Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add missing dependencies to composer.json to prevent unwanted soft dependencies #751

Merged
merged 1 commit into from
Nov 11, 2021
Merged

Add missing dependencies to composer.json to prevent unwanted soft dependencies #751

merged 1 commit into from
Nov 11, 2021

Conversation

driehle
Copy link
Member

@driehle driehle commented Nov 10, 2021
edited

Using composer-require-checker I checked for symbols of libraries which are not in our require section of composer.json. Such dependencies are called soft dependencies and are usually a bad thing, because their version might change because of changes in upstream libraries, hence, causing bugs for end users.

To prevent such scenarios, this PR turns the following soft dependencies into hard dependencies:

  • container-interop/container-interop
  • laminas/laminas-eventmanager
  • laminas/laminas-servicemanager

@driehle driehle force-pushed the feature/streamline-dependencies branch from 17e64bc to cff8f3e Compare November 10, 2021 11:41
@driehle
turn soft dependencies into hard dependencies
cff8f3e 
Before, container-interop, laminas-eventmanager and
laminas-modulemanager were soft dependencies of DoctrineModule.
Their symbols are used in the library code. To prevent issues
with future upgrades, soft dependencies are now made explicit,
i.e. turned into hard dependencies.
@driehle driehle self-assigned this Nov 10, 2021
@driehle driehle added this to the 4.2.2 milestone Nov 10, 2021
@SenseException
Copy link
Member

SenseException commented Nov 10, 2021
edited

There seem to be a few classes/interfaces in use from laminas/laminas-console (e.g. in DoctrineModule\Component\Console\Input\RequestInput. Its readme file labels this package as deprecated and was archived though. Isn't this still a soft dependency?

@driehle
Copy link
Member Author

driehle commented Nov 11, 2021

You a right that symbols from laminas/laminas-(mvc-)console are used, but that is an optional dependency of DoctrineModule. That dependency is listed in the suggests section of composer.json. Whenever a library uses symbols from an optional dependency, it explicitly needs to check wheter that depenency is installed or not. So a soft dependency is a bad thing if it is a soft dependency by accident (which this PR fixes), but a soft dependency is valid if that is an optional dependency noted in suggests.

@driehle driehle changed the title Streamline dependencies to prevent soft dependencies Add missing dependencies to composer.json to prevent unwanted soft dependencies Nov 11, 2021
@driehle driehle merged commit e082975 into doctrine:4.2.x Nov 11, 2021
@driehle driehle deleted the feature/streamline-dependencies branch November 11, 2021 13:51
@driehle driehle mentioned this pull request Nov 11, 2021
Merged
driehle added a commit to driehle/DoctrineORMModule that referenced this pull request Nov 12, 2021
@driehle
update DoctrineModule to 4.2.2
a51d3bb 
DoctrineModule 4.2.2 has its soft dependencies resolved, see
doctrine/DoctrineModule#751, hence
upgrading to this version ensures that the next release of
DoctrineORMModule has neither soft dependencies from its own
nor from DoctrineModule
@driehle driehle mentioned this pull request Nov 12, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greg0ire greg0ire greg0ire approved these changes

@SenseException SenseException Awaiting requested review from SenseException

@TomHAnderson TomHAnderson Awaiting requested review from TomHAnderson

Assignees

@driehle driehle

Labels
Bug
Projects
None yet
Milestone
4.2.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@driehle @SenseException @greg0ire