Version
Composer 2.7+ blocks installation due to svg-sanitize advisory
Related to our issue: community-scripts/ProxmoxVE#9328
What happened?
When installing 2FAuth with Composer 2.7 or newer, the installation fails because the package enshrined/svg-sanitize is blocked by the new Composer security audit.
This happens even when following the official installation steps.
Error message
The package enshrined/svg-sanitize is affected by security advisories.
To ignore the advisories, add ("PKSA-4g5g-4rkv-myqs") to the audit "ignore" config.
Steps to reproduce
- Fresh Linux environment (Proxmox VE LXC)
- PHP 8.3 with required extensions
- Composer 2.7+
- Run:
composer install --prefer-dist --no-scripts --no-dev
Result
Composer stops the installation due to the advisory.
Suggested solution
Document that Composer 2.7+ requires an additional audit config, for example:
"config": {
"audit": {
"ignore": ["PKSA-4g5g-4rkv-myqs"]
}
}This allows installation without disabling security checks globally.
Error & Logs
The package enshrined/svg-sanitize is affected by security advisories.
To ignore the advisories, add ("PKSA-4g5g-4rkv-myqs") to the audit "ignore" config.Configuration
No response
Containerization
Integration
No response
Additional information
Version
Composer 2.7+ blocks installation due to svg-sanitize advisory
Related to our issue: community-scripts/ProxmoxVE#9328
What happened?
When installing 2FAuth with Composer 2.7 or newer, the installation fails because the package
enshrined/svg-sanitizeis blocked by the new Composer security audit.This happens even when following the official installation steps.
Error message
Steps to reproduce
Result
Composer stops the installation due to the advisory.
Suggested solution
Document that Composer 2.7+ requires an additional audit config, for example:
This allows installation without disabling security checks globally.
Error & Logs
Configuration
No response
Containerization
Integration
No response
Additional information