Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #834 #835

Merged
merged 1 commit into from
Feb 10, 2021
Merged

Fixes #834 #835

merged 1 commit into from
Feb 10, 2021

Conversation

filisko
Copy link
Contributor

@filisko filisko commented Feb 10, 2021

Hi,

This PR fixes #834.

@filisko filisko changed the base branch from master to 2.x February 10, 2021 11:53
@chalasr
Copy link
Collaborator

chalasr commented Feb 10, 2021

Apologies for the breakage, and thanks a lot for the patch @filisko

@chalasr chalasr merged commit a675978 into lexik:2.x Feb 10, 2021
@filisko
Copy link
Contributor Author

filisko commented Feb 10, 2021

@chalasr you welcome, thanks for the quick response ;)

@chalasr
Copy link
Collaborator

chalasr commented Feb 10, 2021

Released in v2.11.1 :)

@wiese
Copy link

wiese commented Oct 21, 2021

Stumbled upon this while researching why, when running composer require jwt-auth, a deprecated library (namshi/jose) and with it a surprising polyfill (symfony/polyfill-php56 on a php 8 system) were added.

Looking at the change which initially removed namshi/jose from here (#508), it appears to have done what it did with thought and intentionally ("The "namshi/jose" library is deprecated, this bundle does not require it anymore. If you need to keep using it, require it in your composer.json."). In hindsight the better versioning solution might have been to release a v3 with the removal right away but that ship has sailed.

In the mean time, until there actually is a v3, "fix" #835 now puts all new users of this bundle (who care about their application supply chain) in a tight spot instead of only expecting users updating their bundle to become active in case they still depend on the deprecated library (and they really should become active anyway).

Does this resonate? Am I missing something? Are there arguments against releasing a v3 (I see one has been planned for a while but there is really no shortage of integers for version numbers)?

composer info lexik/jwt-authentication-bundle
...
versions : * v2.13.0
...
requires
namshi/jose ^7.2

composer why namshi/jose
lexik/jwt-authentication-bundle  v2.13.0  requires  namshi/jose (^7.2)

composer info namshi/jose
...
versions : * 7.2.3
...
requires
symfony/polyfill-php56 ^1.0

composer why symfony/polyfill-php56
namshi/jose  7.2.3  requires  symfony/polyfill-php56 (^1.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

bug: upgrading to 2.11.0 breaks DefaultJWSProvider (namshi/jose package missing)
3 participants