Bump Duo_Universal_Php to 1.0.2 in order to have a valid composer.json in dependencies for a more cleaner build process

[AkechiShiro]

Bump Duo Universal PHP from 1.0.1 to 1.0.2

• Passbolt Version: 4.4.2
• Platform and Target: -- Operating system: NixOS -- PHP: 8.1 -- Web server: N/A -- Database server: N/A -- etc.: OTHER RELEVANT PLATFORM INFO

What you did

I'm working on packaging passbolt_api for NixOS and I've ran into an issue with composer files not being validated correctly. Hence I got stuck.

I can patch the nix package in order to use 1.0.2 in order to make progress but if upstream could upgrade duo_universal_php it would be better so I do not have to maintain downstream patches for the package.

Here is the new release : https://github.com/duosecurity/duo_universal_php/releases/tag/1.0.2

What happened

/tmp/nix-build-passbolt-4.4.2-composer-repository.drv-0/source ❯ for x in $(find -iname 'composer.json')
                                                                                  composer validate --strict --no-ansi --no-interaction $x
                                                                              end
./repository/thecodingmachine/safe/v1.3.3/composer.json is valid
./repository/symfony/string/v5.4.22/composer.json is valid
./repository/symfony/service-contracts/v1.1.2/composer.json is valid
./repository/symfony/process/v5.4.11/composer.json is valid
./repository/symfony/polyfill-php81/v1.27.0/composer.json is valid
./repository/symfony/polyfill-php80/v1.27.0/composer.json is valid
./repository/symfony/polyfill-php73/v1.27.0/composer.json is valid
./repository/symfony/polyfill-mbstring/v1.27.0/composer.json is valid
./repository/symfony/polyfill-intl-normalizer/v1.27.0/composer.json is valid
./repository/symfony/polyfill-intl-grapheme/v1.27.0/composer.json is valid
./repository/symfony/polyfill-ctype/v1.27.0/composer.json is valid
./repository/symfony/finder/v5.4.17/composer.json is valid
./repository/symfony/filesystem/v5.4.23/composer.json is valid
./repository/symfony/deprecation-contracts/v2.5.2/composer.json is valid
./repository/symfony/console/v5.4.24/composer.json is valid
./repository/symfony/config/v5.4.21/composer.json is valid
./repository/spomky-labs/otphp/v10.0.3/composer.json is valid
./repository/singpolyma/openpgp-php/dev-master/composer.json is valid
./repository/seld/signal-handler/2.0.1/composer.json is valid
./repository/seld/phar-utils/1.2.1/composer.json is valid but your composer.lock has some errors
# Lock file errors
- The lock file is not up to date with the latest changes in composer.json, it is recommended that you run `composer update` or `composer update <package name>`.
./repository/seld/jsonlint/1.9.0/composer.json is valid
./repository/robmorgan/phinx/0.x-dev/composer.json is valid
./repository/react/promise/v2.9.0/composer.json is valid
./repository/ramsey/uuid/4.2.3/composer.json is valid
./repository/ramsey/collection/1.2.2/composer.json is valid
./repository/psr/simple-cache/1.0.1/composer.json is valid
./repository/psr/log/1.1.4/composer.json is valid
./repository/psr/http-server-middleware/1.0.2/composer.json is valid
./repository/psr/http-server-handler/1.0.2/composer.json is valid
./repository/psr/http-message/1.1/composer.json is valid
./repository/psr/http-factory/1.0.2/composer.json is valid
./repository/psr/http-client/1.0.2/composer.json is valid
./repository/psr/container/2.0.2/composer.json is valid
./repository/phpseclib/phpseclib/3.0.19/composer.json is valid
./repository/paragonie/random_compat/v9.99.100/composer.json is valid
./repository/paragonie/constant_time_encoding/v2.6.3/composer.json is valid
./repository/mobiledetect/mobiledetectlib/2.8.41/composer.json is valid
./repository/lorenzo/cakephp-email-queue/5.1.0/composer.json is valid
./repository/longwave/laminas-diactoros/2.14.2/composer.json is valid
./repository/league/mime-type-detection/1.11.0/composer.json is valid
./repository/league/flysystem/2.5.0/composer.json is valid
./repository/league/container/4.2.0/composer.json is valid
./repository/laminas/laminas-httphandlerrunner/2.2.0/composer.json is valid
./repository/justinrainbow/json-schema/5.2.12/composer.json is valid
./repository/imagine/imagine/1.3.3/composer.json is valid
./repository/firebase/php-jwt/v6.3.2/composer.json is valid
./repository/enygma/yubikey/dev-master/composer.json is valid
./repository/duosecurity/duo_universal_php/1.0.1/example/composer.json is valid for simple usage with Composer but has
strict errors that make it unable to be published as a package
See https://getcomposer.org/doc/04-schema.md for details on the schema
# Publish errors
- name : The property name is required
- description : The property description is required
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
- require.slim/slim : exact version constraints (4.7.1) should be avoided if the package follows semantic versioning
- require.slim/psr7 : exact version constraints (1.3.0) should be avoided if the package follows semantic versioning
- require.slim/php-view : exact version constraints (3.0.0) should be avoided if the package follows semantic versioning
- require.bryanjhv/slim-session : exact version constraints (4.0) should be avoided if the package follows semantic versioning
- require.duosecurity/duo_universal_php : unbound version constraints (@dev) should be avoided
./repository/duosecurity/duo_universal_php/1.0.1/composer.json is valid, but with a few warnings
See https://getcomposer.org/doc/04-schema.md for details on the schema
# General warnings
- No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
./repository/donatj/phpuseragentparser/v1.7.0/composer.json is valid
./repository/dasprid/enum/1.0.3/composer.json is valid
./repository/composer/xdebug-handler/3.0.3/composer.json is valid
./repository/composer/spdx-licenses/1.5.7/composer.json is valid
./repository/composer/semver/3.3.2/composer.json is valid
./repository/composer/pcre/2.1.0/composer.json is valid
./repository/composer/metadata-minifier/1.0.0/composer.json is valid
./repository/composer/composer/2.6.4/composer.json is valid
./repository/composer/class-map-generator/1.0.0/composer.json is valid
./repository/composer/ca-bundle/1.3.6/composer.json is valid
./repository/cakephp/plugin-installer/1.3.1/composer.json is valid
./repository/cakephp/migrations/dev-master/composer.json is valid
./repository/cakephp/chronos/2.4.0/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Validation/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Utility/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/ORM/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Log/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/I18n/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Http/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Form/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Filesystem/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Event/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Datasource/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Database/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Core/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Console/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Collection/composer.json is valid
./repository/cakephp/cakephp/4.4.18/src/Cache/composer.json is valid
./repository/cakephp/cakephp/4.4.18/composer.json is valid
./repository/cakephp/authentication/2.9.0/composer.json is valid
./repository/brick/math/0.9.3/composer.json is valid
./repository/beberlei/assert/v3.3.2/composer.json is valid
./repository/bcrowe/cakephp-api-pagination/3.0.0/composer.json is valid
./repository/bacon/bacon-qr-code/2.0.8/composer.json is valid
./composer.json is valid, but with a few warnings
See https://getcomposer.org/doc/04-schema.md for details on the schema
# General warnings
- The package "cakephp/migrations" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.
- The package "robmorgan/phinx" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.
- The package "singpolyma/openpgp-php" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.
- The package "enygma/yubikey" is pointing to a commit-ref, this is bad practice and can cause unforeseen issues.

What you expected to happen

All composer files should be valid.

[AkechiShiro]

Additionally phar_utils may also need some correction.

Also, here the error build I'm getting :

Executing composerRepositoryCheckHook

ERROR: composer files validation failed

The validation of the composer.json and composer.lock failed.
Make sure that the file composer.lock is consistent with composer.json.

note: keeping build directory '/tmp/nix-build-passbolt-4.4.2-composer-repository.drv-0'
error: builder for '/nix/store/sdcbqcllqgynd07ixcgiighgjc6gcxry-passbolt-4.4.2-composer-repository.drv' failed with exit code 1;
       last 10 log lines:
       > Local repository has been successfully created in /build/source/repository
       > Finished composerRepositoryBuildHook
       > Running phase: checkPhase
       > Executing composerRepositoryCheckHook
       >
       > ERROR: composer files validation failed
       >
       > The validation of the composer.json and composer.lock failed.
       > Make sure that the file composer.lock is consistent with composer.json.
       >
       For full logs, run 'nix log /nix/store/sdcbqcllqgynd07ixcgiighgjc6gcxry-passbolt-4.4.2-composer-repository.drv'.

And also the check is run from this https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/php/hooks/composer-repository-hook.sh#L69

[ishanvyas22]

Thanks @AkechiShiro for bringing it to our attention. We have created internal ticket(PB-29376) to tackle this problem.

[AkechiShiro]

Thanks @dlen @ishanvyas22 when will this commit (8a8defe land into a release ? Is there any release schedule ?

[dlen]

it is already part of the latest release https://github.com/passbolt/passbolt_api/releases/tag/v4.5.2