Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace ircmaxell/random-lib with paragonie/random-lib. #2

Merged
merged 6 commits into from
Oct 17, 2018
Merged

Replace ircmaxell/random-lib with paragonie/random-lib. #2

merged 6 commits into from
Oct 17, 2018

Conversation

rayward
Copy link
Member

@rayward rayward commented Oct 17, 2018

RandomLib is unmaintained and throws lots of warnings on PHP 7.1 which cause test failures for bigcommerce/bigcommerce when building on 7.1. ircmaxell/RandomLib#55

Paragonie has forked the library and fixed that and some other issues: https://github.com/paragonie/RandomLib/releases/tag/v2.0.0

Additionally, I've marked this repo as a replacement for deflydev/hawk so we can just drop it wherever we require.

@precariouspanther

Adam - was there anything blocking updating the BC app previously with this repo?

@rayward
Copy link
Member Author

rayward commented Oct 17, 2018

Current usage of dflydev/hawk:

$ composer why -rt ircmaxell/random-lib
ircmaxell/random-lib v1.2.0 A Library For Generating Secure Random Numbers
└──dflydev/hawk dev-master (requires ircmaxell/random-lib ^1.0@dev)
   ├──bigcommerce/bigcommerce dev-test-php7.1 (requires dflydev/hawk dev-master#189dd738da21bd9906ff6d955b1e51bcbdbafcc6)
   ├──bigcommerce/hawk-guzzle-plugin 1.0.0 (requires dflydev/hawk dev-master#189dd738da21bd9906ff6d955b1e51bcbdbafcc6)
   │  └──bigcommerce/bigpay-client 3.2.3 (requires bigcommerce/hawk-guzzle-plugin 1.0.0)
   │     └──bigcommerce/bigcommerce dev-test-php7.1 (requires bigcommerce/bigpay-client 3.2.3)
   └──bigcommerce/science-client 0.0.12 (requires dflydev/hawk dev-master#189dd738da21bd9906ff6d955b1e51bcbdbafcc6)
      └──bigcommerce/bigcommerce dev-test-php7.1 (requires bigcommerce/science-client 0.0.12)

Composer seems content with me replacing hawk with this repo and ignoring that commit "locking" in the dependencies:

diff --git a/composer.json b/composer.json
index d272a08057..e82c45941f 100644
--- a/composer.json
+++ b/composer.json
@@ -42,7 +42,8 @@
     { "type": "vcs", "url": "https://github.com/bigcommerce/grpc-php" },
     { "type": "vcs", "url": "https://github.com/bigcommerce/twig.js", "replace": { "jms/twig-js": "*" } },
     { "type": "vcs", "url": "https://github.com/bigcommerce/translation" },
-    { "type": "vcs", "url": "https://github.com/bigcommerce/migrating-redis-client" }
+    { "type": "vcs", "url": "https://github.com/bigcommerce/migrating-redis-client" },
+    { "type": "vcs", "url": "https://github.com/rayward/hawk", "replace": { "dflydev/hawk": "*" } }
   ],
   "autoload": {
     "psr-4": {
@@ -121,7 +122,7 @@
     "stripe/stripe-php": "v4.0.0",
     "psr/log": "1.0.0",
     "monolog/monolog": "~1.10",
-    "dflydev/hawk": "dev-master#189dd738da21bd9906ff6d955b1e51bcbdbafcc6",
+    "bigcommerce-labs/hawk": "dev-update-random-lib",
     "paypal/permissions-sdk-php":"v3.9.1",
     "paypal/sdk-core-php": "v3.3.1",
     "braintree/braintree_php" : "3.31.0",

$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 2 installs, 12 updates, 1 removal
  - Removing ircmaxell/random-lib (v1.2.0)
  - Installing paragonie/sodium_compat (v1.7.0): Downloading (100%)
  - Installing paragonie/random-lib (v2.0.0): Downloading (100%)
  - Updating bigcommerce-labs/hawk (dev-master 189dd73 => dev-update-random-lib 0971e6d):  Checking out 0971e6d65f
  - Updating jaybizzle/crawler-detect (v1.2.69 => v1.2.71): Downloading (100%)
  - Updating neitanod/forceutf8 (v2.0.1 => v2.0.2): Downloading (100%)
  - Updating google/apiclient-services (v0.70 => v0.72): Downloading (100%)
  - Updating applitools/eyes.sdk.php dev-master (4d95679 => 6afc846):  Checking out 6afc846005
  - Updating bigcommerce/bc-interfaces-core-php dev-master (a7b7b06 => c813e6f):  Checking out c813e6f9e6
  - Updating bigcommerce/bc-interfaces-php dev-master (a5788fd => 18b2299):  Checking out 18b2299198
  - Updating bigcommerce/platform-api-schema dev-master (8a1c7ca => fbd110e):  Checking out fbd110e1fd
paragonie/sodium_compat suggests installing ext-libsodium (PHP < 7.0: Better performance, password hashing (Argon2i), secure memory management (memzero), and better security.)
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
Package liip/monitor is abandoned, you should avoid using it. Use zendframework/zenddiagnostics instead.
Package sebastian/git is abandoned, you should avoid using it. No replacement was suggested.
Writing lock file
Generating autoload files
ocramius/package-versions:  Generating version class...
ocramius/package-versions: ...done generating version class

precariouspanther
precariouspanther approved these changes Oct 17, 2018
View reviewed changes
Copy link

@precariouspanther precariouspanther left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, looks good to me. 👍

@rayward rayward merged commit 7783ab9 into bigcommerce:master Oct 17, 2018
@rayward rayward deleted the update-random-lib branch October 17, 2018 02:13
@rayward rayward changed the title Replacement ircmaxell/random-lib with paragonie/random-lib. Replace ircmaxell/random-lib with paragonie/random-lib. Oct 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@precariouspanther precariouspanther precariouspanther approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rayward @precariouspanther