Open
Description
When using a third-party extension from a vendor that utilizes the subscription model, it appears that some vendors may lock access to updated versions of dependencies that are otherwise released publicly (e.g. amasty/module-mage-2.4.5-fix). This causes the Packagist version to be newer than the locked version available from the vendor.
This is effectively the same issue as reported here and in other repositories:
- Is there any benefit to this plugin when using Composer 2.x ? #6
- Do you accept PR to with new allowed vendor? #7
- Disable
magento/composer-dependency-version-audit-pluginAmpersandHQ/travis-vanilla-magento#27 - Error installing via composer fooman/sameorderinvoicenumber-implementation-m2#3
Some simple solutions that may work around this particular issue are:
- Remove the dependency on the
magento/composer-dependency-version-audit-plugin - Filter the packages available via a particular repository
- This could become a maintenance nightmare
- Renew your subscription to the vendor
Metadata
Assignees
Labels
No labels