Feature Request

I'm testing an RC release of PHP 8.2, but this package fails to install due to version restrictions in composer.json. I would welcome the addition of PHP 8.2 to to the list of supported PHP versions.

| Q | A |------------ | ------ | New Feature | yes | RFC | no | BC Break | no

Summary

Hello, I understand that this package is security-only and feature-complete. However - does that mean no support for future PHP versions is coming?

What about adding a benevolent version constaraint? That would allow us to install the package, and, if issues do occur, the community could provide MRs. That would reduce the amount of work needed for the maintainers ofthis package to minimum.

Hello. I stumbled upon being unable to run app with this package in PHP 8.1 environment.

This is what I get from Composer.

- laminas/laminas-xml[1.3.0, ..., 1.4.x-dev] require php ^7.3 || ~8.0.0 -> your php version (8.1.0) does not satisfy that requirement.

The issue is that the constraint in composer.json is as follows:

    "require": {
        "php": "^7.3 || ~8.0.0",
        "laminas/laminas-zendframework-bridge": "^1.0"
    },

(seen here)

I suggest changing "php": "^7.3 || ~8.0.0", to "php": "^7.3 || ^8.0", to support future versions of PHP.

| Q | A |-------------- | ------ | Documentation | no | Bugfix | yes | BC Break | no | New Feature | no | RFC | no | QA | no

Description

I'm updating logic so that it does not get used on PHP 8.0+. In PHP 8.0 and later, PHP uses libxml versions from 2.9.0, which disabled XXE by default. libxml_disable_entity_loader() is now deprecated.

The current code will throw deprecation warnings/errors and break the code. As for as far as I understand it, it the same logic as it is now disabled by default so changing this value is not needed. And also reverting the change back to its original value.

I have opted to wrap the function calls in an if statement that checks if the current PHP version is lower than PHP 8.0. This was the easiest way I could think of to update this code without touching too much of its current behavior.

I'm not entirely sure if this is (already) wanted, this has been tested on the latest PHP 8.0 release candidate as of today.

Also, please do let me know if you have feedback!

EDIT:

Please note that I did not check any other part of the code, I just noticed this when running a project on PHP 8 as a test and came across this code hit on some its pages.

| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | yes | RFC | no | QA | no

Description

added PHP 8.1 support

| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | no | RFC | no | QA | yes

Description

It wasn't until immediately after https://github.com/laminas/laminas-xml/pull/13 got merged that I realised we will also need the PHP version setting in composer.json to tell renovate which PHP version to run.

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

Detected Package Files

• composer.json (composer)
• .github/workflows/auto-close.yml (github-actions)
• .github/workflows/continuous-integration.yml (github-actions)
• .github/workflows/release-on-milestone-closed.yml (github-actions)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Enable Renovate Dependency Dashboard creation.
• Ignore node_modules, bower_components, vendor and various test/tests directories.
• Automerge patch and minor upgrades if they pass tests.
• If automerging, push the new commit directly to the base branch (no PR).
• Wait for branch tests to pass or fail before creating the PR.
• Rebase existing PRs any time the base branch has been updated.
• Separate major versions of dependencies into individual branches/PRs.
• Do not separate patch and minor upgrades into separate PRs for the same dependency.
• Raise PR when vulnerability alerts are detected.
• Evaluate schedules according to timezone UTC.
• Append Signed-off-by: to signoff Git commits.
• Apply label renovate to PRs.
• Group all minor and patch updates together.
• Default configuration for repositories in the Laminas organisation

🔡 Would you like to change the way Renovate is upgrading your dependencies? Simply edit the renovate.json in this branch with your custom config and the list of Pull Requests in the "What to Expect" section below will be updated the next time Renovate runs.

What to Expect

With your current configuration, Renovate will create 3 Pull Requests:

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section. If you need any further assistance then you can also request help here.

Read more information about the use of Renovate Bot within Laminas.

| Q | A |-------------- | ------ | Documentation | no | Bugfix | yes | BC Break | no | New Feature | no | RFC | no | QA | no

Description

I wanted to ask this already in one of my previous PR's but forgot about it... As the extension ext-dom and ext-simplexml are required for this package to work it might be a good idea to add them.

• added required dependencies ext-dom and ext-simplexml

| Q | A |-------------- | ------ | Documentation | no | Bugfix | no | BC Break | no | New Feature | yes | RFC | no | QA | no

Description

removed zendframework-bridge as dependency

Feature Request

| Q | A |------------ | ------ | New Feature | yes

Summary

To be prepared for the december release of PHP 8.0, this repository has some additional TODOs to be tested against the new major version.

In order to make this repository compatible, one has to follow these steps:

• [ ] Modify composer.json to provide support for PHP 8.0 by adding the constraint ~8.0.0
• [ ] Modify composer.json to drop support for PHP less than 7.3
• [ ] Modify composer.json to implement phpunit 9.3 which supports PHP 7.3+
• [ ] Modify .travis.yml to ignore platform requirements when installing composer dependencies (simply add --ignore-platform-reqs to COMPOSER_ARGS env variable)
• [ ] Modify .travis.yml to add PHP 8.0 to the matrix (NOTE: Do not allow failures as PHP 8.0 has a feature freeze since 2020-08-04!)
• [ ] Modify source code in case there are incompatibilities with PHP 8.0

Feature Request

| Q | A |------------ | ------ | QA | yes

Summary

As decided during the Technical-Steering-Committee Meeting on August 3rd, 2020, Laminas wants to implement vimeo/psalm in all packages.

Implementing psalm is quite easy.

Required

• [ ] Create a .psalm.xml.dist in the project root
• [ ] Copy and paste the contents from this psalm.xml.dist
• [ ] Run $ composer require vimeo/psalm
• [ ] Run $ vendor/bin/psalm --set-baseline=psalm-baseline.xml
• [ ] Add a composer script static-analysis with the command psalm --shepherd --stats
• [ ] Add a new line to script: in .travis.yml: - if [[ $TEST_COVERAGE == 'true' ]]; then composer static-analysis ; fi
• [ ] Remove phpstan from the project (phpstan.neon.dist, .travis.yml entry, composer.json require-dev and scripts)

Optional

• [ ] Fix as many psalm errors as possible.

| Q | A |-------------- | ------ | QA | yes

Description

• Update composer config platform.php to 8.0.99
• Update composer PHP to ~8.0.0 || ~8.1.0 || ~8.2.0
• Ignore PHP platform requirements via .laminas-ci.json

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• [ ] Check this box to trigger a request for Renovate to run again on this repository