Open weierophinney opened 3 years ago
I think we should create a project for this topic to track the progress and the get and give an overview.
Is this still relevant? Do we have a project? What's the status here?
Ping @laminas/technical-steering-committee
I think the above needs to at least become a checklist, and need an assignee to pick it up :D
I will create a list on which repositories the message is missing in the readme file. (Example: laminas-log)
The message is only missing in laminas-log.
(laminas-console and laminas-mvc-console are abandoned and the repositories are archived.)
SO who's fixing that for laminas-log?
@heiglandreas I will create a pull request.
In preparation for marking packages as security-only and/or archiving them, I made the following notes, indicating follow-on tasks we need to track.
Packages depending on laminas-config
Packages depending on laminas-console
Packages depending on laminas-crypt
Packages depending on laminas-db functionality
This one is kind of big. We use it in laminas-feed, laminas-validator, laminas-session, laminas-log, laminas-paginator, laminas-authentication, api-tools-oauth, api-tools-content-validation, and api-tools.
We should probably come up witha comprehensive strategy for updating these packages, by one or more of:
Original strategy:
Packages depending on laminas-dom
Packages depending on laminas-http
This one is kind of big. We use it heavily, as it forms the core of our MVC and by extension the laminas-api-tools; the various RPC servers; and numerous components that are tangentially related to the MVC (session, navigation, etc.).
We need a comprehensive strategy for updating these packages.
Notes:
laminas-feed uses it in both the Reader and PubSubHubbub components. The former can likely be updated to use an alternative client by default in a new minor release, and the LaminasHttpClientDecorator can be marked deprecated. The latter uses it conditionally:
laminas-validator sets a dependency on laminas-http... but does not actually use it.
laminas-view stores a response in the
Json
helper, and, when invoked, sets theContent-Type
header on it. (It also uses laminas-json to encode the JSON.) This can stay as-is.laminas-mvc clearly still uses it.
laminas-session uses
Laminas\Http\PhpEnvironment\RemoteAddress
in the RemoteAddr validator to get the IP address. We can likely inline the class.laminas/laminas-psr7bridge bridges between it and PSR-7
laminas-router clearly still uses it.
laminas-authentication uses it in its Http authentication adapter. We should likely separate this one to its own package, and add a new one for PSR-7. Or just deprecate the damn package.
laminas-test clearly still uses it.
The various laminas-api-tools repositories still use it.
laminas-navigation uses it for Uri-based pages.
laminas-xmlrpc uses it for HTTP negotiation.
laminas-json-server uses it for HTTP negotiation.
laminas-recaptcha uses it for HTTP requests.
laminas-twitter uses it for HTTP requests
Packages depending on laminas-json
These can all likely be inlined with usage of native JSON tools.
AbstractHtmlElement
, JSON helper, JsonRenderer, and JsonModel)AbstractRestfulController
)Paginator::toJson()
Packages depending on laminas-loader
Try and inline the required functionality where possible; otherwise, loosen up dependencies and start moving away from them.
Packages depending on laminas-log
Packages depending on laminas-math
Packages depending on laminas-oauth
Packages depending on laminas-serializer
This one is problematic due to usage in laminas-cache and laminas-hydrator; may need to come up with alternate plugins/strategies.
Packages depending on laminas-text
Packages depending on laminas-uri