Page MenuHomePhabricator
Create Task
Maniphest T307864

A composer dependency of OAuth extension contains PHP 8.0 syntax
Open, Needs TriagePublicBUG REPORT
Actions

Description

List of steps to reproduce (step by step, including full links if applicable):

What happens?:

/OAuth/vendor/lcobucci/clock/src/SystemClock.php:13 contains the constructor property promotion syntax, so the extension is not compatible with PHP versions older than 8.0.

What should have happened instead?:

There should be no PHP 8.0 syntax because the support of PHP 7.x is not dropped.

Software version (if not a Wikimedia wiki), browser information, screenshots, other information, etc.:

REL1_37

Details

SubjectRepoBranchLines +/-
composer.json: Explicitly pin lcobucci/clock to ~2.0.0mediawiki/extensions/OAuthREL1_35+1 -0
composer.json: Explicitly pin lcobucci/clock to ~2.0.0mediawiki/extensions/OAuthREL1_36+1 -0
composer.json: Explicitly pin lcobucci/clock to ~2.0.0mediawiki/extensions/OAuthREL1_38+1 -0
composer.json: Explicitly pin lcobucci/clock to ~2.0.0mediawiki/extensions/OAuthREL1_37+1 -0
Customize query in gerrit

Related Objects

Event Timeline

Lens0021 created this task.May 8 2022, 1:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 8 2022, 1:57 PM
krosylight subscribed.May 8 2022, 2:07 PM
Daimona subscribed.May 8 2022, 5:06 PM
Izno added a project: PHP 7.4 support.May 8 2022, 6:27 PM
Izno added a project: MW-1.37-release.
Reedy subscribed.May 8 2022, 9:11 PM

lcobucci/clock isn't specifically pinned... So I'm guessing ext-dist is running PHP 8?

Reedy added a project: MediaWiki-extensions-OAuth.May 8 2022, 9:12 PM
Reedy moved this task from Blocker to Not a blocker on the MW-1.37-release board.
Reedy added a comment.May 8 2022, 9:27 PM

Possibly related to T293055: Switch extdist to Bullseye and composer Debian package ?

We can pin lcobucci/clock rather lcobucci/jwt (which requires lcobucci/clock, but only in require from version 4.0) to 2.0.0 as that supports PHP 7.4, and as such on release branches is perfectly fine.

https://packagist.org/packages/lcobucci/clock#2.0.0
https://packagist.org/packages/lcobucci/clock#2.1.0

This doesn't actually solve it for master, as master needs to support PHP 7.2, but meh there.

gerritbot added a comment.May 8 2022, 9:28 PM

Change 789953 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OAuth@REL1_37] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

https://gerrit.wikimedia.org/r/789953

gerritbot added a project: Patch-For-Review.May 8 2022, 9:28 PM
gerritbot added a comment.May 8 2022, 9:30 PM

Change 789954 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OAuth@REL1_38] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

https://gerrit.wikimedia.org/r/789954

gerritbot added a comment.May 8 2022, 9:30 PM

Change 789955 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OAuth@REL1_36] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

https://gerrit.wikimedia.org/r/789955

gerritbot added a comment.May 8 2022, 9:31 PM

Change 789956 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OAuth@REL1_35] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

https://gerrit.wikimedia.org/r/789956

gerritbot added a comment.May 8 2022, 9:33 PM

Change 789953 abandoned by Reedy:

[mediawiki/extensions/OAuth@REL1_37] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

Reason:

https://gerrit.wikimedia.org/r/789953

gerritbot added a comment.May 8 2022, 9:33 PM

Change 789954 abandoned by Reedy:

[mediawiki/extensions/OAuth@REL1_38] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

Reason:

https://gerrit.wikimedia.org/r/789954

gerritbot added a comment.May 8 2022, 9:33 PM

Change 789955 abandoned by Reedy:

[mediawiki/extensions/OAuth@REL1_36] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

Reason:

https://gerrit.wikimedia.org/r/789955

gerritbot added a comment.May 8 2022, 9:34 PM

Change 789956 abandoned by Reedy:

[mediawiki/extensions/OAuth@REL1_35] composer.json: Explicitly pin lcobucci/clock to ~2.0.0

Reason:

https://gerrit.wikimedia.org/r/789956

Reedy added a comment.May 8 2022, 9:38 PM

Scrap that. We only bumped to 7.3 in release branches, not 7.4, where the version jump is there.

If we do pin lcobucci/jwt to 3.4.6, it means anyone running release branch OAuth on PHP 8 will have incompatible libraries, and would need to modify composer.json to get it working.

Someone is going to have to run composer update --no-dev somewhere sometime...

Reedy removed a project: PHP 7.4 support.May 8 2022, 9:47 PM
Reedy removed a project: Patch-For-Review.May 8 2022, 10:01 PM
DannyS712 updated the task description. (Show Details)May 8 2022, 10:51 PM
Legoktm removed a project: VPS-project-Extdist.May 9 2022, 3:43 AM
Legoktm subscribed.
In T307864#7912454, @Reedy wrote:

lcobucci/clock isn't specifically pinned... So I'm guessing ext-dist is running PHP 8?

Correct. I'm going to untag extdist for now since I don't think there's any issue on that end but please retag in case I'm wrong.

Jdforrester-WMF removed a project: MW-1.37-release.Nov 30 2022, 8:57 PM
Jdforrester-WMF subscribed.

1.37.x is now EOL.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL