Composer 2.9 Issue

Hello,

I tested Cakephp 4.6.3 with composer 2.8.x which work correctly, but with composer 2.9 not work. Do you have any suggestions for the following message:
Problem 1

• Root composer.json requires cakephp/cakephp ^4.5.0 → satisfiable by cakephp/cakephp[4.5.0, …, 4.6.3].
• cakephp/cakephp[4.5.0, …, 4.6.3] require laminas/laminas-diactoros ^2.2.2 → satisfiable by laminas/laminas-diactoros[2.18.1, …, 2.26.0].
• laminas/laminas-diactoros[2.18.1, …, 2.25.2] require php ~8.0.0 || ~8.1.0 || ~8.2.0 → your php version (7.4.33) does not satisfy that requirement.
• laminas/laminas-diactoros 2.26.0 requires php ~8.0.0 || ~8.1.0 || ~8.2.0 || ~8.3.0 → your php version (7.4.33) does not satisfy that requirement.

Looks like you tried these two versions of composer on two different versions of PHP? The errors you show here are from trying to do something that requires PHP 8.x when you are running on 7.4.

As Zuluru said, your PHP CLI is running on PHP 7.4

Check via php -v

The minimum requirement for cakephp 4.6.x is PHP 7.4 (from the documentation).
I tried to install cakephp 4.6.x with composer 2.9 and php7.4 and it didn’t work.

Yes, there seems to a problem with CakePHP 4.6 and PHP 7.4
We see it in our CI as well.

We are looking into it.

In the meantime: is there a specific reason why you are not upgrading to PHP 8.0 or higher?

Alright, the problem is this security issue from a library we use in CakePHP:

This was fixed AFTER laminas/laminas-diactoros dropped PHP 7.4 in 2.18.0

Therefore, technically CakePHP 4.6 is not PHP 7.4 compatible anymore as composer needs to install an older, PHP 7.4 compatible but insecure package of laminas/laminas-diactoros

unless you want to skip that security update and add the following to your composer.json

“config”: {
    “audit”: {
        “block-insecure”: false
    },
}

Thank you for your answer.