages.
#6 3.280
#6 3.280 Problem 1
#6 3.280 - Root composer.json requires couscous/couscous * -> satisfiable by couscous/couscous[0.1.0, ..., 0.3.3, 1.0.0, ..., 1.10.0].
#6 3.280 - couscous/couscous[0.1.0, ..., 0.3.3] require twig/twig ~1.0 -> found twig/twig[1.3.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-6cvh-gt46-wq7q", "PKSA-19rw-dqx2-75hc", "PKSA-g1zx-twcw-9z6k"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous[1.0.0, ..., 1.1.3] require symfony/process ~2.4 -> found symfony/process[v2.4.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous[1.9.0, ..., 1.10.0] require twig/twig ^1.44 -> found twig/twig[v1.44.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous[1.1.4, ..., 1.5.0] require symfony/process ~2.6 -> found symfony/process[v2.6.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous[1.5.1, ..., 1.6.1] require symfony/process ~2.6|~3.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous[1.6.2, ..., 1.6.3] require symfony/process ~2.6|~3.0|~4.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous[1.7.0, ..., 1.7.3] require symfony/process ~3.0|~4.0 -> found symfony/process[v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280 - couscous/couscous 1.8.0 requires twig/twig ~1.10 -> found twig/twig[v1.10.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-6cvh-gt46-wq7q", "PKSA-19rw-dqx2-75hc", "PKSA-g1zx-twcw-9z6k"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
#6 3.280
#6 3.282 You can also try re-running composer require with an explicit version constraint, e.g. "composer require couscous/couscous:*" to figure out if any version is installable, or "composer require couscous/couscous:^2.1" if you know which you need.
#6 3.282
#6 3.282 Installation failed, deleting ./composer.json.
#6 ERROR: process "/bin/sh -c composer global require couscous/couscous" did not complete successfully: exit code: 2
------
> [2/4] RUN composer global require couscous/couscous:
3.280 - couscous/couscous[1.9.0, ..., 1.10.0] require twig/twig ^1.44 -> found twig/twig[v1.44.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.280 - couscous/couscous[1.1.4, ..., 1.5.0] require symfony/process ~2.6 -> found symfony/process[v2.6.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.280 - couscous/couscous[1.5.1, ..., 1.6.1] require symfony/process ~2.6|~3.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.280 - couscous/couscous[1.6.2, ..., 1.6.3] require symfony/process ~2.6|~3.0|~4.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.280 - couscous/couscous[1.7.0, ..., 1.7.3] require symfony/process ~3.0|~4.0 -> found symfony/process[v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories ("PKSA-wws7-mr54-jsny"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.280 - couscous/couscous 1.8.0 requires twig/twig ~1.10 -> found twig/twig[v1.10.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky", "PKSA-6319-ffpf-gx66", "PKSA-n7sg-8f52-pqtf", "PKSA-6cvh-gt46-wq7q", "PKSA-19rw-dqx2-75hc", "PKSA-g1zx-twcw-9z6k"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
3.280
3.282 You can also try re-running composer require with an explicit version constraint, e.g. "composer require couscous/couscous:*" to figure out if any version is installable, or "composer require couscous/couscous:^2.1" if you know which you need.
3.282
3.282 Installation failed, deleting ./composer.json.
------
Dockerfile:4
--------------------
2 | FROM composer
3 |
4 | >>> RUN composer global require couscous/couscous
5 |
6 | ADD entrypoint.sh /entrypoint.sh
--------------------
ERROR: failed to build: failed to solve: process "/bin/sh -c composer global require couscous/couscous" did not complete successfully: exit code: 2
This is because couscous/couscous relies on package with security advisories.
Possible fixes
Add --no-security-blocking
We could add --no-security-blocking to the composer global require couscous/couscous:
Wait for couscous/couscous to be fixed
It was not updated for 3 years, but maybe it will be updated one day. Raised issue on CouscousPHP/Couscous#271.
Downgrade composer version
Previously composer did not block this, so downgrading to the latest known working version could be an option.
Latest working version is 2.8.12:
❯ sudo composer self-update 2.8.12
Composer could not detect the root package (project/coucous) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
Upgrading to version 2.8.12 (stable channel).
Use composer self-update --rollback to return to version 2.9.2
/tmp/coucous via 🐘 v8.3.6 took 5s
❯ composer require couscous/couscous
Composer could not detect the root package (project/coucous) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
./composer.json has been updated
Composer could not detect the root package (project/coucous) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
Running composer update couscous/couscous
Loading composer repositories with package information
Updating dependencies
Lock file operations: 29 installs, 0 updates, 0 removals
- Locking couscous/couscous (1.10.0)
[...]
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 29 installs, 0 updates, 0 removals
[...]
- Installing couscous/couscous (1.10.0): Extracting archive
2 package suggestions were added by new dependencies, use `composer suggest` to see details.
[...]
Found 3 security vulnerability advisories affecting 2 packages.
Run "composer audit" for a full list of advisories.
Using version ^1.10 for couscous/couscous
Next version (2.9.0) breaks:
/tmp/coucous via 🐘 v8.3.6 took 5s
❯ composer require couscous/couscous
Composer could not detect the root package (project/coucous) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
./composer.json has been updated
Composer could not detect the root package (project/coucous) version, defaulting to '1.0.0'. See https://getcomposer.org/root-version
Running composer update couscous/couscous
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires couscous/couscous * -> satisfiable by couscous/couscous[0.1.0, ..., 0.3.3, 1.0.0, ..., 1.10.0].
- couscous/couscous[0.1.0, ..., 0.3.3] require twig/twig ~1.0 -> found twig/twig[1.3.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous[1.0.0, ..., 1.1.3] require symfony/process ~2.4 -> found symfony/process[v2.4.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-rkkf-636k-qjb3", "PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous[1.9.0, ..., 1.10.0] require twig/twig ^1.44 -> found twig/twig[v1.44.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous[1.1.4, ..., 1.5.0] require symfony/process ~2.6 -> found symfony/process[v2.6.0, ..., v2.8.52] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-rkkf-636k-qjb3", "PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous[1.5.1, ..., 1.6.1] require symfony/process ~2.6|~3.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-rkkf-636k-qjb3", "PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous[1.6.2, ..., 1.6.3] require symfony/process ~2.6|~3.0|~4.0 -> found symfony/process[v2.6.0, ..., v2.8.52, v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-rkkf-636k-qjb3", "PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous[1.7.0, ..., 1.7.3] require symfony/process ~3.0|~4.0 -> found symfony/process[v3.0.0, ..., v3.4.47, v4.0.0, ..., v4.4.44] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-rkkf-636k-qjb3", "PKSA-wws7-mr54-jsny") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
- couscous/couscous 1.8.0 requires twig/twig ~1.10 -> found twig/twig[v1.10.0, ..., v1.44.8] but these were not loaded, because they are affected by security advisories. To ignore the advisories, add ("PKSA-yhcn-xrg3-68b1", "PKSA-2wrf-1xmk-1pky") to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
You can also try re-running composer require with an explicit version constraint, e.g. "composer require couscous/couscous:*" to figure out if any version is installable, or "composer require couscous/couscous:^2.1" if you know which you need.
Installation failed, reverting ./composer.json and ./composer.lock to their original content.