Bump to minimum PHP 7.2 #726
Replies: 6 comments 14 replies
-
One point to note on the dependency updates: php-cs-fixer version changes (even minor version changes that are supposed to be compatible) have on multiple past occasions also been associated with changes in its behaviour that have caused it to make unwanted changes to the logic of this library's code, not just presentation. Any update of php-cs-fixer should also be combined with careful review of any changes it proposes to make to the existing codebase when run to ensure it isn't introducing logic bugs - the logic problems can be subtle. This is the reason why it's pinned to an exact version, rather than allowing any compatible version. |
Beta Was this translation helpful? Give feedback.
-
May I ask this to be reconsidered? |
Beta Was this translation helpful? Give feedback.
-
@nicolas-grekas Changing the PHP minimum version is a breaking change; the library can't reasonably be released with that change under a 5.x or 6.x version number. The plan is to release 6.0 ASAP (with support for PHP >= 5.3), then immediately deprecate it. This gives those who are currently running the master branch in production an actual version to pin to if needed, and allows us to move forward with breaking changes like the version bump in v7. |
Beta Was this translation helpful? Give feedback.
-
I would normally agree with you, but I consider it a breaking change in this particular case, because it would mean that people who can't cope with it would be permanently locked out of security upgrades on the 5.x branch. PHP isn't a typical dependendency - it's the whole operating environment, not just a library. Which IMO is a big part of why breaking changes require a major version bump in the first place - it means you don't just leave the legacy folks hanging. It's not just about API compatibility. I don't consider upgrading composer's dependency on it to be breaking, because we know composer can cope with it. But there are unfortunately plenty of legacy projects out there which can't. The plan we have (bumping the PHP dependency in v7) means that in the event of a serious security issue, we'll still be able to address it for those folks stuck on 5 & 6. |
Beta Was this translation helpful? Give feedback.
-
I think, the php-requirement should be PHP >= 8.1, cause older versions are not in the security support: https://www.php.net/supported-versions.php . If someone dont want to upgrade his own work with a little refactoring, he can use older versions of the package. Other suggestions:
If you need somebody to do that, I can help :) |
Beta Was this translation helpful? Give feedback.
-
I started working on a Draft PR to discover the impact of of supporting PHP 8.0 officially and drop support for PHP >= 7.1. You can check the progress at #746 this only reflects the latest achieved commit and I might have other changes pending on my local computer. |
Beta Was this translation helpful? Give feedback.
-
As mentioned in several issues and confirmed by @Seldaek we can and should bump the minimum PHP level to
>= 7.2
I've started this discussion to first discuss and collect the work to be done before taking action. Also releasing
v6.0.0
has a higher priority compared to this.Things todo
php: >= 5.3.3
tophp: >= 7.2
, see Extend pipeline for newer versions php #746@param
where possiblephpunit/phpunit: ^8.5.*
which also requires to update the test suite, addingvoid
return types on the tests, see Extend pipeline for newer versions php #746friendsofphp/php-cs-fixer: 3.2.1
marc-mabe/php-enum
constraint can be adjusted to^4.0
(as2.*
and3.*
required a PHP version for which we are dropping support.), see Raise minimum level php enum #766declare (strict_types=1)
see refactor: add declare strict_types to all classes in ./src #758Language features we can't use
mixed
type (Requires PHP 8.0)One other PR to consider is #689
Beta Was this translation helpful? Give feedback.
All reactions