Package docusign/esign-client can't be installed due to security advisories

[v-noskov]

Composer v.2.9 forbids installing the security-vulnerable package by default. As a result, docusign/esign-client can't be installed because it depends on firebase/php-jwt, which is affected by security advisories.

test-host:clean-project user$ composer require docusign/esign-client:^8.0
./composer.json has been created
Running composer update docusign/esign-client
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Root composer.json requires docusign/esign-client ^8.0 -> satisfiable by docusign/esign-client[v8.0.0, ..., v8.7.0].
    - docusign/esign-client[v8.0.0, ..., v8.7.0] require firebase/php-jwt ^6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.


Installation failed, deleting ./composer.json.