Skip to content

feat!: bump minimum supported PHP version to 8.1 #348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gjtorikian wants to merge 1 commit into
base: next-major
Choose a base branch
from
+51 −14
Open

feat!: bump minimum supported PHP version to 8.1 #348

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 1 addition & 10 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
strategy:
fail-fast: true
matrix:
php: ["7.3", "7.4", "8.1", "8.2", "8.3"]
php: ["8.1", "8.2", "8.3", "8.4", "8.5"]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2.32.0
Expand All @@ -37,15 +37,6 @@ jobs:
run: |
composer install --prefer-dist --no-progress --no-interaction
- name: Lint and formatting
if: >-
matrix.php == '7.4' ||
matrix.php == '8.1' ||
matrix.php == '8.2' ||
matrix.php == '8.3'
run: |
composer run-script format-check
- name: Test
run: |
composer run-script test
38 changes: 38 additions & 0 deletions .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Lint

on:
push:
branches:
- "main"
Comment on lines +5 to +6
Copy link
Contributor

@greptile-apps greptile-apps bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Push trigger only covers main, not next-major

The push trigger is scoped only to main, but this PR targets next-major. Any direct commits to next-major (e.g. merge commits, chore bumps) will not trigger the lint workflow — only PRs will. This matches the existing behavior of ci.yml, but it may be worth adding next-major to both push trigger lists to keep the branch continuously green:

  push:
    branches:
      - "main"
      - "next-major"

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

pull_request: {}

defaults:
run:
shell: bash

jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2.32.0
with:
php-version: "8.1"
tools: "composer"

- name: Cache Composer packages
uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with:
path: vendor
key: ${{ runner.os }}-php-8.1-${{ hashFiles('**/composer.lock') }}
restore-keys: |
${{ runner.os }}-php-8.1-

- name: Install dependencies
run: |
composer install --prefer-dist --no-progress --no-interaction

- name: Lint and formatting
run: |
composer run-script format-check
8 changes: 8 additions & 0 deletions .vscode/settings.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"[github-actions-workflow]": {
"editor.defaultFormatter": "redhat.vscode-yaml"
},
"[json]": {
"editor.defaultFormatter": "vscode.json-language-features"
}
}
8 changes: 4 additions & 4 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@
}
],
"require": {
"php": ">=7.3.0",
"php": ">=8.1.0",
"ext-curl": "*",
"paragonie/halite": "^4.0"
"paragonie/halite": "^5.1"
Copy link
Contributor

@greptile-apps greptile-apps bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Breaking change: Halite v4 → v5 ciphertext format incompatibility

Upgrading paragonie/halite from ^4.0 to ^5.1 is a breaking change for any users who have existing session data encrypted with v4. Halite embeds its own version bytes in the ciphertext format, and v5 changed this format — meaning any session cookie encrypted under v4 cannot be decrypted by v5's SymmetricCrypto::decrypt(). Users upgrading this library will have all active sessions silently invalidated and thrown as decryption exceptions.

While the PR title correctly signals a breaking change (feat!), the description only mentions the PHP version bump. It's worth explicitly documenting this session-invalidation side-effect in release notes/migration guide, and considering whether a graceful degradation path (e.g. attempt v5 decrypt, fall back to v4, then re-seal) is desirable.

},
"require-dev": {
"friendsofphp/php-cs-fixer": "^2.15|^3.6",
"phpunit/phpunit": "^9"
"friendsofphp/php-cs-fixer": "^3.0",
"phpunit/phpunit": "^10.5"
},
"autoload": {
"psr-4": {
Expand Down
Loading