Backward compatibility issue

[GautamMKGarg]

I am WordPress plugin developer and I am facing this issue with many of my clients. Code written for JWT library 5.0 is not compatible with latest version of JWT library. JWT library is getting used in lots of WordPress plugins and each plugin using different version of JWT library. it's cause conflicts between different plugins. Can new version of JWT become backward compatible? I know if all plugins will upgrade JWT code then this issue can be resolved. but asking all the developers to upgrade the JWT is not a practical solution. Please check if something can be done to make it backward compatible.

Fatal error: Uncaught ArgumentCountError: Too few arguments to function Firebase\JWT\JWT::encode(), 2 passed in C:\xampp\htdocs\wp\shrikarpatridham\wp-content\plugins\eroom-zoom-meetings-webinar\zoom-app\Interfaces\Request.php on line 64 and at least 3 expected

[Krisell]

Since version 6.x.x, the third argument defining the algorithm is required (previously optional). The previous default was 'HS256' so that's what you want to use in these cases.

It was released as a new major version (6 instead of 5) for exactly the reason it is not backwards compatible. Clients should not blindly update to version 6 without updating the use of ::encode and ::decode. The changes are small, and clearly stated in the release notes: https://github.com/firebase/php-jwt/releases/tag/v6.0.0

[GautamMKGarg]

@Krisell

Yes, I know about the changes and understand that changes are very small. But problem here is different. There are more than 50000 plugins and theme developed on WordPress. Out of which more than 1000 plugins and themes are using firebase JWT. Around 70% of these plugins are using version 5 of JWT and around 30% are using JWT. The data I am providing is approximate data. When these plugins are installed on WordPress together, they breaks the WordPress Websites. WordPress does not load JWT twice. If wordpress loads JWT 6, plugins with JWT 5 dependency breaks. and if WordPress loads JWT 5, plugins with JWT 6 dependency breaks.

[bshaffer]

@GautamMKGarg The solution here is to install v5.5.0 of this library. This version contains a compatibility layer: you can call encode and decode using both the v5 and v6 versions of the function signature

composer require firebase/php-jwt:^5.5

These breaking changes were done for a very important reason - to fix https://github.com/advisories/GHSA-8xf4-w7qw-pjjw. We did everything we could, by releasing behind a major version and providing ample documentation. Hopefully the plugins can handle installing the compatibility layer for now, and eventually v6 can be used everywhere.