Composer v.2.9 forbids installing the security-vulnerable package by default. As a result, docusign/esign-client can't be installed because it depends on firebase/php-jwt, which is affected by security advisories.
test-host:clean-project user$ composer require docusign/esign-client:^8.0
./composer.json has been created
Running composer update docusign/esign-client
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires docusign/esign-client ^8.0 -> satisfiable by docusign/esign-client[v8.0.0, ..., v8.7.0].
- docusign/esign-client[v8.0.0, ..., v8.7.0] require firebase/php-jwt ^6.0 -> found firebase/php-jwt[v6.0.0, ..., v6.11.1] but these were not loaded, because they are affected by security advisories ("PKSA-y2cr-5h3j-g3ys"). Go to https://packagist.org/security-advisories/ to find advisory details. To ignore the advisories, add them to the audit "ignore" config. To turn the feature off entirely, you can set "block-insecure" to false in your "audit" config.
Installation failed, deleting ./composer.json.
Composer v.2.9 forbids installing the security-vulnerable package by default. As a result,
docusign/esign-clientcan't be installed because it depends on firebase/php-jwt, which is affected by security advisories.