Firebase/php-jwt conflicts with Roave/Security-advisories

[Lornz-]

Hi! Thanks again for the awesome job you guys make to improve our experience with Wordpress and Gatsby.

I use composer to install and maintain all necessary plugins used in my current Wordpress instance. Lately, I made an update of all require dependencies and bumped to that one.

Problem

Current version of gatsby/wp-gatsby conflicts with roave/security-advisories dev-latest.

Problem 1
    - gatsbyjs/wp-gatsby[v2.3.0, ..., v2.3.3] require firebase/php-jwt ^5.2 -> satisfiable by firebase/php-jwt[v5.2.0, ..., v5.5.1].
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.5.1.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.5.0.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.4.0.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.3.0.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.2.1.
    - roave/security-advisories dev-latest conflicts with firebase/php-jwt v5.2.0.
    - Root composer.json requires roave/security-advisories dev-latest -> satisfiable by roave/security-advisories[dev-latest].
    - Root composer.json requires gatsbyjs/wp-gatsby ^2.3 -> satisfiable by gatsbyjs/wp-gatsby[v2.3.0, v2.3.1, v2.3.2, v2.3.3].

Steps to reproduce

composer update --with-dependencies

Proposed resolution

Update to the latest stable version of firebase/php-jwt which does not address multiple security vulnerabilities.
👉 https://github.com/gatsbyjs/wp-gatsby/blob/master/composer.json#LL33C6-L33C14

[ThyNameIsMud]

@TylerBarnes This conflict is happening more and more. Would highly recommend updating this plugin and it's dependencies to maintain compatibility.

[TylerBarnes]

Thanks for the heads up! I've raised this issue internally to figure out if I should work on this or someone else. I've actually transitioned to a different team that doesn't own this, but I did build a lot of it and have the context on it. I'll keep yall updated when I know more

[ThyNameIsMud]

@TylerBarnes any chance of an update here?

[Lornz-]

Hi! any update about it?

[MichLan90]

March 2025 still no updates... this is conflicting now with different packages, for us it is wp-graphql/wp-graphql-woocommerce

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires gatsbyjs/wp-gatsby ^2.3 -> satisfiable by gatsbyjs/wp-gatsby[v2.3.0, v2.3.1, v2.3.2, v2.3.3].
    - Root composer.json requires wp-graphql/wp-graphql-woocommerce ^0.12.0 -> satisfiable by wp-graphql/wp-graphql-woocommerce[v0.12.0, ..., v0.12.5].
    - firebase/php-jwt[v6.10.1, ..., v6.11.0] require php ^8.0 -> your php version (7.4; overridden via config.platform, actual: 8.4.4) does not satisfy that requirement.
    - gatsbyjs/wp-gatsby[v2.3.0, ..., v2.3.3] require firebase/php-jwt ^5.2 -> satisfiable by firebase/php-jwt[v5.2.0, ..., v5.5.1].
    - wp-graphql/wp-graphql-woocommerce[v0.12.0, ..., v0.12.5] require firebase/php-jwt ^6.1.0 -> satisfiable by firebase/php-jwt[v6.1.0, ..., v6.11.0].
    - You can only install one version of a package, so only one of these can be installed: firebase/php-jwt[v5.2.0, ..., v5.5.1, v6.1.0, ..., v6.11.0].