Remove okvpn/clock-lts post WMF PHP 8.3 upgrade
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Reedy
	Sep 23 2025, 12:26 PM

Description

We swapped from lcobucci/clock to okvpn/clock-lts in T405031: lcobucci/clock needs upgrading for PHP 8.3 to allieviate some PHP upgrade issues.

In T405346#11276507, @Tgr wrote:

lcobucci/clock predates PSR-20, there is no reason for a modern PHP library to depend on it. So hopefully we can just upgrade everything to the point where it goes away as a dependency, and then use ConvertibleTimestamp's clock instead.

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T317255 PHP's getElementsByTagName is slow prior to PHP 8.3
Open		None	T358667 Drop PHP 8.2 support from MediaWiki
Open		None	T366644 Raise MediaWiki's MariaDB requirement to 10.6
Open		None	T366646 Raise Quibble jobs' tested version of MariaDB to 10.6
Open		None	T405346 Remove okvpn/clock-lts post WMF PHP 8.3 upgrade
Resolved		Krinkle	T358666 Drop PHP 8.1 support from MediaWiki
Resolved		Krinkle	T360995 Migrate Wikimedia production from PHP 8.1 to PHP 8.3
Resolved		Jdforrester-WMF	T353362 Make PHP 8.3 voting on development (master) branch of MW ecosystem (core, vendor, extensions, skins, libraries)
Resolved		Jdforrester-WMF	T352085 Make PHP 8.2 voting on development (master) branch of MW ecosystem (core, vendor, extensions, skins, libraries)
Resolved		Jdforrester-WMF	T360560 Make PHP 8.2 voting on development branch of Wikibase
Resolved		Lucas_Werkmeister_WMDE	T324202 Remove use of utf8_encode and utf8_decode in Wikibase
Resolved		None	T353161 [CLIENT] Creation of dynamic property MediaWiki\Title\Title::$wikibasePushedDeleteToRepo is deprecated
Resolved		Jdforrester-WMF	T360709 Make PHP 8.2 voting on development (master) branch of Math extension
Resolved		Daimona	T381728 Use PHP 8.3 in MediaWiki-Docker
Resolved		Jdforrester-WMF	T398491 Move CI images to WMF PHP 8.3 packages
Declined		None	T401255 Switch PHP 8.3 image of MediaWiki-Docker from Sury to WMF
Resolved		Scott_French	T401254 Upgrade mw-debug/next to PHP 8.3
Resolved		Scott_French	T401252 Configure title-case consistency mapping for PHP 8.1 -> 8.3 transition
Resolved		Scott_French	T399884 Configure production MediaWiki image builds for PHP 8.3
Resolved		cscott	T401855 ☂ PHP 8.3 issues found during WMF rollout
Resolved		Scott_French	T402424 PHP Deprecated: Using ${var} in strings is deprecated, use {$var} instead in /srv/monitoring/lib.php on line 99
Duplicate	PRODUCTION ERROR	None	T403514 Expectation (readQueryRows <= 10000) by MediaWiki\Actions\ActionEntryPoint::execute not met (actual: 12860)
Resolved	PRODUCTION ERROR	Michael	T407403 Error: Invalid serialization data for DatePeriod object
Resolved	PRODUCTION ERROR	Michael	T408852 PHP Deprecated: DateTime::__construct(): Passing null to parameter #1 ($datetime) of type string is deprecated
Resolved		Michael	T401005 Investigate Production Errors from ComputedUserImpactLookup::getPageViewData
Duplicate	PRODUCTION ERROR	None	T409248 PHP Warning: Trying to access array offset on null
Resolved		Tgr	T402597 Exploratory testing on PHP 8.3 for MediaWiki Platform Team components
Resolved		None	T402804 Exploratory testing on PHP 8.3 for MediaWiki authentication stack
Resolved		DAlangi_WMF	T403484 Exploratory testing on PHP 8.3 for MediaWiki authentication stack: Login
Resolved		Tgr	T403485 Exploratory testing on PHP 8.3 for MediaWiki authentication stack: Central session
Resolved		DAlangi_WMF	T403486 Exploratory testing on PHP 8.3 for MediaWiki authentication stack: Signup
Resolved		Tgr	T403487 Exploratory testing on PHP 8.3 for MediaWiki authentication stack: OAuth
Resolved		Tgr	T403488 Exploratory testing on PHP 8.3 for MediaWiki authentication stack: 2FA
Resolved		Atieno	T402809 Exploratory testing on PHP 8.3 for MediaWiki Interfaces Team components
Open		None	T402810 Exploratory testing on PHP 8.3 for Content Transform Team components
Resolved		brouberol	T403110 Prepare dumps-on-k8s (mediawiki-dumps-legacy) for migration to PHP 8.3
Resolved		Scott_French	T403655 Configure mw-next-routing for the PHP 8.3 migration
Resolved		Scott_French	T403657 Configure the WikimediaEvents extension for the PHP 8.3 migration
Resolved		Scott_French	T403284 Migrate production Shellbox services to PHP 8.3
Resolved		Scott_French	T403283 Prepare PHP 8.3 service images for Shellbox
Resolved		Scott_French	T398246 Prepare PHP 8.3 production images
Resolved		Scott_French	T398245 Prepare WMF PHP 8.3 packages for bullseye
Resolved		Krinkle	T400109 Ensure MediaWiki-Core-Profiler works with php-xhprof 2.x (PHP 8.3)
Resolved		Krinkle	T401152 Switch wmf-config/Profiler from Tideways to XHProf
Resolved		Scott_French	T403772 Migrate parsoidtest1001 to PHP 8.3
Resolved		Krinkle	T405031 lcobucci/clock needs upgrading for PHP 8.3
Resolved		Tgr	T363639 web-auth/webauthn-lib must be upgraded to 4+ for PHP 8.2+ support
Resolved		Scott_French	T405955 MediaWiki on PHP 8.3 production workload migration
Resolved		jnuche	T411277 Patchdemo wiki creation fails due to PHP 8.1 not supported by MW
Resolved		Jdforrester-WMF	T411372 wikilambda-catalyst-end-to-end broken due to new version of composer after PHP 8.1 -> 8.3 migration
Resolved	BUG REPORT	bd808	T411235 Beta cluster scap using php8.1 container; php8.2 is now required

Event Timeline

Reedy created this task.Sep 23 2025, 12:26 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 23 2025, 12:26 PM

Reedy added subtasks: T405031: lcobucci/clock needs upgrading for PHP 8.3, T360995: Migrate Wikimedia production from PHP 8.1 to PHP 8.3.Sep 23 2025, 12:26 PM

Reedy updated the task description. (Show Details)

Jdforrester-WMF edited subtasks, added: T358666: Drop PHP 8.1 support from MediaWiki; removed: T360995: Migrate Wikimedia production from PHP 8.1 to PHP 8.3.Sep 23 2025, 1:52 PM

Jdforrester-WMF updated the task description. (Show Details)

Jdforrester-WMF subscribed.

I think it might be worth sticking to clock-lts. The author of clock has strongly decided that they do not maintain more than 1-2 versions of PHP support and will enforce this via composer.json at install time. This means we'll be here again.

If we install the clock package in mediawiki/vendor, the repo becomes un-installable in any local/third-party context with a PHP version other the one we run at WMF. It's quite inflexible.

Assuming WMF stays within the last 2 versions of PHP going forward, we will be able run the latest version of clock in production. But through vendor, it makes PHP upgrades hard even when upgrading from latest minus one to latest. The author basically requires intermediary packages to specify a range of versions, and then assumes that you run composer install in production.

There's also CI pipelines. We couldn't run mediawiki-vendor in CI on the master branch. After we drop PHP 8.1, we'll be down to supporting 3-4 versions only (PHP 8.2-8.4) which seems managable, yet is still incompatible with clock.

Reedy moved this task from Backlog to External on the MediaWiki-extensions-OATHAuth board.Oct 3 2025, 11:32 AM

Reedy renamed this task from Swap back to lcobucci/clock post WMF PHP 8.3 upgrade to Swap back to lcobucci/clock post WMF PHP 8.3 upgrade?.Oct 7 2025, 11:06 AM

Reedy updated the task description. (Show Details)

Reedy moved this task from Backlog to Wikimedia production on the PHP 8.3 support board.Oct 7 2025, 11:19 AM

lcobucci/clock predates PSR-20, there is no reason for a modern PHP library to depend on it. So hopefully we can just upgrade everything to the point where it goes away as a dependency, and then use ConvertibleTimestamp's clock instead.

Sounds good to me, even better.

Reedy renamed this task from Swap back to lcobucci/clock post WMF PHP 8.3 upgrade? to Remove lcobucci/clock (or replacement) post WMF PHP 8.3 upgrade.Oct 29 2025, 12:24 PM

ABreault-WMF mentioned this in T408470: Prune /vendor for REL1_45.Nov 6 2025, 10:01 PM

T405344: Upgrade web-auth/webauthn-lib to >= 5.2.3 itself will remove lcobucci/clock in WebAuthn as per https://webauthn-doc.spomky-labs.com/v4.9/migration/from-v3.x-to-v4.0-1#dependency-changes

Reedy renamed this task from Remove lcobucci/clock (or replacement) post WMF PHP 8.3 upgrade to Remove okvpn/clock-lts post WMF PHP 8.3 upgrade.Nov 18 2025, 4:11 PM

Reedy added a project: MediaWiki-extensions-OAuth.

Reedy updated the task description. (Show Details)

Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptNov 18 2025, 4:12 PM

Reedy renamed this task from Remove lcobucci/clock (or replacement) post WMF PHP 8.3 upgrade to Remove okvpn/clock-lts post WMF PHP 8.3 upgrade.

This is more, "when we drop PHP 8.1 support from OATHAuth" and is blocked by T405344, right?

            "name": "web-auth/webauthn-lib",
            "version": "4.9.2",
...
            "suggest": {
...
                "psr/clock-implementation": "As of 4.5.x, the PSR Clock implementation will replace lcobucci/clock",

^ It kinda looks like we could replace it away (now), if we have have something that satisfies https://packagist.org/providers/psr/clock-implementation, which wikimedia/timestamp does.. as per Gergo above. I haven't looked what extra wiring would be needed, if any.

OAuth however has dependancies on it too via lcobucci/jwt and then league/oauth2-server...

So that brings in T261462: Migrate OAuth extension back from wikimedia/oauth2-server fork to upstream to the tree

lcobucci/jwt also only depends on psr/clock (if we can get to a reasonably recent version of it). So yeah oauth2-server is the weak link.

OWresch-WMF moved this task from Inbox, needs triage to Waiting on the MediaWiki-Platform-Team board.Nov 27 2025, 3:43 PM

Krinkle closed subtask T358666: Drop PHP 8.1 support from MediaWiki as Resolved.Dec 18 2025, 3:05 PM

Starting to poke at T405344: Upgrade web-auth/webauthn-lib to >= 5.2.3 - https://packagist.org/packages/web-auth/webauthn-lib#5.2.3

Requires https://packagist.org/packages/symfony/clock :/